update: Disable Windows Recall in gpedit guide #2932
Conversation
✅ Your preview is ready!
|
|
I don't think this is finished? |
| <div class="admonition info" markdown> | ||
| <p class="admonition-title">Windows Recall</p> | ||
|
|
||
| Windows 11 recently introduced a feature called **Recall**, which records all your activity and creates a searchable archive of that activity history. This is a massive privacy vulnerability, because those archives can potentially store highly sensitive information (essentially anything displayed on your screen), and can be trivially accessed by local administrators or malicious actors with user-level access to your device. |
There was a problem hiding this comment.
Recall doesn't let other users access your info and it's stored encrypted, protected by the TPM and biometrics. It's definitely not true that it can be trivially bypassed. It also by default tries to exclude sensitive data like passwords and credit cards, and you can tell it to exclude certain sensitive apps like a web browser or messenger. I think info on how to disable it is fine but maybe some more info on the different settings and how to configure it might be useful as well.
There was a problem hiding this comment.
this is the only available setting related to Recall in gpedit as far as I can tell, so there are no additional configuration settings to talk about in this particular guide.
github-project-automation
bot
moved this from Unreviewed
to Needs Changes
in PR Review Status
|
@ph00lt0 what isn't finished? |
These instructions are based on these and I haven't tested them myself (not on Windows): https://docs.security.tamu.edu/docs/endpoint-security/Policies/MSRecall/
I am going to keep this marked as a draft until someone with Windows 11 confirms it's accurate, or I fire up a Windows computer somewhere and check myself. If someone can let me know that'd be great :)