The AI feature coming in Copilot+ PCs this year will capture your screen every five seconds and store the screenshots. Here’s what you need to know.
Windows Recall is an AI-based feature that will be built into new Copilot+ PCs. Recall takes snapshots of your screen every few seconds and uses that data to make a searchable index of everything you’ve ever done on your PC. But, since that first controversial announcement earlier this year, Microsoft has delayed Recall and made some changes.
In late November 2024, Recall became available in a preview form for Windows Insiders running the right hardware. Now it’s out in the wild.
So is there cause for concern about Recall and your privacy — or the privacy of data connected to your company? I’ve gotten a lot of questions about that from readers. Let’s dig in so you can understand exactly what’s going on and what decisions you’ll have to make, whether you’re thinking about your work laptop, a home PC, or a fleet of business computers.
But first, the good news: Windows Recall is only available on those new Copilot+ PCs. It won’t arrive on your current Windows 11 or Windows 10 PC with an update. You won’t even have to think about Recall until you buy a new PC branded a “Copilot+ PC.”
Want expert insights on what’s actually going on in Windows? Sign up for my free Windows Intelligence newsletter — three things to try every Friday. Plus, get free Windows Field Guides as a bonus when you sign up!
What is Recall on Windows?
Recall will be built into Windows 11 moving forward. And, again: It will only be available on new PCs Microsoft has certified as “Copilot+ PCs.”
These PCs have neural processing units (NPUs) capable of at least 40 trillion operations per second (TOPS.) This hardware is designed to accelerate local AI tasks — in other words, AI tasks performed on your PC without any online servers involved — in a way that doesn’t drain a lot of battery power.
If you do have a Copilot+ PC, Recall is an optional feature that can capture snapshots of your screen every five seconds. (It won’t capture audio or video — just pictures of what’s on your screen.) You will then be able to search those snapshots using plain-language search. For example, you could say: “Show me that PowerPoint presentation I was looking at three weeks ago, the one with the green bar chart” — or “What was that message Dave sent me about the quarterly budget two months ago?” These searches all happen entirely on your device, and they’ll even work offline. Microsoft’s servers aren’t involved.
It’s a more plain-language way of your computer remembering what you were doing and allowing you to dig through it — it’s clear how this type of feature could boost productivity for anyone who works on their PC — and anyone using it for other tasks, from online shopping to vacation planning to chatting with friends.
Macs have something similar with Rewind, which also captures your computer activity and lets you search it. But Rewind is a third-party tool, not something built into macOS by Apple.
Microsoft
What’s changed since the original announcement?
Since the original announcement of Recall in May, Microsoft has repeatedly delayed it and announced changes to boost privacy and security and make the feature more trustworthy. Here, specifically, is what’s evolved:
- Recall will be off by default unless you choose to turn it on during the Windows setup process.
- Recall will filter out sensitive information like password, credit card details, and social security numbers by default.
- Recall requires you use Windows Hello authentication before you can access your snapshots.
- Recall’s data is securely encrypted in a VBS Enclave, which means other users and applications can’t access it. The key is only released when you authenticate with Windows Hello.
- Recall will be disabled by default on managed business PCs. Businesses will have to choose to enable it. If they don’t, their employees won’t be able to activate it.
- Recall will be tested with Windows Insiders before it arrives on stable Copilot+ PCs. (Testing began in late November 2024.)
These changes were detailed by Microsoft in a blog post in June 2024 as well as an update on Recall’s architecture released in September 2024.
Overall, it’s a reasonable selection of changes that addresses many of the criticisms people had with the way Recall was originally implemented. It’s also led to a slower release with more testing — it doesn’t feel like a frantic launch that’s catching people off guard, like the original announcement did.
Is Microsoft sneaking Recall onto my PC with an update?
No. I can’t state this emphatically enough: Recall will not arrive on your current Windows 11 or Windows 10 PC. As Microsoft puts it, this feature is “exclusive” to those new Copilot+ PCs. It won’t suddenly arrive on any of your existing PCs via a Windows Update or any other mechanism.
As of November 2024, Copilot+ PCs are laptops with Qualcomm Snapdragon X Elite or Snapdragon X Plus processors, Intel Core Ultra (Series 2) “Lunar Lake” processors, or AMD Ryzen AI 300 series processors.
