Jump to content
  • You're wrong about Windows Recall — How Microsoft keeps your data safe on Copilot+ PCs


    Karlston

    • 1 comment
    • 767 views
    • 7 minutes
     Share


    • 1 comment
    • 767 views
    • 7 minutes

    Squashing the FUD around Windows Recall.

    Since Microsoft announced Windows 11's big next-gen AI feature push, the internet has been up in arms over Windows Recall, the company's magnum opus AI experience that's exclusive to Copilot+ PCs launching this summer. While some responses have been sane, a large percentage of people have wasted no time spreading FUD (fear, uncertainty, and doubt) over this new feature without really understanding it.

     

    In case you've been living under a rock: Windows Recall is a new feature that will take snapshots of your screen every few seconds and use on-device AI to analyze and triage that content. This allows you to semantically search for anything and everything you've ever done on your computer using natural language, and is arguably the next generation of search of Windows.

     

    Unsurprisingly, this has led to many people calling Recall a spyware tool for Microsoft to watch everything we do on our computers, which is a particularly unfair description of the feature. Microsoft is actually taking privacy and security very seriously, and this article attempts to explain how, and why your worries about Windows Recall are unfounded.

    Windows Recall data is encrypted on your device

    AwW2Cw39YWvi3CfZ7STDPG-970-80.jpg

    Windows Recall is encrypted on your device, and its data is not shared across accounts. (Image credit: Microsoft)

     

    First thing is first, the snapshots and strings of text that Windows Recall logs are safely encrypted on your PC using Device Encryption and Bitlocker. This means if your laptop is ever stolen, intruders can't access the contents of your storage without an encryption key, and they won't be able to gain access to any stored snapshots without being logged in to your account.

     

    Additionally, Microsoft also says that Windows Recall does not integrate with other apps or services. This means it's not sharing stored data with other Windows services or apps, and the only time it does share a snapshot is when the user manually initiates the share button in Recall. When this happens, Recall will make a copy of the snapshot and place it in C:\Users\[username]\AppData\Local\Temp. Once the share is complete, Windows will delete the snapshot from that temp directory. 

     

    While Windows Recall does have an API, this is only for developers to create a seamless experience, jumping from snapshot into a live app. It does not allow the app access to Recall's stored snapshots.

    Windows Recall does not send your data to the cloud

    NTgY4FoAwR3Aqzu6s5DTPN-970-80.jpg

    Microsoft cannot see your snapshots as they don't get uploaded to the cloud. (Image credit: Microsoft)

     

    This is arguably the most important point to hammer home: Windows Recall does not talk to the cloud. It does not send your data from your device to Microsoft servers. This includes snapshots, strings of text, and search queries. Microsoft cannot see anything that Windows Recall collects, and this is by design.

     

    The entire Windows Recall experience is processed on device, which is partly why it requires a Copilot+ PC to function. Microsoft is offloading the resources required to process a feature like this onto the NPU, which is a secure chip that's powerful enough to handle the processing of snapshots using AI with little power draw.

     

    This means Windows Recall works 100% offline, and you don't need an active internet connection to take advantage of it. It doesn't even require a Microsoft Account, and as a result is missing some quality of life features such as cross-device syncing. None of that is possible here, because Windows Recall does not upload your data anywhere.

    Microsoft is not training any AI models on your data

    PR5NecYaNMnkuCsL5qQUpm-970-80.jpg

    Recall is an entirely offline experience. No internet required (after initial setup) (Image credit: Microsoft)

     

    Microsoft said this on stage, but just to reiterate: Microsoft does not train its AI models on Windows Recall data. This is because, once again, Windows Recall does not upload your data to the cloud. Microsoft cannot see it, because it's encrypted on your device, and so it cannot train AI models on the snapshots that Recall has captured on your device.

     

    This also means Windows Recall cannot be used to tailor ads and services in your favor, as the data Recall collects is only ever used by the Recall app.

    Windows Recall is completely optional

    wW22JeoSqJoNwCoqZC37o9-970-80.jpg

    You can configure pretty much all aspects of Recall. (Image credit: Microsoft)

     

    If all of that doesn't settle your nerves, Windows Recall is a completely optional experience. You absolutely do not have to use it if you don't want to. On a Copilot+ PC, you will be prompted during the out of box setup experience to enable Windows Recall. 

     

    If you choose not to, the Windows Recall feature will be rendered inoperable. It can't function because Windows Recall requires a large initial download before it can be used, as it's an entirely offline experience and does not rely on cloud services to function. Without this download, Windows Recall isn't able to run. 

    Windows Recall cannot run "secretly" in the background

    Qv6HdRQ2ebAxmnjpuGh6xY-970-80.jpg

    There is a visual indicator always on-screen when Recall is active. (Image credit: Microsoft)

     

    One big conspiracy theory I've heard is that Microsoft will automatically enable Windows Recall in the background without the user knowing. This isn't possible, as Windows Recall places a permanent visual indicator in the Taskbar's system tray when it's enabled. 

     

    Additionally, for Windows Recall to be automatically enabled, it would need to download that large initial patch to even function. This is all to say that Windows Recall won't be randomly enabled on your computer without your knowledge. There are visual indicators permanently in view when Recall is active. 

    You can choose what Windows Recall even sees

    yEG3GF9vZ472CCo3KcCJAZ-970-80.png

    You can filter out websites and apps, which works in the most popular browsers. (Image credit: Microsoft)

     

    Windows Recall has built-in filtering options that allow users to control exactly what Windows can see and store. If you don't want Windows Recall to take snapshots of a particular app or website, you can filter those out with just a few clicks. If Recall happens to capture something you weren't expecting, you can immediately delete the snapshot directly within the Recall app.

     

    You can even pause snapshots whenever you like, just by selecting the Windows Recall icon that's permanently present on the Taskbar. You can also choose how frequently Windows Recall deletes old snapshots, and limit the amount of storage it takes up on your PC. Windows Recall also cannot see DRM content, or any private browsing sessions in Edge, Chrome, Opera, and Firefox.

    There are legitimate concerns

    Microsoft is doing everything it can to assure users that Windows Recall is safe to use, but that doesn't mean there are no concerns. The biggest concern is an intruder gaining physical access to your device while you're logged in. If that happens, yeah, you're kinda screwed. Microsoft could remedy this in the future with the option to enable Windows Hello unlock on the Recall app, which would keep your snapshots safe in this scenario.

     

    It's also good to be skeptical of Microsoft and their claims. With that said, I think it would be wild for Microsoft to outright be lying about not upload Recall data to the cloud, as that's one of the first things people are going to check for. It will be very easy to prove if it is or isn't sending personal data to Microsoft.

     

    Source

     

    Hope you enjoyed this news post, feedback and Likes welcome


    User Feedback

    Recommended Comments

    Several points...

    1/ Shouldn't Microsoft have said all those things about Recall when they unveiled it, instead of after the fact?

    2/ Are the clueless Nadella sycophants even aware of unintended but actual meanings for the word recall -- such as cancel or revoke?

    3/ Microsoft tried the Recall back on Windows 10, calling it Activity History. It was a dismal failure.

     

    Does Microsoft really think its end users are that dumb and will fall for the snake oil they are trying to sell?

    Link to comment
    Share on other sites




    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...