Reports last week saw several safety experts–including an ex-Microsoft engineer–slam Microsoft’s new ‘Recall’ feature calling it a complete “disaster” for cybersecurity. Since then, Microsoft has announced that it plans to introduce new safety protections to protect its users.
Recall (which was initially enabled on Copilot+ PCs, like the Surface Laptop 7 and Samsung Galaxy Book 4 Edge, by default) has been billed as a “photographic memory for your PC.” It captures screenshots of your computer screen, every five seconds, and uses on-device AI to transcribe text from webpages, documents, PDFs, handwritten notes, and everything else displayed on-screen so everything is “instantly searchable”.
Security experts–like ex-Microsoft engineer Kevin Beaumont–called the feature a security “disaster” because it gave hackers the opportunity to steal “everything you’ve ever typed or viewed on your own Windows PC is now possible.”
Pavan Davuluri, Corporate VP of Microsoft Windows and Devices has acknowledged the feature's security pitfalls:
"Even before making Recall available to customers, we have heard a clear signal that we can improve privacy and security safeguards."
He made it clear that Microsoft recognizes that to get the full experience from a feature like Recall, they have to trust it first. This is why they’re making the feature opt-in, instead of enabling it by default, forcing users to opt-out.
Users will have to use facial recognition or fingerprint ID to view their timeline or search results, and the entire search index database will now be encrypted to keep users' data safe.