I Can’t Recall a Win-Win Like This (Premium)

In June, Microsoft delayed the controversial Copilot+ PC feature Recall, appeasing critics by making some concessions to their concerns. A more nuanced view of those concessions revealed something interesting, however: The only meaningful change it made–aside from the delay–was to make Recall truly opt-in. Previously, it would have been enabled by default and users would need to opt-out after setting up their Copilot+ PC for the first time.

Microsoft is no stranger to enshittification. Indeed, it has taken this strategy to new heights by enabling OneDrive Folder Backup silently in the background after users explicitly decline multiple requests to turn on this feature, part of a broader effort undermining Windows 11. But even with this experience still heavy in my mind, I was taken aback by the reaction in the community to Recall, a feature that is so obviously useful and even necessary for so many users. This year, Recall became the poster child for a disturbing trend I’ve seen escalate in recent years in which the most technical people are paradoxically the most resistant to change. And even more resistant facts, logic, and common sense.

My stance on Recall is consistent with the way I approach everything in personal technology. Microsoft, like Apple, Google, and other Big Tech players, is a terrible company that will compromise its products and services to feed the Wall Street beast, the very definition of enshittification. But like all of you, I also deal with the reality of these companies and use their products and services every day.

Trust is a tough word to use when describing these companies. But I do–and you do–trust them to some degree. For example, I trust Microsoft to secure my PCs using various hardware and software solutions, and I trust them with my private data in the cloud, just as I trust both Apple and Google with it as well. I do what I can to secure access to this data, of course. But in the end, there is an element of trust there as well. Just as a I trust the flight crew of a plane or, more implicitly, the drivers around me on the road. What choice do we have?

But some clearly don’t trust Microsoft and in profound ways. They commingle objectively terrible policies like enabling OneDrive Folder Backup behind our backs with fears about our inherent data sovereignty rights. But I see these as different things. I may not want to enable Folder Backup, may feel that doing so or not is my decision, not Microsoft’s. But in the end, enabling Folder Backup is a net win for data protection, as it ensures that the contents of the affected folders isn’t locked to that one device, it’s also backed up–really, synced–to the cloud. The cloud that I trust Microsoft to protect from attackers. Put a different way, I can dislike this policy, and I do. But I can also trust Microsoft to protect my data, and I do. These things are not mutually exclusive.

In any event, critics of Microsoft who are stuck using Windows and their other offerings, and critics of Recall for reasons real or imagined should haven accepted the June delay as the good news it was: Microsoft promised to make some changes to this feature, few of which seemed material at the time, but making Recall opt-in is a win for everyone. Literally: Even those who would otherwise blindly trust Microsoft with anything–and might stupidly opt-in to additional tracking in Windows 11 and Edge–benefit from having to make this choice explicitly. It’s better to know what you’re getting into, and if you don’t want to use Recall, good news, you don’t have to.

Will Microsoft one day silently enable Recall just as they still, one year later, silently enable OneDrive Folder Backup? I suppose that’s always a concern, though Microsoft is now saying it will not do so. But as with Folder Backup, I would be unhappy with that happening while conversely knowing that my data, at least, is as safe as it can be. This was true in May when they announced Recall. It was true in June when they delayed it. And it’s true now that Recall is finally going to start rolling out in Preview soon.

It’s been over three months since Microsoft delayed Recall. Windows 11 version 24H2 will begin its ridiculous, tortured roll-out to supported PCs any day now, because nothing with this team can be consistent or logical anymore. And now Microsoft is providing more details about the additional security protections it’s put in place, over and above the incredible Windows Hello Enhanced Sign-In Security features and other controls that literally obviated all the original complaints back in May. To my eyes, this reads just like Microsoft’s June missives, in that most of it are things that it was already doing masked as concessions to critics. But whatever. A win is a win is a win.

