No.
That’s a sampling of some of the hysteria surrounding the new Recall feature announced by Microsoft. Recall is an AI-assisted feature that helps you find things on your computer, using natural-language searches. The kerfuffle is about one aspect of how it works: it will apparently capture periodic screenshots of what you are doing as you’re using your computer, saving those so you can search your own past activity. Hence the name: “Recall”.
It’s certainly brought out the Microsoft haters in droves.
Let’s look at what’s been said, who’s affected, and why this hysteria might be somewhat hypocritical.
Become a Patron of Ask Leo! and go ad-free!
Microsoft's Recall Feature
The hysteria over Microsoft’s Recall feature is unwarranted. It only affects users with Copilot+ PCs, is entirely opt-in, and can be removed. Windows already sees your data, so if you don’t trust Recall, perhaps you should question whether you trust Windows at all.
It’s not on your machine and likely won’t be
Recall only operates on Copilot+ PCs.
That’s a quote from a lengthy Microsoft write-up on what Recall is and how it operates: Update on Recall security and privacy architecture.
Unless you have a Copilot+ PC, Recall is a complete non-issue for you. You have nothing to worry about.
There may be software on your machine that references Recall, but that doesn’t mean you have it. It’s common to refer to features that aren’t present or aren’t enabled so as to streamline the software for when they are.
This is only an issue if you purchase a new Copilot+ PC.
It’s opt-in
From the same Microsoft blog:
Recall is an opt-in experience. During the set-up experience for Copilot+ PCs, users are given a clear option whether to opt-in to saving snapshots using Recall. If a user doesn’t proactively choose to turn it on, it will be off, and snapshots will not be taken or saved. Users can also remove Recall entirely by using the optional features settings in Windows.
Microsoft marketing stumbled when the feature was first announced and indicated it was always on. This is not the case. You have to agree to it before it’ll do anything. And you can uninstall it if you’re so inclined.
Unless you turn it on, Recall does nothing.
Recall’s security and privacy
The Microsoft post goes on to discuss many of the security and privacy steps Microsoft takes when Recall is turned on. This leads to even more restrictions on when it can be used.
The encryption keys are protected via the Trusted Platform Module (TPM), tied to a user’s Windows Hello Enhanced Sign-in Security identity, and can only be used by operations within a secure environment called a Virtualization-based Security Enclave (VBS Enclave1). This means that other users cannot access these keys and thus cannot decrypt this information.
Put another way, you’ll need:
- BitLocker (Windows 11 Pro) or Device Encryption (Windows 11 Home)
- TPM (Trusted Platform Module) 2.0
- Windows Hello
- Hyper-V (used by VBS Enclave)
But wait. If you don’t trust Microsoft…
This is going to sound snarkier than I mean it, but if you don’t trust Microsoft’s implementation of Recall, why are you running Windows?
I’m not saying you should trust blindly or that scrutiny isn’t called for, but there’s an odd dichotomy here:
- I don’t trust Microsoft with my data in Recall (or OneDrive)…
- But it’s the same data that Microsoft already has access to on my machine.
There’s nothing Microsoft can do in Recall or using OneDrive that they can’t already do by virtue of controlling Windows itself. They don’t need either Recall or OneDrive to “see” your data, since Windows “sees” it constantly as you use your PC.
Again, I’m not trying to be snarky here, but I want to point out that by using Windows, you’re already implicitly trusting Microsoft. Recall and/or OneDrive don’t add much more exposure to the mix.
Do this
Until or unless you get a Copilot+ PC, you can stop worrying about Recall. It doesn’t apply to you. When you do, you can choose whether to use it or not.
In the meantime, be aware of how much data you’re already exposing to Microsoft. If that’s a problem, it might be time to make another choice.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Related Video
Footnotes & References
1: From another Microsoft post: “VBS utilizes the Hyper-V hypervisor to create an environment that is higher privileged than the rest of the system kernel.” Put another way, it’s leveraging virtual machine technology for increased security.
I don’t know what a Copilot+ PC is. I imagine it’s another device made my Microsoft, like Surface. If so, I guess I’m not affected.
Remember when OneDrive was completely optional and users had to explicitly set it up? Yep, that’s how OneDrive was in the beginning. These days, it seems Microsoft is doing everything they can to trick users into setting up OneDrive to store all their data. If I was potentially affected, I would watch very carefully over the coming years for Recall to do the same thing as OneDrive.
The competiton for online engagement and sales between MS, Google, Apple and other smaller competitors is so strong, they are all getting overly agressive. Microsoft is the worst because the have full control of your computer and can do whatever they want.
Do you really, truly trust Microsoft Leo?
And if you don’t, why do you let them have access to your data via Onedrive?
Can Microsoft really control YOUR installed copies of Windows?
1) As much as I trust anyone.
2) I do use OneDrive.
3) CAN they? Of course they can. They have complete control of the operating system. DO THEY? I do not believe so.
How do I check to see Recall is turned on on my Windows 11 PC and if it is, how do I turn it off?
