Windows Recall: All your privacy questions answered

Microsoft has drawn criticism with the announcement of Windows Recall, an AI-based feature that will be built into new Copilot+ PCs. Recall takes snapshots of your PC’s screen every few seconds and uses that data to make a searchable index of everything you’ve ever done on your PC.

So is there cause for concern about Recall and your privacy — or the privacy of data connected to your company? I’ve been getting a lot of questions about that from readers. Let’s dig in so you can understand exactly what’s going on — and what decisions you’ll have to make, whether you’re thinking about your work laptop, a home PC, or a fleet of business computers.

But first, the good news: Windows Recall is only available on those new Copilot+ PCs. It won’t arrive on your current Windows 11 or Windows 10 PC with an update. You won’t even have to think about Recall until you buy a new PC that happens to have Recall built in.

Want expert insights on what’s actually going on in Windows? Sign up for my free Windows Intelligence newsletter — three things to try every Friday. Plus, get free Windows Field Guides as a bonus when you sign up!

What is Recall on Windows?

Recall is a new feature that will be built into Windows 11 moving forward. And, again: It will only be available on new PCs Microsoft has certified as “Copilot+ PCs.”

These PCs have neural processing units (NPUs) capable of at least 40 trillion operations per second (TOPS.) This hardware is designed to accelerate local AI tasks — in other words, AI tasks performed on your PC itself without any online servers involved — in a way that doesn’t drain a lot of battery power.

If you do have a Copilot+ PC, Recall is an optional feature that can capture snapshots of your screen every five seconds. (It won’t capture audio or video — just pictures of what’s on your screen.) You will then be able to search those snapshots using plain-language search. For example, you could say: “Show me that PowerPoint presentation I was looking at three weeks ago, the one with the green bar chart” — or “What was that message Dave sent me about the quarterly budget two months ago?” These searches all happen entirely on your device, and they’ll even work offline. Microsoft’s servers aren’t involved.

It’s a more plain-language way of your PC remembering what you were doing and allowing you to dig through it, and it’s clear how this type of feature could be a boost to productivity for anyone who works on their PC — and anyone using their PC for any other type of task, from online shopping to vacation planning to chatting with friends.

Macs have something similar with Rewind, which also captures your computer activity and lets you search it. But Rewind is a third-party tool, not something built into macOS by Apple.

Microsoft

Is Microsoft sneaking Recall onto my PC with an update?

No. I can’t state this emphatically enough: Recall will not arrive on your current Windows 11 or Windows 10 PC. As Microsoft puts it, this feature is “exclusive” to those new Copilot+ PCs. It won’t suddenly arrive on any of your existing PCs via a Windows Update or any other mechanism.

Do I have to use Recall?

Recall is completely optional. When you’re signing into a new Copilot+ PC for the first time, Microsoft says you’ll be informed about Recall and given an ability to make a decision. You can choose not to use Recall at that time, in which case it won’t do anything or collect any sort of data.

If you do enable Recall, you’ll see a Recall icon pinned to your taskbar by default, and Recall will also have a system tray icon while it’s running. It’s very visible — it doesn’t just run silently in the background. After all, Microsoft wants you to use Recall to find things.

Microsoft says you can use the system tray icon or the options at Settings > Privacy & security > Recall & snapshots to pause Recall at any time. You can turn it on or off, delete existing snapshots, and choose to filter specific apps and websites so Recall doesn’t capture them. Recall also won’t capture any activity in “private browsing” windows in browsers like Chrome, Edge, and Firefox.

Microsoft

How can businesses control Recall?

Businesses that don’t want Recall active on their organizations’ devices can disable Recall and stop PCs from saving snapshots using either group policy or MDM (mobile device management) policy. Microsoft has a guide to controlling Recall for IT administrators.

Where are the Recall snapshots stored?

Recall stores all the snapshots and other data on your PC itself. When you perform a search, Recall does the search on your PC. Microsoft says your data is never uploaded to a Microsoft server. It all happens completely on your PC, without the computer ever “phoning home.”

In a way, this makes Recall a little less useful — if you use multiple PCs, your Recall activity won’t sync between them. If you’re looking for something, you’ll need to search Recall on the PC you originally saw it on. But that may be a good thing when it comes to privacy considerations, particularly from an enterprise perspective.

The Recall data is also stored in an encrypted manner that’s specific to each individual user account on a device.

Is Microsoft taking my Recall data?

Microsoft says that the Recall data will be stored only on your PC and never processed by Microsoft’s servers. Since Microsoft isn’t so much as ever seeing or receiving this data, your Recall snapshots won’t be used for targeting ads to you, training AI models, or any other purpose along those lines.

Couldn’t someone steal my laptop and look at my snapshots?

Modern Windows PCs have encrypted storage, like other modern devices. Someone who stole your PC would need to be able to sign in as you to see your data.

Recall is only going to be available on Copilot+ PCs, and Microsoft has set a higher baseline of security for these PCs: They must be Secured-core PCs, for example, and they will include a Microsoft Pluton security processor. In other words, they will ship with encrypted secure storage backed by hardware security features.

The reality is that if someone stole a PC from an office worker or a home PC user and managed to sign into it, they’d already have access to a lot of private data. This would include financial documents stored on the PC itself, sensitive business information, email accounts the computer was signed into, and so on.

Recall will definitely generate extra data that can be accessed if a criminal breaks into a PC. But, on the whole, it’s less risky to be using Recall on a securely encrypted Copilot+ PC than to walk around with a Windows 10 laptop that doesn’t use BitLocker or another encryption method.

Can other people on my PC see the snapshots?