Do I have to use Recall?
Recall is completely optional. When you’re signing into a new Copilot+ PC for the first time, Microsoft says you’ll be informed about Recall and allowed to decide. You can choose not to use Recall at that time, in which case it won’t do anything or collect any sort of data.
If you do enable it, you’ll see a Recall icon pinned to your taskbar by default, and Recall will have a system tray icon while it’s running. It’s very visible — it doesn’t just run silently in the background. After all, Microsoft wants you to use Recall to find things.
Microsoft says you can use the system tray icon or the options at Settings > Privacy & security > Recall & snapshots to pause Recall at any time. You can turn it on or off, delete existing snapshots, and choose to filter specific apps and websites so Recall doesn’t capture them. Recall also won’t capture any activity in “private browsing” windows in browsers like Chrome, Edge, and Firefox.
Microsoft
How can businesses control Recall?
Microsoft says Recall will be disabled by default on managed business PCs. Organizations won’t have to do anything to disable Recall on their devices. In fact, they’ll have to go out of their way to activate it if they want their employees to have access.
Businesses that do want to activate Recall can use either group policy or MDM (mobile device management) policy. Microsoft has a guide to controlling Recall for IT administrators.
Where are the Recall snapshots stored?
Recall stores all the snapshots and other data on your PC. When you perform a search, Recall does the search on your PC. Microsoft says your data is never uploaded to a Microsoft server. It all happens completely locally, without the computer ever “phoning home.”
In a way, this makes Recall a little less useful — if you use multiple PCs, your Recall activity won’t sync between them. If you’re looking for something, you’ll need to search Recall on the PC you originally saw it on. But that may be a good thing when it comes to privacy considerations, particularly from an enterprise perspective.
The Recall data is also stored in an encrypted manner that’s specific to each individual user account on a device.
You won’t be able to access Recall to see any of that activity from that device without first authenticating with Windows Hello authentication. You’ll need your face, fingerprint, or PIN to activate it, so people sitting down in front of your PC won’t just be able to see your Recall data; it’s encrypted with a key that’s only released to make it accessible when that authentication happens.
Is Microsoft taking my Recall data?
Microsoft says that the Recall data will be stored only on your PC and never processed by its servers. Since Microsoft isn’t so much as ever seeing or receiving this data, your Recall snapshots won’t be used for targeting ads to you, training AI models, or any other purpose along those lines.
Couldn’t someone steal my laptop and look at my snapshots?
Modern Windows PCs have encrypted storage, like other modern devices. Someone who stole your PC would need to be able to sign in as you to see your data.
Recall is only going to be available on Copilot+ PCs, and Microsoft has set a higher baseline of security for these PCs: They must be Secured-core PCs, for example, and they will include a Microsoft Pluton security processor. In other words, they will ship with encrypted secure storage backed by hardware security features.
The reality is that if someone stole a PC from an office worker or a home PC user and managed to sign into it, they’d already have access to a lot of private data. This would include financial documents stored on the PC itself, sensitive business information, email accounts the computer was signed into, and so on.
Recall will definitely generate extra data that can be accessed if a criminal breaks into a PC. But, on the whole, it’s less risky to be using Recall on a securely encrypted Copilot+ PC than to walk around with a Windows 10 laptop that doesn’t use BitLocker or another encryption method.
Can other people on my PC see the snapshots?
The Recall data is stored separately for each user account on a PC. That means even if you share a PC with other people, they won’t be able to look through your Recall snapshots — not unless they can sign into the computer with your user account and credentials.
Will Recall store financial account numbers and passwords?
Microsoft originally said that “Recall does not perform content moderation.” If a password or financial account number is visible on your screen, Recall would save it.
But Microsoft changed its mind. Recall will now filter sensitive information like passwords, credit card details, and social security numbers by default. However, you have the choice here: You can head to Settings > Privacy & security > Recall & snapshots and turn off the “Filter sensitive information” option if you want to see this information in your snapshots.
Either way, Recall won’t capture most passwords you type, since most websites “cloak” password entry dialogs by displaying them as ****. And you can choose to filter out specific websites (like financial websites), use private browsing, or even filter out entire applications to have Recall ignore them. Also, you can delete Recall snapshots at any time.
