What do you want to know
- Microsoft plans to roll out a new AI feature called “Windows Recall” to new Windows 11 Copilot+ PCs this month.
- The feature remembers everything you’ve done on your computer and lets you find items using semantic search.
- Recall stores everything locally on the device, but it appears that the data is not encrypted when the user is logged into the computer.
Microsoft has faced a lot of backlash regarding its new Windows Recall AI feature since its unveiling on May 20. The AI tool, which will ship to new Windows 11 Copilot+ PCs later this month, is designed to capture everything you do on your computer. computer and use AI to index that content into semantically searchable snapshots.
When the feature was revealed, Microsoft promised security. The data collected by Recall is stored on the device, “encrypted” using Bitlocker, and is never sent to Microsoft or advertisers. Users are free to turn off the reminder or, if they choose to use it, delete all snapshots at any time.
However, it seems that all is not as it seems. While it’s true that Windows Recall doesn’t send any data to the cloud, the data it stores locally on your machine isn’t very well secured. Security researcher Kevin Beaumount documented his findings on Windows Recall and revealed that the tool stores its data in an SQLite plain text database.
This means that the data is readable and not encrypted when the user is connected to their computer. The only time data is encrypted is when the PC is not connected. So while this protects against someone accessing your data on a stolen laptop, it doesn’t prevent potential malware designed to grab data from Recall while the user is logged in.
Microsoft has done the bare minimum to protect this data. It is stored in a system directory which requires administrator and system level rights to access and modify it. However, these protections are easily bypassed and an attacker could easily write software to override these permissions if they wanted.
Windows Central had contacted Microsoft for comment on these findings regarding Windows Recall, but the company did not respond in time for publication.
Aside from these security issues, Windows Recall appears to work exactly as promised. I’ve been using this feature for the past few days and it works really impressive. It’s able to find images and text with vague search phrases, and I was impressed with its ability to do so.
Unfortunately, for users to truly trust this tool, Microsoft will need to do the work necessary to secure the data it collects locally on your PC. Although it is unlikely that you will ever encounter malware designed to recover Windows Recall data, it is not impossible and so it is best to encrypt this data for added peace of mind.
That said, I find the outrage over this discovery somewhat exaggerated. Not all of your files are encrypted when you use your PC, but most people don’t constantly worry about malware potentially deleting their personal documents, images, downloads, videos, and synced cloud folders.
While the fact that Microsoft has built into Windows a tool that puts everything you do into a convenient directory for attackers to exploit isn’t great, it’s important to remember that Windows Recall is entirely optional . You do not have to use it if you do not want to, and if you choose not to, the service will not work. If you’re worried about it potentially being activated secretly in the background, Microsoft has built in security measures to prevent this. If Recall captures data, a permanent visual indicator will be placed on the taskbar to let you know.
Additionally, the feature is only available on new Copilot+ PCs. It won’t be available on existing Windows 11 installations, which could be reason enough for many not to upgrade their devices anytime soon.
Hopefully, Microsoft can update Windows Recall to encrypt the data it collects in the future.