You're wrong about Windows Recall — How Microsoft keeps your data safe on Copilot+ PCs

Zac Bowden

29 May 2024 at 11:12 am·6-min read

Since Microsoft announced Windows 11's big next-gen AI feature push, the internet has been up in arms over Windows Recall, the company's magnum opus AI experience that's exclusive to Copilot+ PCs launching this summer. While some responses have been sane, a large percentage of people have wasted no time spreading FUD (fear, uncertainty, and doubt) over this new feature without really understanding it.

In case you've been living under a rock: Windows Recall is a new feature that will take snapshots of your screen every few seconds and use on-device AI to analyze and triage that content. This allows you to semantically search for anything and everything you've ever done on your computer using natural language, and is arguably the next generation of search of Windows.

Unsurprisingly, this has led to many people calling Recall a spyware tool for Microsoft to watch everything we do on our computers, which is a particularly unfair description of the feature. Microsoft is actually taking privacy and security very seriously, and this article attempts to explain how, and why your worries about Windows Recall are unfounded.

Windows Recall data is encrypted on your device

First thing is first, the snapshots and strings of text that Windows Recall logs are safely encrypted on your PC using Device Encryption and Bitlocker. This means if your laptop is ever stolen, intruders can't access the contents of your storage without an encryption key, and they won't be able to gain access to any stored snapshots without being logged in to your account.

Additionally, Microsoft also says that Windows Recall does not integrate with other apps or services. This means it's not sharing stored data with other Windows services or apps, and the only time it does share a snapshot is when the user manually initiates the share button in Recall. When this happens, Recall will make a copy of the snapshot and place it in C:\Users\[username]\AppData\Local\Temp. Once the share is complete, Windows will delete the snapshot from that temp directory.

While Windows Recall does have an API, this is only for developers to create a seamless experience, jumping from snapshot into a live app. It does not allow the app access to Recall's stored snapshots.

Windows Recall does not send your data to the cloud

Recall logo and name

This is arguably the most important point to hammer home: Windows Recall does not talk to the cloud. It does not send your data from your device to Microsoft servers. This includes snapshots, strings of text, and search queries. Microsoft cannot see anything that Windows Recall collects, and this is by design.

The entire Windows Recall experience is processed on device, which is partly why it requires a Copilot+ PC to function. Microsoft is offloading the resources required to process a feature like this onto the NPU, which is a secure chip that's powerful enough to handle the processing of snapshots using AI with little power draw.

This means Windows Recall works 100% offline, and you don't need an active internet connection to take advantage of it. It doesn't even require a Microsoft Account, and as a result is missing some quality of life features such as cross-device syncing. None of that is possible here, because Windows Recall does not upload your data anywhere.

Microsoft is not training any AI models on your data

Microsoft said this on stage, but just to reiterate: Microsoft does not train its AI models on Windows Recall data. This is because, once again, Windows Recall does not upload your data to the cloud. Microsoft cannot see it, because it's encrypted on your device, and so it cannot train AI models on the snapshots that Recall has captured on your device.

This also means Windows Recall cannot be used to tailor ads and services in your favor, as the data Recall collects is only ever used by the Recall app.

Windows Recall is completely optional

If all of that doesn't settle your nerves, Windows Recall is a completely optional experience. You absolutely do not have to use it if you don't want to. On a Copilot+ PC, you will be prompted during the out of box setup experience to enable Windows Recall.

If you choose not to, the Windows Recall feature will be rendered inoperable. It can't function because Windows Recall requires a large initial download before it can be used, as it's an entirely offline experience and does not rely on cloud services to function. Without this download, Windows Recall isn't able to run.

Windows Recall cannot run "secretly" in the background

One big conspiracy theory I've heard is that Microsoft will automatically enable Windows Recall in the background without the user knowing. This isn't possible, as Windows Recall places a permanent visual indicator in the Taskbar's system tray when it's enabled.

Additionally, for Windows Recall to be automatically enabled, it would need to download that large initial patch to even function. This is all to say that Windows Recall won't be randomly enabled on your computer without your knowledge. There are visual indicators permanently in view when Recall is active.

You can choose what Windows Recall even sees

Windows Recall has built-in filtering options that allow users to control exactly what Windows can see and store. If you don't want Windows Recall to take snapshots of a particular app or website, you can filter those out with just a few clicks. If Recall happens to capture something you weren't expecting, you can immediately delete the snapshot directly within the Recall app.

You can even pause snapshots whenever you like, just by selecting the Windows Recall icon that's permanently present on the Taskbar. You can also choose how frequently Windows Recall deletes old snapshots, and limit the amount of storage it takes up on your PC. Windows Recall also cannot see DRM content, or any private browsing sessions in Edge, Chrome, Opera, and Firefox.

It's good to be skeptical

Microsoft is doing everything it can to assure users that Windows Recall is safe to use, but that doesn't mean there are no concerns. The biggest concern is an intruder gaining physical access to your device while you're logged in. If that happens, yeah, you're kinda screwed. Microsoft could remedy this in the future with the option to enable Windows Hello unlock on the Recall app, which would keep your snapshots safe in this scenario.

