Do you trust Microsoft with a feature like Windows Recall?

News
By
published

Windows Recall is one of the most controversial features Microsoft has announced in years.

Recall interface
(Image credit: Windows Central)

Copilot+ PCs are set to start shipping in a couple weeks. Those systems have Neural Processing Units (NPUs) that power a plethora of AI features. Among those new features is Windows Recall, a powerful tool that can search through your computing history to help you pick up where you left off. Microsoft advertises Windows Recall as a major addition to Windows 11 but the feature has proven controversial.

Windows Recall takes a snapshot of your system every few seconds to create a database that can be searched using AI. That AI processing all happens locally, meaning none of your data goes to the cloud. Microsoft also promises that none of the data saved for Windows Recall is used to train AI models.

Despite these security measures in place, many have privacy and security concerns about Windows Recall. While the feature is powerful, it creates a searchable database of an incredibly detailed set of information. Recall does not moderate what it takes snapshots of, so if you enter payment details or other sensitive data, it could appear in Windows Recall.

Additionally, security researcher Kevin Beaumont discovered that Windows Recall only encrypts your data when your device is logged off. If your PC is logged on, data from Windows Recall sits in an SQLite plaintext database that's easy to access. Of course, anyone with access to a device that's logged on could extract sensitive information from your PC, but Windows Recall essentially serves the data on a platter.

Read more

- "Microsoft should recall Windows Recall"
- How to disable Windows Recall
- Windows Recall clones are popping up
- Hands-on with Windows Recall
- How Microsoft keeps Windows Recall data safe

The poll above admittedly presents a layered question. Some may trust the concept of Windows Recall but not trust Microsoft with that feature. Others may not trust Microsoft regardless of what the tech giant works on. Another group of people may be okay with Microsoft and Windows Recall. But the topic of the day is Windows Recall specifically, and that includes the fact that it's made by Microsoft.

Our Senior Editor Zac Bowden posed the same question on X (formerly Twitter). I wanted to give people without an X account a chance to weigh in.

I've seen reactions online ranging from people thinking Microsoft will enable the feature without your permission to complete trust that Recall is and presents no security risks. Personally, I think the truth lies somewhere in the middle. I don't think Microsoft will enable Recall without consent, but I do think people will accidentally enable the feature when they set up their PC. I've seen people claim Microsoft enabled OneDrive syncing without permission only to later realize they had enabled the feature during the Windows out of box experience (OOBE).

When it comes to security, the weakest link in the chain is generally a person, not technology. Companies need to take steps to secure data and devices when human error occurs. For example, Microsoft could require Windows Hello authentication to access Windows Recall data. This could help secure data even if malware was installed onto a PC or someone gained physical access to a device that was logged in.

You can't make any feature "idiot proof," but you can add basic security features that add layers of protection against attacks.

What do you think about Microsoft and Windows Recall? Let us know in the poll above and share your thoughts in the comments below!

Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com.

11 Comments Comment from the forums
  • notforhire
    can't imagine trusting any massive bureaucracy with anything. we simply take our chances.
    Reply
  • mjk0963
    Windows Central said:
    Windows Recall is a powerful new feature that uses AI to search what you've done on your PC. Many question the security of such a feature. We would like to know your thoughts.

    Do you trust Microsoft with a feature like Windows Recall? : Read more
    Summary: I think Recall is a bad feature, I won't use it. I don't think it's Microsoft that we need to worry about.

    Recall is local only, do I trust Microsoft will keep it local and not read, yes I do. Do I think that Recall is a good idea, no I don't. I will turn it off. Why, because I don't want any assumptions made based on what I may have looked at in passing. It's the police or some state actor that gets legal access to machine. Or even someone in the house. But I seriously doubt Microsoft is the entity you need to worry about.

    For the record, I would NEVER trust any corporate entity to hold that data or be guardians of that data. I just don't see how that is the case with Recall.

    I didn't answer the poll because IMO it misses the issue.
    Reply
  • JamesDax3
    All of this is much ado about nothing in my opinion.
    Reply
  • K Shan
    Honestly for me it's not a matter of trust with Microsoft as it's stored locally. It's more how easy MS makes to ask Copilot and how quickly someone could ask "What's the 10 most embarrassing/dumb things I've done" or something like that.
    Reply
  • The Werewolf
    For me it's a multitude of issues.

