Microsoft announced on April 10 it would begin “gradually” rolling out its controversial Recall feature to more Windows Insiders. The feature captures snapshots of a user’s activity on their Copilot+ PC, allowing them to ask natural language questions about past actions. It then uses generative AI to search through that activity and provide relevant answers.
Microsoft had originally planned to launch a public preview of Recall last June, but delayed the rollout multiple times following community backlash. Concerns were raised about how easily an attacker could access a user’s activity database, the lack of safeguards to obscure sensitive information within that database, and the absence of a proper Insider testing phase, suggesting the feature was rushed to release.
A preview version of Recall was eventually released to Windows Insiders in December via the Dev Channel. Now, Microsoft is expanding the rollout to the Release Preview Channel after months of additional testing and with new security features. Eligible Insiders must install the Windows 11 version 24H2 update (Build 26100.3909) and have a compatible Copilot+ device to access the feature.
How Microsoft is ensuring Recall’s security
Recall turned off by default and can be uninstalled entirely
After installing the update, users will be presented with a setup screen that describes Recall and asks if you would like to turn it on. They will also need to opt in a second time when setting up Recall later. The feature was originally going to be active by default, which drew criticism from the Windows community. Note that enabling Recall for one user does not activate it for other accounts on the same PC.
If a user doesn’t want Recall on their device at all, it can be uninstalled through the Windows Features control panel. It can also be temporarily paused by clicking the system tray icon that appears whenever it is turned on.
Filters for incognito browsers and some sensitive information
Recall has always had the option to exclude specific apps and sites from being captured in its activity screenshots, but now it goes a step further: most browsers running in incognito or private mode are now automatically excluded too. Note that windows not running in incognito mode will not be captured if they are open simultaneously with an incognito browser.
In response to some of the earlier criticism, Microsoft has applied automated content filtering of information it deems sensitive. For example, it will not take snapshots of a web page with a visible credit card field, online banking websites, or password managers that show credentials. However, according to Ars Technica, some users have still reported instances of credit card numbers, cheques, or emails with personal data being captured, so it isn’t 100% reliable.
Additionally, while the Recall system tray icon does indicate when filtering is active, it does not specify what it is being filtered, according to Ars Technica. To find out, they will have to manually scroll through the Recall database to see for themselves.
Encryption of Recall files
Microsoft has addressed concerns about how easily the Recall database could be accessed. All Recall files can be found in the AppData folder of the CoreAIPlatform.00UKP directory, but they are now encrypted. Setting up Recall does require the PC’s local disk to be encrypted with BitLocker or Windows Device Encryption.
Microsoft says the encryption keys are protected by a Virtualisation Based Security hypervisor and Trusted Platform Module, and that rate-limiting and “anti-hammering” protections are also in place, meaning that repeated or automated attempts to access the data are detected and blocked to prevent brute-force attacks.
Windows Hello requirement
Using Recall requires Windows Hello biometric authentication during setup, which can be performed using either a fingerprint or a facial scan. Thereafter, users must enter their Windows Hello PIN each time they open the application. However, this method offers limited security, as the same PIN is often used to unlock the PC and may be shared among household members for convenience.
Granular screenshot control
When turned on, Recall will take screenshots of and scrape text from only the active window on a PC. By default, all screenshots will be kept until they start to limit storage space, but users can choose an age-based expiration date, such as 30 or 180 days, if they wish to, according to Ars Technica.
Users can also go into Recall and delete specific screenshots, or all screenshots from specific apps, from their database manually. Alternatively, they can clear the entire database for a specified time period, such as the past hour, past day, or past month.