To the cynical, Microsoft is engaging in theater. Theater that’s designed to make its critics believe that it’s made substantive changes to Recall, that it’s listened. But this is important from a PR perspective: That the tech press and blogosphere didn’t just run with the Recall security issues as a story but in fact amplified them as fact is a failure by my colleagues. That happened. That happened during a time in which Microsoft promised it was once again serious about security, and this time they really mean it. And now Microsoft needs to defuse that bomb.

To do so, Microsoft has revealed more details about how it secures Recall. There are a few new bits in there, but much of that reads like things it would have done during the initial preview phase anyway. Which I think is the point: Where others are positioning this as changes Microsoft made in response to criticisms, Microsoft does not explain it that way. Indeed, nowhere in its announcement does it thank or even reference the people who reported supposed issues with Recall back in the Spring. I think that’s an important point, as what those people did was irresponsible and wrong, and more about self-promotion than anything else.

In any event, here is how Microsoft describes how it it secures Recall.

Recall will be opt-in, not optional. This isn’t new: Microsoft announced this change in June.

You can uninstall Recall. This is new, and contrary to what Microsoft said previously.

Recall snapshots will be encrypted and access is protected by a Secure VBS enclave. This is not new. As I noted back in June, this was always going to be the case: The original May documentation for this feature literally said at the time that Recall data was encrypted and and protected by Windows Hello ESS, which leverages “specialized hardware and software components, such as Virtualization Based Security (VBS) and Trusted Platform Module 2.0.” What it’s emphasizing now is that this fact means no one–not Microsoft, not other users on the PC, not hackers–can access the information Recall collects. But that was always the case. And was always the point of requiring Windows Hello ESS.

Access to Recall data will require Windows Hello (ESS) authentication every single time. It’s not clear if this is new, but it’s the right idea and is consistent with other secure data access: Just as you authenticate each time you access Microsoft Authenticator on your phone, you should authenticate each time you access Recall on your PC.

What happens in Recall stays in Recall, and only on that one PC. Recall is a per-PC feature and cannot sync between PCs or to the cloud. This was always the case, so there’s nothing new here. (Microsoft told me separately it was looking into this functionality for later, though one wonders now given the drama.)

Recall will only work on Copilot+ PCs. This is interesting: I complained back in May/June that the security researchers who ripped Recall out of Windows Insider builds to use it on normal PCs weren’t getting the security protections that only Copilot+ PCs offer, rendering their concerns moot. But now Microsoft won’t even allow that: Recall will only work when all the necessary security protections–Windows Hello ESS, and so on–are present and correctly configured.

Recall underwent penetration testing. Recall as announced in May already met Microsoft’s Secure Future Initiative (SFI) requirements, the company claims, go figure. But now it has spent a few months doing penetration testing on Recall with a third-party security vendor to ensure it’s working properly. Presumably, it is.

Recall filtering was improved. Recall was always going to let you filter out apps and websites, but now that feature is more sophisticated, and contrary to previous assertions–Microsoft had said that snapshots couldn’t hide sensitive information like passwords or account numbers–it will now automatically filter out passwords, credit card numbers, and other sensitive information. This is an addition it now says it intended to make before Recall’s non-preview release, so it was going to happen regardless.

And that’s it. For all the architectural diagrams and explanatory text, the net result is a few minor changes, most of which would have happened in this time frame anyway. There are no surprises, and it all makes sense. This is arguably what Microsoft should have documented when it announced Recall in May. But at least we have the information now.

Look, I’m as cynical as the next guy, but I view this whole episode as a “making lemonade” situation. Microsoft inexplicably didn’t predict the vehement, negative response that Recall received from the technical part of the community. And while the non opt-in changes are minor or, in some cases imaginary (i.e. are things Microsoft was already doing), this is still good news.

Hopefully, these revelations will appease some critics, But none of this will negatively impact those who would have embraced and used Recall immediately had it been released, as planned, back in June.

This is the definition of win-win. Let’s celebrate that together.