    1. At some level, I don't need it. It's the wrong solution to the problem - the right one is being a little more organised.. and asking yourself "How often do I really do this?" I have 8TB of archives of old work projects that I literally never look at... all kept for that "just in case" moment.

    2. Storage requirements - this eats up 1/4 of my drive. I have better use for this space.

    3. Hardware requirements - have we forgotten that a lot of computers can't even run Win 11? This adds yet another new hardware requirement. Also, not pleased that MSFT also chose this as the reason to try and push ARM on everyone when ironically Intel JUST added NPUs (and AMD is about to). Worse yet, apparently they didn't let Intel in on the secret that to be a Copilot+ PC, you need a 40TOPs NPU - so all of use who bought Ultra Gen 1 CPUs just got screwed.

    4. Security. Yes, I know it's not supposed to use the web - but that's thinking one dimensionally. It's building essentially the file equivalent of a browser history. You don't think that's a prime target for hackers and malware?

    5. Stop emulating Apple's bad ideas! Or at least emulate their good ones. This is Apple's Time Machine, just done badly.

    6. Accuracy. Most analyses I've read on gen AI accuracy suggests it can be as low as 53%. My own experience tends to mirror that. Windows Search is already amazingly bad and resource hungry - this requires an actual extra processor to work.

    Seriously, I would rather MSFT had put the effort into getting Win 11 finished and filling in all the missing features and weird UI/UX decisions - many of which they'd already tried before and failed - rather than gluing in yet another massive, disruptive lump of something no one asked for.
    Reply
  • bazanime
    Yes I do, as I've done for years.
    Reply
  • TheFerrango
    While I see the usefulness of having a searchable history of what I've done on my PC (I use something similar for tracking what I do at work because I then need to report time spent per project), the answer is no, I don't trust Microsoft with any of this.
    They've clearly shown they're not trustworthy enough to either respect our choice if we don't want it (as they did with default apps and functions getting reenabled with updates) nor our purchase, by cheapening the experience providing 'tips' (ads) all throught the operating system.

    This will shortly expand to allow for "selected aggregate data" to be sent to Microsoft for analysis, that will further devolve into non-refutable data collection.

    Yes, everyone is minig your data on the web, that's not a good reason for Microsoft to potentially do the same on my desktop.
    Reply
  • Nobody_Special
    No, even if I did, why would I want it?

    What problem is this solving?

    Why do I want to waste processing power, energy, and hard drive space for screen recordings?
    Reply
  • Nobody_Special
    Nobody_Special said:
    No, even if I did, why would I want it?

    What problem is this solving?

    Why do I want to waste processing power, energy, and hard drive space for screen recordings?
    Looks like I was right to not trust it.

    https://futurism.com/the-byte/windows-recall-hacked
    Reply
  • TechFreak1
    Nope. Microsoft has simply backtracked on countless promises in the past. Chiefly being Satya Nadella saying if none builds Windows Phones they will. It's been down hill since the mobile division, programmatic testers and QA divisions/teams got axed.

    By axing their mobile devices they axed any ability and opportunity they had to rebuild trust with consumers. After the testers and QA folks got axed, Windows Update got so bad... hardly anyone trusts it any more especially those who work in IT support. Before I left my previous job, the folks in IT would constantly grumble how often they'd had to test compatibility only to roll out an update and find it's broken something. The fix being an obscure tick box somewhere that is nowhere close to the description of the issue.

    In regards to Android being secure as ios... lol... it's not as Android has had major vulnerabilities in the past. Mostly down to fragmentation of the O/S and lack of updates on older devices. Apple has the benefit of being the sole OEM of their devices. Google if they wanted to could patch the older devices but they won't because it costs money.

    Going back to Microsoft, as If said before time and time again Microsoft's short sightedness was going to cost them in the long term. It's come back to bite them in the rear end tenfold, I sure hope the short spike in shareprices was worth it. Because at this rate, even that is going to go down and the bean counters will have hell of alot of tough questions to answer. One chiefly being laying off their AI Ethics and Society team ... that sure has built trust along with their shareprice... right? 🤦‍♂️

    https://arstechnica.com/tech-policy/2023/03/amid-bing-chat-controversy-microsoft-cut-an-ai-ethics-team-report-says/
    Reply