Microsoft makes a security case for the recovery feature of the much-maligned Copilot Plus remote control

On Friday, in a detailed blog post, Microsoft’s vice president of enterprise and operating systems security, David Weston, provided an update on how security works in the controversial Recall search feature that will be available on the new Copilot Plus computers. The feature, which uses artificial intelligence to help users visually search through snapshots of their past computer activity, was met with significant backlash after it was announced in May.

In the blog post, Weston details some of the security features Recall will have once it begins rolling out, in an apparent attempt to demonstrate that concerns about its underlying security and privacy controls have been overblown.

Read more: Microsoft’s AI Restore feature may not even make it to your PC, but here’s how to turn it off

Weston emphasizes at the beginning of the post that Recall is an optional feature and that snapshots are not taken or stored until the user enables Recall.

“You’re always in control and can delete, pause, or turn off snapshots at any time,” Weston writes. “Any future user sharing options will require fully informed, explicit action on the part of the user.”

Read more: Microsoft’s controversial Windows discontinuation will hit testers in October

It also writes that snapshots are not shared with Microsoft, third parties, or even other users of the same computer.

However, the post makes no mention of the ability to completely uninstall the software options from your Copilot Plus computer. In an interview with The Verge, Weston confirmed that this option will be available.

“If you choose to uninstall it, we will remove the pieces from your machine,” Weston said. The uninstall will include AI models that inform Recall.

Weston also says that sensitive data is always encrypted in Recall, and that screenshots and related data are isolated and local, and only accessible when logged in to Windows Hello Enhanced Sign-in Security. It also only works on Copilot Plus computers that meet Microsoft’s “secure core standard.” The post includes illustrations of Recall’s security architecture.

According to the post, the company has an internal team working on design reviews and penetration testing, an external vendor handling the same, and a Responsible AI Impact Assessment has been conducted.