At its Build 2024 conference, Microsoft unveiled a new AI trick for Windows PCs—one that can help users locate or remember details from their digital past. It could be looking for a PDF file worked on a couple of weeks ago. Or perhaps finding the name of a restaurant recommended by a friend earlier this year. Called Microsoft Recall, this feature could save you many lost minutes trying to hunt down whatever’s eluding your memory.
Yet even before its launch, Microsoft Recall is already giving security experts indigestion. Underneath the futuristic shine, Recall comes with a potential massive hit to user privacy—and by extension, security.
Here are the reasons for the unease, echoed by many security experts this week—and what you should do when you finally encounter Microsoft Recall in the wild.
1) It watches and records everything you do on your PC
Microsoft
Microsoft
Microsoft
When active, Microsoft Recall monitors your every move while you’re on your computer, capturing screenshots every five seconds as your screen changes. Local AI helps Windows determine when you’ve done something different enough to warrant a screengrab.
Local AI also assists in parsing the images to extract text, so that details can be offered as search results whenever you decide you want to look up, say, the green jacket you saw online a few weeks ago.
By default, Microsoft Recall will commandeer anywhere between 25GB to 150GB on your storage drive—up to about three months worth of data. Nothing is sacred, either. Passwords, tax details, and other sensitive details (really, anything you do) are fair game. To protect some of your privacy, you must manually exclude websites, private browsing sessions (if you don’t use Edge), and applications from Recall’s reach.
Even then, according to Microsoft’s own help files, you can still end up with possible a paper trail of your activity in excluded apps, websites, and private browsing windows. In a couple of scenarios, screenshots are still taken and saved as temporary files, then deleted. Deleted files (and any remaining Recall snapshots) can theoretically be recovered from a storage drive by anyone who can access your Windows account — include hackers and other people in your household. More on that later.
2) It’s on by default
Microsoft says it informs users about Recall during setup of compatible PCs, and lets them change the settings or turn off the feature entirely at that time, too.
But practically speaking, most people blaze through initial setup screens. Many even skip right over those interstitial screens without really reading them. The result will eventually be thousands (if not millions) of people unaware Microsoft Recall is capturing all their activity.
3) Security measures only go so far
BitLocker and Device Encryption in Windows will encrypt your data, but if you’re logged in, whatever you access is decrypted for use.
BitLocker and Device Encryption in Windows will encrypt your data, but if you’re logged in, whatever you access is decrypted for use.
PCWorld
BitLocker and Device Encryption in Windows will encrypt your data, but if you’re logged in, whatever you access is decrypted for use.
PCWorld
PCWorld
To mitigate the huge privacy risk posed by a collection of screenshots chronicling every bit of user activity, Microsoft offers two protections. The first is keeping everything local to your PC. No data is shared with cloud servers or Microsoft directly. In fact, you don’t even need an internet connection for this feature to work. Other users on the same computer also can’t access your Recall screenshots.
Second, Microsoft encrypts all Recall images using either Device Encryption or BitLocker (Windows Home vs Windows Pro, respectively).
Neither defense is bulletproof, however. Local processing doesn’t mean local access only—in general, your PC’s contents can be viewed remotely. And if you’re logged into your Windows account when an attacker infiltrates your PC, your files won’t be protected by encryption. They’ll be automatically decrypted when accessed. Make sure your antivirus defenses are up if you plan to use Recall so you have help keeping hackers away from all those snapshots!
4) Searching your activity history cuts both ways
Microsoft Recall can help you remember everything you did last week…and it can equally tell someone else everything you did last week. One is useful, and the other is potentially dangerous—particularly in abusive relationships, where one person may not have the ability to keep their account access solely to themselves. (Or may not know it’s been compromised.) We’ve seen similar outcomes with other tracking technology.
How to make Microsoft Recall safer
Microsoft
Microsoft
Microsoft
First—not everyone will get Microsoft Recall, which is still in a preview phase. Only those with Copilot+ PCs (which currently extend to just upcoming Snapdragon X Elite and X Plus computers) will get this feature, though it’s expected to be available on new Intel and AMD laptops with more powerful NPUs later this year.
If you are in that camp, the easiest move is to turn off Microsoft Recall all together. Head to Settings > Privacy & security > Recall & snapshots, then untoggle Save snapshots.
If you choose to leave it on, take a moment to configure which apps and websites are fair game, and which are blocked. Chrome and Firefox users should also turn on automatic blocking of private browser windows. (Only Edge’s InPrivate windows are excluded by default.)
You can also choose to reduce how much storage is allocated for Recall screenshots (though that will limit how far back the feature will be able to search).
Microsoft Recall isn’t inherently a terrible feature—but it could be used against you when it goes public, if you’re not careful. Security researchers have already expressed a keen interest in trying to crack this tool, and malicious actors are no doubt smacking their lips at the prospect as well.
Further reading: Windows includes built-in ransomware protections. Here’s how to turn it on
