Since Microsoft announced Windows 11's big next-gen AI feature push, the internet has been up in arms over Windows Recall, the company's magnum opus AI experience that's exclusive to Copilot+ PCs launching this summer. While some responses have been sane, a large percentage of people have wasted no time spreading FUD (fear, uncertainty, and doubt) over this new feature without really understanding it.
In case you've been living under a rock: Windows Recall is a new feature that will take snapshots of your screen every few seconds and use on-device AI to analyze and triage that content. This allows you to semantically search for anything and everything you've ever done on your computer using natural language, and is arguably the next generation of search of Windows.
Unsurprisingly, this has led to many people calling Recall a spyware tool for Microsoft to watch everything we do on our computers, but the company is clear: It has no plans to upload the data recorded by Recall to the cloud. It's all handled locally on the device. With that said, there are still some security concerns to be aware of.
So, here's what is and isn't safe about Windows Recall.
Windows Recall data is encrypted on your device
First thing is first, the snapshots and strings of text that Windows Recall logs are safely encrypted on your PC using Device Encryption and Bitlocker. This means if your laptop is ever stolen, intruders can't access the contents of your storage without an encryption key, and they won't be able to gain access to any stored snapshots without being logged in to your account.
Additionally, Microsoft also says that Windows Recall does not integrate with other apps or services. The only time it does share a snapshot is when the user manually initiates the share button in Recall. When this happens, Recall will make a copy of the snapshot and place it in C:\Users\[username]\AppData\Local\Temp. Once the share is complete, Windows will delete the snapshot from that temp directory.
While Windows Recall does have an API, this is only for developers to create a seamless experience, jumping from snapshot into a live app. It does not allow the app access to Recall's stored snapshots.
Windows Recall does not send your data to the cloud
This is arguably the most important point to hammer home: Windows Recall does not talk to the cloud. It does not send your data from your device to Microsoft servers. This includes snapshots, strings of text, and search queries. Microsoft cannot see anything that Windows Recall collects, and this is by design.
The entire Windows Recall experience is processed on device, which is partly why it requires a Copilot+ PC to function. Microsoft is offloading the resources required to process a feature like this onto the NPU, which is a secure chip that's powerful enough to handle the processing of snapshots using AI with little power draw.
This means Windows Recall works 100% offline, and you don't need an active internet connection to take advantage of it. It doesn't even require a Microsoft Account, and as a result is missing some quality of life features such as cross-device syncing. None of that is possible here, because Windows Recall does not upload your data anywhere.
Microsoft is not training any AI models on your data
Microsoft said this on stage, but just to reiterate: Microsoft does not train its AI models on Windows Recall data. This is because, once again, Windows Recall does not upload your data to the cloud. Microsoft cannot see it, because it's encrypted on your device, and so it cannot train AI models on the snapshots that Recall has captured on your device.
This also means Windows Recall cannot be used to tailor ads and services in your favor, as the data Recall collects is only ever used by the Recall app.
Windows Recall is completely optional
If all of that doesn't settle your nerves, Windows Recall is a completely optional experience. You absolutely do not have to use it if you don't want to. On a Copilot+ PC, you will be prompted during the out of box setup experience to enable Windows Recall.
If you choose not to, the Windows Recall feature will be rendered inoperable. It can't function because Windows Recall requires a large initial download before it can be used, as it's an entirely offline experience and does not rely on cloud services to function. Without this download, Windows Recall isn't able to run.
Windows Recall cannot run "secretly" in the background
One big conspiracy theory I've heard is that Microsoft will automatically enable Windows Recall in the background without the user knowing. This isn't possible, as Windows Recall places a permanent visual indicator in the Taskbar's system tray when it's enabled.
Additionally, for Windows Recall to be automatically enabled, it would need to download that large initial patch to even function. This is all to say that Windows Recall won't be randomly enabled on your computer without your knowledge. There are visual indicators permanently in view when Recall is active.
You can choose what Windows Recall even sees
Windows Recall has built-in filtering options that allow users to control exactly what Windows can see and store. If you don't want Windows Recall to take snapshots of a particular app or website, you can filter those out with just a few clicks. If Recall happens to capture something you weren't expecting, you can immediately delete the snapshot directly within the Recall app.
You can even pause snapshots whenever you like, just by selecting the Windows Recall icon that's permanently present on the Taskbar. You can also choose how frequently Windows Recall deletes old snapshots, and limit the amount of storage it takes up on your PC. Windows Recall also cannot see DRM content, or any private browsing sessions in Edge, Chrome, Opera, and Firefox.
Malware may be able to read the data
The biggest concern with Windows Recall isn't that Microsoft might be uploading the data to the cloud (because it's not,) but rather malware that could be installed by the user. Malware could be developed to reach into Recall's application data to scrape text stored by the Recall app, which could pose as a security threat.
Access to Windows Recall's app data does require an administrator account with system-level access, but this is still something to be aware of. Microsoft needs to ensure the data collected by Windows Recall is only readable by the Recall app, which it hasn't yet done.
The good news is malware doesn't just magically appear on your computer. Malware is often installed by unknowing users who have downloaded the wrong thing, which is why it's important to run an up to date antivirus to ensure malware is caught before it can do any damage.
It's good to be skeptical
Microsoft is doing everything it can to assure users that Windows Recall is safe to use, but there are still some concerns. The biggest concern is malware that may be able to read Recall data, followed by an intruder gaining physical access to your device while you're logged in. If that happens, yeah, you're kinda screwed. Microsoft needs to ensure the data that is stored on your device is only readable by the Windows Recall app, and perhaps offer an option to guard access to the Recall app with Windows Hello unlock.
It's good to be skeptical of Microsoft and their claims, but much of the outrage around Recall is seriously unfounded. It will be very easy to prove if Recall does or doesn't upload personal data to Microsoft once we get access to Copilot+ PCs, so there is no point in Microsoft lying about it.
And remember, Windows Recall is entirely optional. If you don't like it, don't use it. There's no way for the feature to be automatically enabled in the background without you noticing either.
