(Photo by Jason Redmond/AFP via Getty)
After a long delay over security concerns, Microsoft is ready to bring its controversial Recall feature out of beta. It arrives exclusively on Copilot+ Windows 11 PCs as part of a feature update rolling out today.
Recall is designed to help users conveniently pull up old folders, emails, or browser tabs that they’ve closed or misplaced. However, after its introduction last year, Recall drew comparisons to spyware since it takes and archives screenshots of your PC activity. In the wrong hands, this could be used to surveil users, making it a potent target for malware and even governments.
These privacy and security worries caused Microsoft to delay Recall and develop various safeguards to prevent such abuse. It offered Recall as a beta feature to Windows 11 Insiders, and gathered feedback from actual users before today’s mainstream release.
(Credit: Microsoft)In an interview, Microsoft VP for Security David Weston said Recall is "the most secure experience in Windows." It's opt-in and you can remove it from the Windows 11 Copilot+ OS.
“Folks were potentially concerned that maybe someone could turn it on surreptitiously,” Weston says, which is why Microsoft included the uninstall option. It can re-enabled later but can only be fully configured and activated if the user enrolls in Windows Hello, the company’s login method that requires a fingerprint or facial scan.
“So the first time you go to enable Recall, you actually have to biometrically prove that you’re the logged-in user,” Weston adds. The company is also using an “advanced version” of Windows Hello designed to prevent malware from spoofing a user’s facial scan through the PC’s camera.
(Credit: Microsoft)“That’s why we believe we can trust in proof-of-presence that yes, this user actually wants to turn this on,” Weston says.
The other major safeguard is encryption. Microsoft designed Recall to act as “end-to-end encrypted” to prevent malware, or even Microsoft itself, from accessing Recall files. In addition, all of Recall’s data remains on the user’s PC, and is never sent to the company.
Redmond further tightened the security by moving Recall’s encryption keys and the screenshot data out of the Windows 11 OS to the security-focused TPM chip. “All of the information done around this is done in a separate virtual machine," Weston says. "What that means is even in the event you got malware, your main system was compromised, that encrypted information never touches the main system."
Another concern facing Recall is its potential to save any passwords or sensitive personal information that pops up on your computer. In response, Weston says Microsoft has been introducing “application filters” that promise to detect data, such as Social Security numbers, and stop capturing them from within the screenshots. “We have an initial set of filters that we’re committed to continuing to update all the time to get better,” he says.
Users can know whether Recall is activated through “visual indicators,” which include the Recall “eye icon” on the system tray. In a blog post, Microsoft further justifies Recall’s release, saying, “With 69% of consumers feeling overwhelmed by too much information, it’s now more important than ever to help customers find the right info that they are looking for.”
(Credit: Microsoft)But critics, such as security researcher Kevin Beaumont, remain concerned about Recall. He tested the beta release and found the filtering of sensitive data can be “hit or miss”; he spotted Recall taking screenshots of his credit card data and encrypted Signal chats.
Beaumont also points out: “Biometric enablement is only needed for initial setup, but after that the safety wheels are off. You can open Recall just using the four-digit PIN unlock option with Windows Hello, i.e. without fingerprint or your face, with no biometrics.”
Microsoft confirms this, telling PCMag: “Recall currently supports PIN as a fallback method only after Recall is configured, and this is to avoid data loss if a secure sensor is damaged.” This also suggests an attacker would need physical access to the PC and the PIN number to secretly access Recall.
It’s why Beaumont recommends certain groups, such as journalists, users with abusive partners, or people under risk of government searches, avoid activating the feature. “From a privacy perspective, there are landmines everywhere,” he says.
In the meantime, Microsoft says Recall is arriving via the "April 2025 Windows nonsecurity preview update" for Copilot+ PCs. "Over the next month, we will be gradually rolling out these new features via controlled feature rollout (CFR) to consumers."