We’d also like there to be a way for apps to tell Recall to exclude them by default, which would be useful for password managers, encrypted messaging apps, and any other software where privacy is meant to be the point. Yes, users can choose to exclude these apps from Recall backups themselves. But as with Recall itself, opting in to having that data collected would be preferable to needing to opt out.
You need a fingerprint reader or face-scanning camera to get Recall set up, but once it is set up, anyone with your PIN and access to your PC can get in and see all your stuff.
Credit:
Andrew Cunningham
Another issue is that, while Recall does require a fingerprint reader or face-scanning camera when you set it up the very first time, you can unlock it with a Windows Hello PIN after it’s already going.
Microsoft has said that this is meant to be a fallback option in case you need to access your Recall database and there’s some kind of hardware issue with your fingerprint sensor. But in practice, it feels like too easy a workaround for a domestic abuser or someone else with access to your PC and a reason to know your PIN (and note that the PIN also gets them into your PC in the first place, so encryption isn’t really a fix for this). It feels like too broad a solution for a relatively rare problem.
Security researcher Kevin Beaumont, whose testing helped call attention to the problems with the original version of Recall last year, identified this as one of Recall’s biggest outstanding technical problems.
“In my opinion, requiring devices to have enhanced biometrics with Windows Hello but then not requiring said biometrics to actually access Recall snapshots is a big problem,” Beaumont wrote. “It will create a false sense of security in customers and false downstream advertising about the security of Recall.”
Beaumont also noted that, while the encryption on the Recall snapshots and database made it a “much, much better design,” “all hell would break loose” if attackers ever worked out a way to bypass this encryption.