Do you trust Microsoft with a feature like Windows Recall?

Sean Endicott
·3-min read
Recall interface.
Recall interface.

Copilot+ PCs are set to start shipping in a couple weeks. Those systems have Neural Processing Units (NPUs) that power a plethora of AI features. Among those new features is Windows Recall, a powerful tool that can search through your computing history to help you pick up where you left off. Microsoft advertises Windows Recall as a major addition to Windows 11 but the feature has proven controversial.

Windows Recall takes a snapshot of your system every few seconds to create a database that can be searched using AI. That AI processing all happens locally, meaning none of your data goes to the cloud. Microsoft also promises that none of the data saved for Windows Recall is used to train AI models.

Despite these security measures in place, many have privacy and security concerns about Windows Recall. While the feature is powerful, it creates a searchable database of an incredibly detailed set of information. Recall does not moderate what it takes snapshots of, so if you enter payment details or other sensitive data, it could appear in Windows Recall.

Additionally, security researcher Kevin Beaumont discovered that Windows Recall only encrypts your data when your device is logged off. If your PC is logged on, data from Windows Recall sits in an SQLite plaintext database that's easy to access. Of course, anyone with access to a device that's logged on could extract sensitive information from your PC, but Windows Recall essentially serves the data on a platter.

Read more

- "Microsoft should recall Windows Recall"
- How to disable Windows Recall
- Windows Recall clones are popping up
- Hands-on with Windows Recall
- How Microsoft keeps Windows Recall data safe

The poll above admittedly presents a layered question. Some may trust the concept of Windows Recall but not trust Microsoft with that feature. Others may not trust Microsoft regardless of what the tech giant works on. Another group of people may be okay with Microsoft and Windows Recall. But the topic of the day is Windows Recall specifically, and that includes the fact that it's made by Microsoft.

Our Senior Editor Zac Bowden posed the same question on X (formerly Twitter). I wanted to give people without an X account a chance to weigh in.

I've seen reactions online ranging from people thinking Microsoft will enable the feature without your permission to complete trust that Recall is and presents no security risks. Personally, I think the truth lies somewhere in the middle. I don't think Microsoft will enable Recall without consent, but I do think people will accidentally enable the feature when they set up their PC. I've seen people claim Microsoft enabled OneDrive syncing without permission only to later realize they had enabled the feature during the Windows out of box experience (OOBE).

When it comes to security, the weakest link in the chain is generally a person, not technology. Companies need to take steps to secure data and devices when human error occurs. For example, Microsoft could require Windows Hello authentication to access Windows Recall data. This could help secure data even if malware was installed onto a PC or someone gained physical access to a device that was logged in.

You can't make any feature "idiot proof," but you can add basic security features that add layers of protection against attacks.

What do you think about Microsoft and Windows Recall? Let us know in the poll above and share your thoughts in the comments below!

  • Up next
  • Up next
  • Up next
  • Up next

Latest stories