The Recall data is stored separately for each user account on a PC. That means even if you share a PC with other people, they won’t be able to look through your Recall snapshots — not unless they can sign into the computer with your user account and credentials.

Will Recall store financial account numbers and passwords?

Microsoft says that “Recall does not perform content moderation.” If a password or financial account number is visible on your screen, Recall will save it.

That being said, Recall won’t capture most passwords you type, since most websites “cloak” password entry dialogs by displaying them as ****. But if a website does show the visible passwords — or if information like a credit card number, bank account number, or social security number appears on the screen — Recall will save them in your snapshots.

That’s something many people are concerned about. But you can choose to filter out specific websites (like financial websites), use private browsing, or even filter out entire applications to have Recall ignore them. Also, you can delete snapshots at any time.

While this data may appear in your Recall snapshots, it’s critical to remember that only someone who has physical access to your PC — and who can sign into it with your user account — can get access to this information. And someone with physical access to your PC can do much worse, including installing malware on it.

Microsoft

But couldn’t someone else with access to my PC snoop on it?

To snoop through your snapshots for your private information, people would need both physical access to your PC and to be signed in as you.

To be fair, even the possibility of that happening does raise concerns. An abusive partner or family member could dig through the snapshots to find private information, for example — if Recall snapshots were enabled. An unlocked work PC in an office or a coffee shop could potentially put Recall info at someone else’s fingertips. Anytime you let someone else momentarily use your PC opens the door to that person digging through private information.

However, this was always a risk. That abusive partner could use their access to the PC to install a keylogger and remote-monitoring software to snoop on their partner’s PC usage, with or without Recall. Someone you give momentary access to your PC could pull up your email or search for sensitive financial documents. The Recall feature introduces a new way for people to find sensitive information if they already have access to a PC — but, again, they could do a lot of damage even without Recall in the mix.

How concerned should I be about Recall?

It’s clear why Recall is concerning. It marks a change in the way our computers remember and store information. And it seems like an obvious privacy problem if people with access to our PCs can use “AI-style” plain language search to dig through our saved PC history.

But there are already so many other potential privacy and security risks that could be exploited by anyone with access to Recall.

And, critically, Recall doesn’t send any of this data over the internet. There are already so many other details we’re giving to Microsoft and other corporations. If you’re worried about the information Microsoft and other companies are receiving about you, Recall isn’t the problem — but there are a lot of other Windows and web features that might be.

Plus, Microsoft isn’t being too sneaky this time: Recall isn’t going to arrive on existing Windows PCs. It will only show up on new Copilot+ PCs — where it’ll go through testing and we’ll see how it works. And, even on those new Copilot+ PCs, people can choose to turn Recall off, if they like.

Recall could be a big productivity boost for a lot of workers, helping them dig through all the information they’ve seen on their work PCs. If you also use Discord to chat while working, you could filter out Discord and ensure Recall doesn’t capture anything you say in there while it takes snapshots of all the Word documents, Excel spreadsheets, and Outlook emails you go through all day. Recall offers a lot of control.

If you’re still not comfortable with it — or just don’t see how a tool like Recall could help you, that’s fine. Remember, even if you get a new Copilot+ PC with Recall, you can turn it off.

Even veteran Windows journalist Paul Thurrott, who is often critical of Microsoft’s privacy practices, argues that Recall is not a privacy concern. It’s not uploading anything to Microsoft — it’s just storing the data on your PC.

But aren’t there still privacy concerns with Recall?

While I can see the benefits of Recall — especially for productivity workers who go through a lot of information on their Windows PCs and could save a lot of time if they had a faster way to find it — there are some elements of Recall that should give everyone pause.

Of course, this is a big change in the way PCs work. While people and businesses will have the choice to enable or disable Recall on their PCs, PCs have never captured and stored this kind of information in this way before. It’s a bit of a shock.

Also, defaults matter. Yes, Recall has a lot of knobs and switches technical users can tweak to make Recall the way they want it to. But most people will probably stick with the defaults — even if those defaults may put them or their data at risk. Someone with an abusive partner may not know how to disable Recall. A less knowledgeable PC user might have Recall enabled and let someone else use their PC without realizing that person can dig through everything they’ve been doing recently.

An attacker with access to a PC could just enable Recall rather than install a keylogger, and then grab private information from the Recall snapshots. That kind of attack could be a little more subtle and harder to spot than the full install-a-keylogger attack, too.

The most important answers are still ahead of us

Recall will arrive as a “preview experience” on those new Copilot+ PCs in a few weeks. If you want to stay far away from it, that’s easy: Just don’t buy a Copilot+ PC (or turn the Recall feature off when you do!).

More than anything, we’ll have to see how the risks of Recall shake out in the real world. Perhaps Microsoft will attempt to do more “filtering” by default — using AI features to force Recall to avoid capturing passwords and financial account details, for example. And perhaps everyone will realize the risk of giving other people access to their PCs — something that was always a risk when sensitive documents, emails, and browser histories are just a few clicks away.

Of course, Microsoft’s big Copilot+ PC push is about more than AI. It sounds like the PC industry may finally have thin-and-light laptops with incredibly long battery life to compete with MacBooks. That’s huge.

Even if you disable Recall and turn off every AI-based feature on those new Copilot+ PCs, they could be a big upgrade over your current laptop. I’ll know more when I start getting my hands on them next month.

Interested in learning more? Watch this column and sign up for my free Windows Intelligence newsletter to be the first to see my in-depth impressions. You’ll also get three new things to try every Friday and free copies of Paul Thurrott’s Windows Field Guides as a special welcome bonus.