What do you want to do when you do security? Ask your Microsoft CEO what you’re going to do next, or why you should do security first, and what you can do about it

“As we always do, we will continue to listen to and learn from our customers, including consumers, developers and enterprises, to evolve our experiences in ways that are meaningful to them,” says Davuluri “We will continue to build these new capabilities and experiences for our customers by prioritizing privacy, safety and security first. We remain grateful for the vibrant community of customers who continue to share their feedback with us.”

“We are updating the set-up experience of Copilot+ PCs to give people a clearer choice to opt-in to saving snapshots using Recall,” reads a blog post from Pavan Davuluri Microsoft’s Corporate Vice President, Windows + Devices. It will be automatically off if you don’t turn it on.

Microsoft has made changes to the way it stores and gives access to its database after cybersecurity expert Kevin Beaumont discovered they are only storing data in plain text. That could have made it easy for malware authors to create tools that extract the database and its contents. There are a number of tools that promise to exfiltrate recall data.

Microsoft CEO Satya Nadella even called on employees to make security Microsoft’s “top priority” recently, even if that means prioritizing it over new features. “If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security,” said Nadella (emphasis his) in an internal memo obtained by The Verge. In some cases this will mean that we focus on security over other things, such as releasing features or providing ongoing support for legacy systems.

“What is your computer?” by Dave Aitel, an Attorney General at the Center for National Security Research (CERN-WFI 2006-08), New York, May 27

You can either use your face, fingerprints or a PIN in order to regain access to Windows Hello. proof of presence is also required to view your timelines and search in recall, so someone won’t be able to start searching without authenticating first.

The security and privacy community have criticized the changes, which include Recall, which is described as a gift to hackers: essentially pre-installed spyware built into new Windows.

“It makes your security very fragile,” as Dave Aitel, a former NSA hacker and founder of security firm Immunity, described it—more charitably than some others—to WIRED earlier this week. “Anyone who penetrates your computer for even a second can get your whole history. Which is not something people want.”