Windows Recall is back, and this time, it’s supposed to be better! The feature regularly takes screenshots and analyzes them using AI, all done locally on your computer. Microsoft now promises more privacy with encryption, filters, and an opt-in system instead of opt-out. We tested the preview version to see if it’s really secure and if Recall lives up to its promises.
Recall is a feature that takes screenshots every few seconds whenever something significant changes on the screen. While any PC can do this, Copilot+ computers stand out because they have a Neural Processing Unit (NPU) that efficiently analyzes each screenshot. It checks for objects like umbrellas or chess games and extracts any text using OCR, all done locally without affecting performance. This means you can search for specific content, like a forgotten fact, weeks later using Recall.
We tested the software shortly before the release of the first Copilot+ PCs, and it was a complete privacy nightmare. Screenshots were stored unencrypted, and there was an unencrypted database with all extracted texts. This meant anyone with access could find compromising information. Due to widespread criticism, Microsoft pulled the feature, promising to improve security.
Now, five months later, we have the revamped Recall on a test machine. It’s still a preview version, available in the public Dev Channel, and not recommended for installation yet. The build we tested is 26120.2510, running on a Microsoft Surface Laptop. Recall only works on Copilot+ PCs, including Snapdragon notebooks and those powered by AMD and Intel.
Once the Dev Build is installed, Recall can start but only functions after downloading the necessary AI models. This requires BitLocker encryption, Secure Boot, and Windows Hello authentication. Recall doesn’t start recording until manually activated, which is a sensible opt-in approach. Users can customize Recall to exclude specific apps or websites and set limits on storage space or retention time for screenshots.
A noteworthy feature is the “Filter Sensitive Information” option. When enabled, Recall does not include screenshots of login windows in its archive. We tested this with several websites and password tools, and it worked reliably. However, entering login details in text or chat windows still records the information. A bug was found where disabling and re-enabling the filter caused passwords to be recorded, which seems to be a preview version issue.
Recall also does not evaluate private browser windows by default. We tested this with Firefox, Edge, Opera, and Chrome, and it worked as expected. For less common browsers, users should verify this feature themselves.
Recall now shows the software running at the time of each screenshot or search result. If a browser was used, it logs the website as well. Users can delete all screenshots from a specific website, and this applies retroactively. Users can also pause Recall recordings at any time.
Regarding data security, previous versions stored screenshots as unencrypted JPEGs and texts in an unencrypted SQLite-3 database, easily accessible to anyone with system access. The current version encrypts both the database and screenshots. Even if copied, the data is unusable without the encryption keys, which are protected by the Trusted Platform Module (TPM) and only accessible within a secure environment tied to the user authenticated with Windows Hello.
This means Recall can’t be activated externally, even by an organization’s administrator. It must be explicitly enabled by the user. Recall can also be completely disabled, which deletes all captured data.
We tested whether Recall data could be accessed via memory dumps or other methods. Only data recently accessed in Recall was found, and Microsoft has done a good job securing the data. Only the user can access the data, and only for a short time before re-authentication is required.
Recall allows users to search through screenshots, both visually and using text recognition. While the OCR and visual recognition are not entirely reliable, they offer a useful search capability. Users can interact with screenshots to copy recognized text, cut out images, and launch programs or websites directly from the screenshot.
In conclusion, Microsoft has significantly improved Recall’s security. While there are still concerns about the privacy implications of such detailed computer usage records, the data is now well-protected. Users must weigh the risks and benefits to decide if Recall is right for them. Currently, Recall is only available on Copilot+ PCs, so the decision may not be immediate for many users.
Overall, Microsoft has listened to feedback and improved Recall, making it a more secure feature. However, users should remain cautious and consider potential security risks before enabling it.