Blog

Microsoft’s Windows 11 Copilot+ PCs come with quite a few new features driven by artificial intelligence and machine learning, but the marquee is Recall. Described by Microsoft as a comprehensive record of everything you do on your PC, the feature is introduced as a way to help users remember where they’ve been and to provide Windows with additional contextual information that can help it better understand requests from and meet the needs of individual users.

This, as many users in the social media community immediately pointed out, sounds like a potential security nightmare. That’s doubly true because Microsoft says that by default, Recall screenshots don’t bother to redact sensitive information, from usernames and passwords to health information to NSFW site visits. By default, on a computer with 256 GB of storage space, Recall can store several tens of gigabytes of data for three months of computer use, a huge amount of personal data.

The line between “potential security nightmare” and “actual security nightmare” is at least partly about implementation, and Microsoft is saying things that are at least superficially reassuring. Copilot+ computers must have a fast neural processor (NPU) so that processing can be done locally instead of sending data to the cloud; local snapshots are protected at rest by Windows disk encryption technologies, which are usually turned on by default if you’re signed in to a Microsoft account; neither Microsoft nor other users of the computer should have access to the recall snapshots of a particular user; and users can exclude apps or (in most browsers) individual websites to exclude from Recall snapshots.

This all sounds good in theory, but some users are starting to use Recall now that the Windows 11 24H2 update is available in preview form and the actual deployment has serious problems.

“Fundamentally breaks the promise of security in Windows”

Security researcher Kevin Beaumont, first in a Mastodon thread and later in a more detailed blog post , wrote about some of the potential deployment issues after enabling Recall on an unsupported system (which is currently the only way to try Recall, as such as Copilot+ PCs, which official support for the feature won’t be delivered until later this month). We also tested this early version of Recall on Windows Dev Kit 2023, which we’ve used for all of our recent Windows-on-Arm testing, and independently verified Beaumont’s claims about how easy it is to find and view raw recall data after by having access to the user’s computer.

To test Recall for yourself, Windows developer and enthusiast Albacore has published a tool called AmperageKit that will enable it on Arm-based Windows PCs running Windows 11 24H2 build 26100.712 (the build is currently available on the Windows Insider preview channel Release Preview). Other versions of Windows 11 24H2 are missing the core code needed to enable Recall.

The short version is this: In its current form, Recall takes screenshots and uses OCR to grab the information on your screen; it then writes the contents of windows plus records of various user interactions to a locally stored SQLite database to track your activity. Data is stored on a per-app basis, presumably to facilitate the operation of Microsoft’s app exclusion feature. Beaumont says “several days” of data amounts to a database of about 90 KB. In our usage, the screenshots taken by Recall on a computer with a 2560 × 1440 screen are 500 KB or 600 KB each (Recall saves screenshots at your computer’s native resolution, minus the taskbar area).

Recall works locally thanks to Azure AI code running on your device, and it works without an internet connection and without a Microsoft account. Data is encrypted at rest, sort of, at least to the extent that your entire drive is usually encrypted when your computer is either signed in to a Microsoft account or has Bitlocker enabled. But in its current form, Beaumont says Recall has “loopholes you can fly an airplane through,” making it trivially easy to pick up and scan through a user’s Recall database if (1) you have local access to the machine and you can log into any account (not just the account of the user whose database you’re trying to view), or (2) you’re using a computer infected with some kind of information-stealing virus that can quickly transfer the SQLite database to another system.