Microsoft Recall: What it Does, Privacy Concerns, & Benefits to the User
Nearing the end of May 2024, Microsoft announced “CoPilot+ PCs.” These PCs run Windows 11 on Arm using the latest Snapdragon chips in response to the success Apple had in switching to their Arm systems. Several new benefits were promised including increased performance, improved battery life, and the topic of today’s article, Recall.
Recall works by using an on-device NPU exclusive to CoPilot + PCs. This NPU allows for more complex tasks to be completed efficiently and completely on device thanks to the Arm architecture and Snapdragon chips. Reall takes screenshots of a user’s screen “every few seconds,” which are stored exclusively on device according to Microsoft. (It should be noted that this hasn’t been validated independently as of the writing of this article.) A user can then ask Recall what they were doing by searching for something such as “leather bag.” If they had searched this the previously with Recall enabled, the user would be able to easily search and find that item using onboard AI.
Upon being announced, Recall was to be on by default in CoPilot+ PCs. However, due to user backlash, Microsoft has changed Recall to an opt-in feature. Users can enable the feature and control various settings such as websites or apps not to be tracked in Windows 11’s settings application. It is highly likely that users will be encouraged to enable the feature through the use of OS pop-ups and in the initial setup process.
Microsoft claims screenshots are encrypted on device and never leave the device, but privacy advocates have still shown concern over Recall. For starters, unless you are in a private browsing window in a Chromium-based browser, Recall will take images of your usernames and passwords for various sites.
Other personal and private information may also be captured if they aren’t excluded by the user in settings. Websites can only be excluded from Recall if the user is using Microsoft’s Edge browser as of now. This means it is incredibly valuable to protect your PC with a strong password, biometrics if available, and trusted anti-virus software. It is highly discouraged to share a Windows profile with another user as they will be able to access your entire Snapshot history, which potentially includes sensitive information.
Early previews of the feature have also revealed Recall acts like a keylogger, storing essentially every activity completed on your PC in plain text.
In summary, Recall is an opt-in feature on select Windows 11 PCs that allows the user to find previous activities completed on their PC quickly and efficiently. Recall uses “secure” and on-device AI that never leaves your PC, according to Microsoft.
It is recommended that users enabling this feature block sensitive apps and websites from Recall in settings, enable a strong password or Windows Hello if available, use a trusted antivirus software (as a hacker could access all Recall info if malware is installed on a user’s PC), and don’t share a PC with another user in that specific user’s profile.
As of the end of August 2024, Microsoft has delayed Recall to work on security vulnerabilities and plans to launch Recall later this year.