Any such data won’t appear in your Recall snapshots by default. If you choose not to filter it, it’s critical to remember that only someone who has physical access to your PC — and who can sign into your user account — can access this information. And someone with physical access to your PC can do much worse, including installing malware.
Microsoft
But couldn’t someone else with access to my PC snoop on it?
To snoop through your snapshots for your private information, people would need both physical access to your PC and to be signed in as you. And, with Microsoft’s changes to Recall, they’d also need to authenticate as you with Windows Hello. Even if you stepped away from your PC and left it signed in, they couldn’t get access to your Recall data without biometric identification or a PIN.
To be fair, even the possibility of that happening does raise concerns. An abusive partner or family member could dig through the snapshots to find private information, for example — if Recall snapshots were enabled and they knew the Windows Hello PIN or were granted access.
However, this was always a risk. That same person could use their access to install a keylogger and remote-monitoring software to snoop on their partner’s PC usage, with or without Recall. Someone you give momentary access to your PC could pull up your email or search for sensitive financial documents. The Recall feature introduces a new way for people to find sensitive information if they already have access to a PC — but, again, they could do a lot of damage even without Recall in the mix.
How concerned should I be about Recall?
It’s clear why Recall is concerning: It marks a change in the way our computers remember and store information. And it seems like an obvious privacy problem if people with access to our PCs can use “AI-style” plain language search to dig through our saved PC history.
In other ways, it’s not a change: It’s a disabled-by-default feature you can choose to use. Even if you do use it, all the data is stored on your PC, so it’s arguably more private than many of the cloud-connected services we use every day.
Critically, Recall doesn’t send any of this data over the internet. There are already many other details we’re giving to Microsoft and other corporations. If you’re worried about the information those companies are receiving about you, Recall isn’t the problem — but there are a lot of other Windows and web features that might be.
Recall could be a big productivity boost for a lot of workers, helping them dig through all the information they’ve seen on their work PCs. If you also use Discord to chat while working, you could filter out Discord and ensure Recall doesn’t capture anything you say in there while it takes snapshots of all the Word documents, Excel spreadsheets, and Outlook emails you go through all day. And, as we’ve been saying, Recall offers a lot of control in general. If you don’t want Recall to capture a browsing session, you can use Private Browsing mode.
Even veteran Windows journalist Paul Thurrott, who is often critical of Microsoft’s privacy practices, has argued that Recall is not a privacy concern. It’s not uploading anything to Microsoft, as he notes — it’s just storing the data on your PC.
But aren’t there still privacy concerns?
While I can see the benefits of Recall — especially for productivity workers who go through a lot of information on their PCs and could save time if they had a faster way to find it — there are some elements of Recall that should give everyone pause. PCs have never captured and stored this kind of information in this way before. It’s a bit of a shock.
Still, Microsoft has made a lot of good changes after the criticism. Disabling Recall by default on business PCs, filtering private information out of snapshots, and requiring Windows Hello authentication to access snapshots are all smart shifts.
But people do have at least some reason to worry about Recall. An attacker with access to a PC could just enable Recall rather than install a keylogger, and then grab private information from the Recall snapshots. That kind of attack could be a little more subtle and difficult to spot than a full install-a-keylogger attack, too. It’s a good thing that this feature will be disabled by default on business PCs.
The most important answers lie ahead
More than anything, we’ll have to see how the risks shake out in the real world. When I first broached this subject, I suggested Microsoft do more filtering of private information and make efforts to protect Recall snapshots from people with access to a PC. Microsoft made those changes.
Perhaps Recall will make everyone realize the risk of giving other people access to their PCs — something that was always a risk when sensitive documents, emails, and browser histories are just a few clicks away.
Of course, Microsoft’s big Copilot+ PC push is about more than AI. The PC industry now finally has thin-and-light laptops with incredibly long battery life to compete with MacBooks. That’s huge.
Even if you disable Recall and turn off every AI-based feature on those new Copilot+ PCs, they’re a big battery life upgrade over your current laptop.
Interested in learning more? Watch this column and sign up for my free Windows Intelligence newsletter to keep up with all the latest intel. You’ll also get three new things to try every Friday and free copies of Paul Thurrott’s Windows Field Guides as a special welcome bonus.