Microsoft says Recall feature for Copilot+ PCs will be off by default

Microsoft said an artificial intelligence feature on new PCs that captures screenshots and enables searching of user activity will be off by default after security researchers determined that attackers could access the underlying data.

The Recall feature was one of the main capabilities Microsoft showed during a press briefing last month for forthcoming Copilot+ PCs with AI computing power onboard.

“If you don’t proactively choose to turn it on, it will be off by default,” Pavan Davuluri, Microsoft’s head of Windows and Surface devices, wrote in a blog post Friday.

Microsoft has been trying to balance competing interests of late as it moves to incorporate new generative AI tools into its products and to keep up with the competition. While the market is evolving rapidly, user privacy and security are under a microscope. A U.S. government review board recently criticized Microsoft’s handling of China’s breach of U.S. government officials’ email accounts.

Microsoft has already added the Copilot conversational chatbot into Windows in a way that resembles OpenAI’s popular ChatGPT. Both ChatGPT and Copilot rely on servers in the cloud to perform necessary computations and then send back responses to PCs. Recall is different in that it keeps data on users’ computers and doesn’t need to access supplemental computing power over the internet.

Satya Nadella, Microsoft’s CEO, directed employees to put security first and announced changes to its security practices following the U.S. government report.

After Microsoft announced Recall, which can search through a log of previous actions on PCs, industry experts began questioning the potential for hackers to retrieve users’ information.

Security practitioners released software called Total Recall that displays data Recall collects.

“Windows Recall stores everything locally in an unencrypted SQLite database, and the screenshots are simply saved in a folder on your PC,” they wrote in a description of Total Recall on GitHub. They expressed concern about attackers developing tools that can look for usernames and passwords contained in Recall screenshots.

Microsoft is adding security protections to Recall in addition to requiring people to manually turn it on once Copilot+ PCs become available on June 18. The search index database will be encrypted, Microsoft said.

“Windows Hello enrollment is required to enable Recall,” Davuluri wrote. “In addition, proof of presence is also required to view your timeline and search in Recall.”

With Windows Hello, users prove their identity by entering a PIN number, showing their face to the PC camera or providing a fingerprint.

“I think overall having a choice around opting in on home systems will save a lot of people security problems further down the line,” Kevin Beaumont, a former Microsoft cybersecurity analyst who criticized the original implementation of Recall, said in a Friday post on X. “It never should have been enabled by default.”