Microsoft has announced significant changes to its upcoming “Recall” feature for Copilot+ PCs after security experts and privacy advocates raised extensive concerns about user safety. Recall, which was introduced as one of the key features for Microsoft’s new line of AI-powered Copilot+ PCs, creates an automatic timeline by periodically taking screenshots of a user’s activity, allowing users to search their past digital interactions with natural language. However, many cybersecurity professionals warned that storing a detailed log of user activities could expose highly sensitive personal data to hackers or malware, especially if these screenshots were not adequately protected.
Amid the backlash, Microsoft revealed last week that Recall will now default to “off”, meaning users must explicitly opt in to activate the feature rather than having it enabled by default. In addition, the company said that all screenshots collected by Recall will be stored within a dedicated, encrypted storage container on the device, with additional layers of security intended to withstand even sophisticated attacks. Microsoft also said users must authenticate with Windows Hello before accessing Recall’s timeline, providing a further barrier against unauthorized access.
David Weston, Microsoft’s Vice President for Enterprise and OS Security, wrote in a blog post that the changes are “part of our commitment to putting security at the forefront for our customers and responding to feedback from the security community.” Recall, which remains in preview and is expected to launch alongside Copilot+ PCs later this year, will not store data in the Microsoft cloud, further addressing privacy worries.
The controversy highlights the ongoing tension between the development of advanced AI-powered productivity tools and the imperative to safeguard user privacy and data. Observers in the cybersecurity field have welcomed Microsoft’s rapid adjustment, though some advocates note that ongoing vigilance and transparency will be required as the company pushes ever more powerful AI features onto users’ devices.
Sources
Microsoft Update on Recall Security and Privacy Architecture (David Weston, VP Security)
https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/
Microsoft Bows to Public Pressure; Recall Disabled by Default
https://www.securityweek.com/microsoft-bows-to-public-pressure-disables-controversial-windows-recall-by-default/
Microsoft Makes Security, Privacy Changes to Recall for Copilot+ PCs (CRN)
https://www.crn.com/news/computing/2024/microsoft-makes-security-privacy-changes-to-recall-feature-for-copilot-pcs
Laptop Mag: Microsoft Recall Gradually Rolling Out With Privacy Changes
https://www.laptopmag.com/laptops/windows-laptops/microsoft-recall-is-back-again
Kaspersky: Should You Disable Microsoft Recall in 2025?
https://www.kaspersky.com/blog/recall-2025-risks-benefits/53407/
