Windows Recovery Is Back (but Is It Worth Using?)
The Windows Recall program, originally launched by Microsoft last July , was quickly canceled in response to a barrage of security and privacy complaints. Now it’s back, with some changes to make it more enjoyable for users, but there remain many concerns about what happens when it’s enabled.
If you’re new to this story, Recall is an AI-powered feature that acts as memory for your computer. It regularly takes and analyzes screenshots of everything you do. This is handy if you want to go back to a document or message you vaguely remember three weeks ago, while at the same time sounding the alarm that all your past Windows activities are stored on your system.
Late last year, I tested an early version of Windows Recall and found it to be really useful at times – for those willing to put up with security and privacy concerns. At the time, it was still in its incomplete form, missing some basic features, such as the ability to filter photos by application.
To get Recall today, you’ll need a Copilot+ computer with all the AI processing power you need: If you have a compatible computer running the latest version of Windows, you’ll find the Recall app in your Start menu. It is not enabled by default; opt-in for the feature is one of the changes Microsoft has made following the wave of criticism leveled at Recall when it was first introduced.
Microsoft has made other changes as well. Data stored in Recall is now more securely encrypted; Windows Hello authentication is required every time you want to access it; and sensitive information such as passwords, credit card numbers and official IDs are filtered out, although how effectively this works remains to be seen.
Are these changes enough to restore confidence in Windows Recall? Of course, it’s now much harder for anyone to access the screenshots stored in Recall, but questions remain about how well they’re protected—not just on your computer, but on the computers of everyone you might be communicating with.
Let us remind you that there are still problems
Security researcher Kevin Beaumont has been digging into the latest version of Recall, and there are still some troubling issues here. First, someone else could access your computer and make a call using your computer’s PIN if they can guess it or trick you into revealing it: While biometric authentication is required to set up a return, you can fall back to using the PIN whenever you need to view or search screenshots.
It’s not much different from hacking your phone using your PIN code, and you can be sure that no one else will even get your hands on your set of numbers. However, if they do, Recall will give those unauthorized visitors instant access to everything you’ve ever done on your computer since you set up this feature.
Second, Beaumont found that sensitive data filtering works poorly (something I also noticed in my own testing): You can’t fully rely on it to erase your credit cards or your medical history. This isn’t such a big deal if you’re the only one viewing this information, but it’s difficult to guarantee.
There’s another issue here, highlighted by Ars Technica : if someone you know turns on the Recall feature and syncs the photos and chats you’ve sent them to their computer, all that information is then captured and sorted on their computer (like Signal for Windows ). Your data is more likely to be exposed, and you didn’t even have anything to do with it.
It seems that insisting on biometric authentication every time Recall is accessed is an obvious solution that Microsoft could apply here – making it much more difficult for someone else to access your data, whether on your computer or the computer of someone you know. However, it still doesn’t seem right that your emails, photos or chats can be collected in someone else’s Recall library.
More robust filtering tools would certainly help as well. Windows Recall already allows you to prevent screenshots from being taken of certain sites and apps, but it’s a rather clunky system and we’d like to improve the automatic censorship. Meanwhile, not only do you need to decide whether you’re going to enable Recall, you also need to contact family and friends to see what they’re doing.