Since its announcement in June, Microsoft's Windows Recall feature has been controversial and bumpy for a few months. It faced immediate backlash over security concerns when it was revealed. The concern was mainly around the fact that Recall takes screenshots of your entire PC so that you can find information later if desired.
The AI tool for Copilot + Pilots was recalled so Microsoft could tweak the program and work on the security issues. Since then, it's been delayed several times, and only recently became available for Windows Insiders, Microsoft's version of beta testers for early adopters.
"We’ve updated Recall to detect sensitive information like credit card details, passwords, and personal identification numbers. When detected, Recall won’t save or store those snapshots. We’ll continue to improve this functionality, and if you find sensitive information that should be filtered out for your context, language, or geography, please let us know through Feedback Hub. We’ve also provided an option in Settings that we encourage you to enable that will anonymously share the apps and sites you prefer to be excluded from Recall to help us improve the product."
What does Recall actually do?
Since few people have been able to try out Recall, here's a brief rundown of what the feature is supposed to do for you.
Microsoft pitches the tool to help you find things better by searching your PC for anything you've seen on it using natural language.
To do this, Recall takes "snapshots" of your screen at regular intervals, which are stored locally on your computer and analyzed and indexed by AI.
The obvious concern here is that this digital record of everything on your PC and things you've done on your PC can potentially be accessed by bad actors. When Recall first appeared in the spring, it didn't even have encryption on the snapshots, and the database was stored as plain text. Those things have changed in the past few months.
Microsoft has also made Recall opt-in, which was previously an opt-out option.
The new Recall does have the mentioned filter and appears to encrypt data. Login also requires biometric data and passwords. And information can only be viewed in the Recall app.
That said, a determined bad actor with access to your password or PIN could bypass the biometric checks. And you can view the Recall app via TeamViewer, which allows for popular remote access.
For now, if the filter isn't working, it means your data is being captured and that a series of missteps could make that information available to a bad actor.
More from Tom's Guide
- Microsoft will let you install Windows 11 on unsupported PCs after all — what you need to know
- AirDrop for Windows is finally here — Microsoft announces new way to easily share files between your iPhone and PC
- Microsoft just fixed 72 Windows security flaws — update your PC right now