It's good to be skeptical of Microsoft and their claims, but much of the outrage around Recall is seriously unfounded. It will be very easy to prove if Recall does or doesn't upload personal data to Microsoft once we get access to Copilot+ PCs, so there is no point in Microsoft lying about it.

Even if that's not good enough for you, Windows Recall is entirely optional. If you don't like it, don't use it. There's no way for the feature to be automatically enabled in the background without you noticing either.

Malay Mail
TM, Malaysian govt unveil NG999 next-gen emergency response system
KUALA LUMPUR, July 1 — TM and the Malaysian government have inked an agreement to develop and operate the nation’s Next...
The Telegraph
Microsoft’s obsession with AI could be its downfall
Twenty years ago as internet music piracy raged, I received a very unusual email from a primary school pupil in Kentucky.
Evening Standard
iOS 18: the biggest new Apple iPhone features you need to know
From AI-generated emojis to an overhauled Siri, these are the best perks coming to Apple devices later this year
PA Media: UK News
Monzo launches tools to tackle phone thieves raiding savings
The digital bank said the security control tools were the first of their kind to be launched across mobile banking.
PC Gamer
Intel's Arrow Lake chips could be using a brand new core layout for the first time in years
The change could be about boosting multithreading performance. Great news for content creators but not necessarily for gaming, unfortunately.
Yahoo Finance Video
Apple Intelligence is not enough to drive China sales: UBS
Apple's (AAPL) upcoming integration of Apple Intelligence software into its smartphone lineup may not be enough to boost sales in the Chinese market in 2025, according to UBS analyst David Vogt. He suggests that competition from Huawei's resurgence in China could slow Apple's regional growth prospects. Yahoo Finance tech reporter Dan Howley breaks down the details. For more expert insight and the latest market action, click here to watch this full episode of Market Domination. This post was written by Angel Smith
Malay Mail
Thursday, not Tuesday: PM Anwar raps home minister for batik blunder in Parliament
KUALA LUMPUR, July 2 — Prime Minister Datuk Seri Anwar Ibrahim today admonished Home Minister Datuk Seri Saifuddin Nasut...
Malay Mail
Online users make fun of Wan Fayhsal, Radzi for final 5km effort during Syed Saddiq's 200-km run
KUALA LUMPUR, July 1 — Muar MP Syed Saddiq Abdul Rahman took a stand against government inaction in a rather unusual way...
INSIDER
Malaysia's $100 billion ghost town is good for at least one thing: filming documentaries and shows like Netflix's 'The Mole'
Embattled Forest City is a backdrop for a handful of reality shows and documentaries.
Malay Mail
With 2.3 million Malaysian adults living with three NCDs, doctors warn of serious public health risks
KUALA LUMPUR, July 2 — The key findings from the newly-released National Health and Morbidity Survey 2023 by the Health...
Malay Mail
Chinese badminton player, 17, dies after collapsing on court
JAKARTA, July 1 — A 17-year-old Chinese player has died after collapsing on court during an international tournament in...
The Telegraph
Macron ‘practically wiped out’, Marine Le Pen declares
Follow the latest updates in our French election liveblog
Associated Press
Nepalese spiritual leader ‘Buddha Boy’ sentenced to 10 years in prison for sexual assault on minor
A controversial spiritual leader in Nepal known as “Buddha Boy” has been sentenced to a 10-year prison term Monday for sexually assaulting a minor, court officials said. Ram Bahadur Bamjan — believed by some to be the reincarnation of the founder of Buddhism — was also ordered to pay $3,700 in compensation to the victim by a judge at the Sarlahi District Court in southern Nepal. The man will have 70 days to appeal against the court order, court official Sadan Adhikari said.
The Independent
A pair of siblings were stabbed and the sister’s dying words were that the killer was a man from Detroit. Thirty-four years later, he’s been arrested.
Pamela Sumpter, was raped and stabbed, and her brother John Sumpter was stabbed to death, at their Georgia home on July 15, 1990. Andrea Cavallier reports
Malay Mail
Spurned by Perikatan, Ramasamy says ‘time for Urimai to be a political coalition’ in Malaysia
KUALA LUMPUR, July 2 ― The fledgling United Rights of the Malaysian Party (Urimai), an emerging political entity that...
People
Taylor Swift Gets Stuck on Platform After Stage Malfunction During Dublin Concert
One of the popstar's backup dancers, Jan Ravnik, came to her rescue during the Eras Tour mishap
HuffPost Life
Gastro Doctors Share The 1 Food They Never (Or Rarely) Eat
The experts on gas, bloating, colon cancer and other digestive issues share what they avoid themselves.
CNN
See Chinese rocket crash after accidentally launching
On June 30, a Chinese rocket crashed into the hills of Gongyi in central China after being accidentally launched during a ground test, according to a statement from the company, Space Pioneer. No injuries have been reported.
People
Woman Was Killed by Man Her Mom Had Forced Her to Marry — and Now the Mother Is Convicted
Prosecutors in Australia said Sakina Muhammad Jan forced her daughter to marry a man she didn't want to wed in November 2019, weeks before he killed her
The Independent
Prostitute is fatally strangled then sexually assaulted inside Las Vegas casino by man who said he ‘snapped’
Jason Kendall, 35, is being held without bond in connection to the murder of Larissa Garcia at a Las Vegas casino