The unfounded fears about Microsoft Windows Recall

On Monday, May 20, 2024, Microsoft introduced the world to a new feature of Windows called Windows Recall.

Similar to Apple’s MacOS Time Machine, Recall is a continuous system “timeshot” software that uses device-based AI SLMs to help you recall your computing life.

And because it is a Microsoft product, all hell broke loose, with vested interests focusing on a single aspect of the product in order to denigrate the innovative feature.

Basically, Microsoft’s disclaimer with regards to the safety of the screenshooting of passwords and other PIIs.

The image below is from Microsoft’s Copilot FAQ

Upset as well by the seemingly glaring hole in the product, I decided to learn more about it.

This is what Microsoft Windows Recall is, and does:

  1. Microsoft Recall is user-activated.

  2. All SLMs run locally, and all content will be stored locally.

  3. Recall is encrypted to the specific user account on that specific computer. locking your PC user account protects that specific user's account on that specific PC. However, all persons with that user's login credentials will be able to access Recall information.

  4. Recall screenshotting is content-selectable for both apps AND websites.

  5. Recall will not record and store private browsing in Microsoft Edge. However, I don't believe this restriction carries over to other Chromium browsers. That said, I expect browser developers to use Copilot Runtime to enable restrictions for their browsers.

  6. Recall asks for an initial 50 GB on systems with over 256 GB of available storage. You can also set storage limits based on your preference.

  7. You can put Recall on timeout, if you want to pause recording, without having to switch it off.

  8. Recall is only available with new, Copilot PCs.

  9. This is the kicker here: while Recall will snapshot your browsing activity, it DOES NOT granularly restrict what it sees on a per website basis. Meaning, if you are going to be entering confidential data such as PIIs into a dialog box, you might want to pause Recall. In the words of Microsoft, Recall does not “moderate content", and will snapshot everything. Content moderation is the domain of the user. Wield your power.

According to Microsoft, this is how Recall information is stored.

This tempest in a teapot if quite unfounded and is a result of misinformation and disinformation about what Microsoft Recall is.

I actually had a negative kneejerk reaction when someone posted Microsoft's Recall disclaimer, a situation I am embarrassed by. Mainly because I was quite pleased with the promise of Recall, and that revelation rained on my parade, so to speak.

Further readings and a re-watching of the announcement videos, and of Microsoft Build, have led me to my current comfort with Recall.

Coupled with my trust in Microsoft's integrity and transparency around this product, I believe the trepidation on the part of some of the public is unwarranted.