Having pulled the Windows Recall feature for Copilot+ PCs, Microsoft brings it back as opt-in only, redesigned for privacy and security

Somewhat inconveniently timed for our weekend, Microsoft is re-releasing the recalled Windows Recall feature, redesigned to be opt-in only.

The June launch of Windows Recall for the new Copilot+ range of PCs with built-in artificial intelligence features and Qualcomm Arm architecture processors was, without being unkind to Microsoft, an embarrassing fiasco.

To recap, Recall creates screenshots of just about everything you see and do your computer. It was originally enabled by default, and Microsoft tried to sell it as a great feature that lets you easily find stuff on your computer - which is true, being able to replay what you did via a time-line sounds potentially useful.

However, when security researchers heard about Recall, they were aghast. The database that stored the screen- or snapshots that Recall would take frequently, every few seconds, wasn't encrypted. Needless to say, that database would be a juicy target for malware attacks, as it was likely to contain some valuable information for digital miscreants to exploit.

Microsoft isn't giving up on Recall however, and there's an updated version arriving now. The differences are:

• Recall is opt-in (and remember, for Copilot+ PCs only).
• Users are expressly told and have to enable the Recall snapshots.
• Recall can be completely uninstalled.
• In-private browsing snapshots are not saved, with the Microsoft Edge, Mozilla Firefox, Opera, Google Chrome and other Chromium based browsers supported.
• Specific apps and websites accessed in the above browsers can be filtered out from Recall.
• Users can control how long Recall content is retained, and how much disk space to allocate for it.
• Sensitive content filtering is on by default. That means passwords, national identification numbers (!) and credit card details are not stored by Recall.
• Users can delete select items from Recall that they don't want saved.
• A little system tray icon will show when screenshots are saved, and it can be used to pause the activity.
• The database for Recall snapshots is now encrypted, and the digital keys for that are protected via the hardware Trusted Platform Module (TPM) in Copilot+ PCs.
• The keys are tied the Windows Hello enhanced security sign-in, and can only be used via the virtualised Security Enclave on the operating system. This is well geeky, but should be very secure, preventing access to the keys by other users.
• Furthermore, the virtualisation based security enclaves will also run the Recall screenshots and other data, for additional protection.

As Microsoft's David Weston puts it: "[VBS Enclaves act] like a locked box that can only be accessed after permission is granted by the user through Windows Hello."

Neither the Windows kernel, the top level piece of code that runs the computer, can access hardware, and which provides services to applications, nor admin users can get into VBS Enclaves.

Recall will be available through the Windows Insider preview programme that users have to opt into, in October.