Thank you.
Read the article, it’s explained. That isn’t a Windows 11 feature. It only comes with a Copilot+ PC. If you haven’t purchased Copilot+ PC, you don’t have it. If you do have a Copilot+ PC, it’s turned off by default and to use it, you have to manually turn it on.
(I got that information from reading the article.)
Get Better, Faster Answers by Reading What’s in Front of You
Do you have a CoPilot+ PC? Then there’s nothing to turn off.
“And you can uninstall it if you’re so inclined.”
I hope it’s as east to Uninstall as Onedrive.
Oh, wait…
I tecently had to get a new Win 11 PC. How do I know whether it is (or check to be sure that it isn’t) a “CoPilot+ Pc”…?
I should add that it came pretty much already set up…
Spot on Leo. Another mountain out of a molehill, largely driven by sensationalistic journalism.
Just a minor correction in your explanation of how Recall works. As far as I am aware, Recall captures periodic “snapshots” not “screenshots”.
Leo, I know you probably have a soft spot in your heart for Microsoft, but stop giving them a pass on every invasive, gratuitous and harebrained “feature”. From one perspective, I would agree that there is no reason to be paranoid because you can’t do anything about it anyway, so let Microsoft rip. But think ahead. Learn from past experience and Microsoft’s history. Appreciate that not everyone is as vitreous and moral as you are. People and companies lie, mislead and will do anything for money and control. I hope the previous statement doesn’t come as a shock to you – I say this because it disappointed me when you vouched for Recall’s innocuous and benign nature by effectively saying “because Microsoft said so”.
Companies have a long time horizon, which they use to train and inculcate customers. You have already acclimated to saying “I’m not that interesting”, which we read as: so let them take whatever they want.
Then, there are the bad guys out there. They are very, very smart. They have proven to be smarter than all of Microsoft engineers, repeatedly. Anything Microsoft can create and claim to be “secure”, the bad guys can break and bypass. After all, your Web career (this site) is based on warning people with Microsoft products to be careful, because being online can be dangerous. The bad guys will not miss an opportunity and they will harvest any information that Microsoft conveniently gathers and makes available. And there isn’t a damn thing Microsoft can do about it.
I would hate to have to come back here some day and say “I told you so”. Anyway, you’re correct in saying there is no need to be hysterical. But, we’re entitled to be p’ed off.
Read the article. You have to buy a CoPilot+ PC and enable Recall which is off by default. It doesn’t make any sense to be p’ed off about a feature that doesn’t affect you. Microsoft has done a lot of underhanded things. This, so far, hasn’t been one of them.
As for a soft spot for Microsoft, Leo has criticized them for their heavy-handedness shoving their unwanted tool down our throats to get ad revenue.
“Microsoft is pushing their tools so hard they’re ignoring our preferences…
There’s a good chance that this “ignoring our preferences” thing is going to get worse.” That doesn’t sound to me like going soft on Microsoft. Leo’s approach to Microsoft is to make the best with what you have.
How Do I Get Rid of Edge in Windows 11? If only it were that simple.
And he’s criticized their sloppy update process.
Microsoft, We Deserve Better
Leo, towards the end, you mentioned “They don’t need either Recall or OneDrive to “see” your data, since Windows “sees” it constantly as you use your PC.”
What if a user does not have a Microsoft Account, but uses a Local Account only.
Can Microsoft still “see” everything that’s done on that computer?
And what if that computer is disconnected from the internet entirely?
If you don’t use a Microsoft account, there’s much less information that Microsoft has access to, but theoretically, they still have access to everything. In either case, I doubt that Microsoft is accessing any of that information as if discovered, they would be open to lawsuits enough to bankrupt them. But anything is possible if Microsort were to ignore the privacy settings.
If you never access the Internet with that computer, Microsoft wouldn’t have access.
Reply to Mark Jacobs about “Read the article”. There was more to what I wrote than the very last sentence. Microsoft has already tried the “underhanded” approach, but since it met with some resistance Microsoft created the Copilot PC distraction.
Since I failed to state my case explicitly, I’ll try again: Recall is coming soon to a Windows version on your computer. You have already been indoctrinated to accept it when it comes. And when scammers vandalize your screen shots, you will tell use to download the latest Windows security update because that will save us.
Sorry, but that story is becoming old and monotonous.
Recall is NOT coming soon to a Windows version on your computer.
Unless you buy a Copilot+ computer and explicitly enable Recall on a Copilot + machine, you don’t have Recall. Do I fully trust Microsoft? No! I am counting on Microsoft not risking being sued out of existence for stealing data. The EU has strict privacy laws and keeps a close eye on companies like Microsoft, Google, and Apple. And dude, we don’t have a soft spot in our hearts for Microsoft. Part of our mission is to help people navigate through Microsoft’s BS.
You have to read the fine print when you enable a service to see which rights you are signing away. Almost nobody reads the TOS, but bloggers and journalists like Ask Leo! help by reading the TOS for you.