Microsoft’s revised Recall AI feature will roll out to beta testers in October

Microsoft’s Windows Recall feature, which stores a timeline of activity snapshots on your PC, has a new release date for Windows Insiders. Microsoft unveiled the feature to much fanfare in May, only to delay it indefinitely (after blowback from security researchers) a few weeks later. After taking time to recalibrate, the company said on Wednesday it will roll out Recall to beta testers using Copilot+ PCs in October.

Windows Recall stores snapshots of everything you do on your PC. Designed as a “photographic memory” for your PC activity, it lets you revisit things like products, emails, documents or chats shown on your screen. The feature’s perks are easy to see, especially for those who spend long hours on their PC (or those with foggy memories).

But if that also sounds like a privacy nightmare, security researchers thought so, too. Despite safety assurances from Microsoft during its announcement at Build 2024, cybersecurity and privacy experts sounded the alarm. The fundamental problem was that intruders wouldn’t only get goodies from your traditional file system if they accessed your PC. In addition, they could see anything you’ve done on your computer from the moment you activated Recall to the present. That’s because Microsoft — for reasons we can’t quite comprehend (other than put AI in all the things as quickly as possible) — left Recall’s data unencrypted.

As security expert Kevin Beaumont detailed, Recall didn’t hide sensitive information like passwords or banking details. Sure, your timeline was theoretically safe as long as nobody could access your PC. But if you accidentally installed malware or let an intruder in through other means, they would find a motherlode of sensitive — unencrypted — data.

Screenshots of Windows Recall, showing a PowerPoint slide (

Microsoft

In response to the blowback, Microsoft added some common-sense security features that left us wondering why they weren’t there in the first place. Again, it’s hard to decipher the company’s motives for that omission when the feature was announced — other than speculating that it wanted to prioritize a seamless user experience over tight security.

These security changes included making the feature opt-in instead of enabled by default when setting up a Copilot+ PC. In addition, Microsoft said the feature would require Windows Hello — a face or fingerprint scan — and deploy “just in time” decryption (only unlocked through Hello). That means if a hacker gains access to your computer, your screenshot timeline should remain encrypted unless you lend your face or finger to unlock it (or they somehow find a way around Hello’s encryption).

Microsoft says it will publish a new blog post when the feature is available in October through the Windows 11 Insider Program. The feature will require a CoPilot+ PC (the first of which launched in June) with a compatible chip. That chip list includes Qualcomm’s Snapdragon X Plus and Snapdragon X Elite, although Intel may have its first CoPilot+ chips out in the wild when the feature finally arrives in preview.

Leave a Comment