Recall drawing regulatory scrutiny in the UK — Microsoft's AI Copilot+ feature a 'privacy nightmare'

Microsoft branding for Copilot+ PC
(Image credit: Microsoft)

Microsoft's new AI tools are drawing concern from the UK's Information Commissioner's Office (ICO), with the recently announced "Recall" feature of Copilot+ PCs being named a potential security risk. The ICO joins industry veterans and privacy campaigners in investigating the safety of Recall, a snapshot-collection feature turned "privacy nightmare".

"We are making enquiries with Microsoft to understand the safeguards in place to protect user privacy," said an ICO spokesperson. The ICO, the UK's office over data protection and user privacy, says that firms like Microsoft "must rigorously assess and mitigate risks to peoples' rights and freedoms" before offering new products or services. Dr. Kris Shrishak, adviser on privacy at the Irish Council for Civil Liberties, went a step further, saying that "[Recall] could be a privacy nightmare. The mere fact that screenshots will be taken during use of the device could have a chilling effect on people."

As we previously reported, Recall could potentially pose some serious privacy risks even if it works as advertised. The new feature is a part of Microsoft's new Copilot+ PC family of laptops, Arm-based Windows machines tuned for AI performance, and a suite of AI upgrades to leverage their new NPU power. Recall remembers what you've seen on your computer for you, taking screenshots every few seconds to curate a full log of your activity in case you forget where you've seen something. The AI comes in as you search your history, for example bringing up all images with "red shoes" in them when you search for "red shoes". 

While Microsoft claims the snapshots are entirely locally stored, this still poses a massive potential privacy risk. Anyone who can log into your computer—locally or remotely—could be privy to your Social Security numbers and uncensored passwords, sensitive chats, or other private matters. Recall can be paused, or certain applications can be excluded from Recall's snapshots, but it will be baked into the Windows operating system starting with Windows 11 24H2 on Copilot+ PCs, and can't be fully removed or disabled (perhaps it could by editing the registry, but that carries risk). 

Microsoft, for its part, claims that Recall is a safe feature. "Microsoft built privacy into Recall’s design from the ground up," says an FAQ on the Microsoft blog. Recall will not capture any DRM-protected content, and its snapshots will be doubly protected through data encryption and BitLocker, which will be automatically installed on all Windows 11 24H2 updates. But beyond not snapping DRM content (more an anti-piracy than pro-safety decision), Recall won't perform any content moderation, leaving passwords and sensitive info fully unblurred in its storage. "Recall is a key part of what makes Copilot+ PCs special", after all, so Microsoft will do its utmost to keep it around; without Recall, Copilot+ gets pretty boring

Copilot+ PC's features may help the new laptops sink or swim, so its flagship gimmick being such a risk does not bode well for the release on June 18th. This casts a slight fog on Qualcomm's triumphant entry into the Windows laptop space with its groundbreaking Snapdragon X series processors.  Copilot+ and Snapdragon X also mark Microsoft's first real attempt to make Windows-on-Arm really work, which is to some the most exciting facet of Copilot+ PC. And Qualcomm won't be alone for long, as Dell hinted at Nvidia-made Arm processors for PC coming soon.

Dallin Grimm
Contributing Writer

Dallin Grimm is a contributing writer for Tom's Hardware. He has been building and breaking computers since 2017, serving as the resident youngster at Tom's. From APUs to RGB, Dallin has a handle on all the latest tech news. 

  • hotaru251
    as it should.

    Recall on a device that is known to be vulnerable to attacks & the OS itself scalps your data to sell to others w/ boatloads of telemetry beign sent...thats a MAJOR issue for a private citizen.
    Reply
  • ........it will be baked into the Windows operating system starting with Windows 11 24H2 on Copilot+ PCs, and can't be fully removed or disabled (perhaps it could by editing the registry, but that carries risk).

    Yes, we can easily disable "Recall" permanently ! Since this is just a “photographic memory" AI explorer app made by MS, being dubbed weirdly as "recall".

    Just go here, under Win 11 24H2:

    Settings > Privacy & security > Recall & snapshots, and then just turn off the “Save snapshots” toggle switch. After this, it will stop taking snapshots of every activity you do on your PC.

    And yes, it works, as tested ! ;)

    https://i.imgur.com/sX71Wg8.png
    Reply
  • MatheusNRei
    Metal Messiah. said:
    Yes, we can easily disable "Recall" permanently ! Since this is just a “photographic memory" AI explorer app made by MS, being dubbed weirdly as "recall".

    Just go here, under Win 11 24H2:

    Settings > Privacy & security > Recall & snapshots, and then just turn off the “Save snapshots” toggle switch. After this, it will stop taking snapshots of every activity you do on your PC.

    And yes, it works, as tested ! ;)

    https://i.imgur.com/sX71Wg8.png
    He probably meant "remove completely".

    Just toggling it off is useless if someone else has access to your computer and can enable it again.

    It's like disabling a webcam by disabling the driver VS unplugging it entirely.
    Reply
  • CmdrShepard
    The UK governmentt is "making enquiries" with Microsoft.
    Yeah I can bet... they are inquiring whether they can tap into that data too.
    Reply
  • ezst036
    This Recall even has Elon Musk out there saying it's time to move on from Windows and upgrade to Linux.


    https://news.ycombinator.com/item?id=40433162
    1792693133651918989View: https://x.com/elonmusk/status/1792693133651918989

    The context here, seemingly disconnected, is something Nadella was saying in a XTwitter video.
    Reply
  • ohio_buckeye
    This feature seems dumb and should not even be on the OS period. Forgive me if I’m not trusting of all of Microsoft’s claims that the snapshots are private and that they actually disable the feature just because you toggle a button.
    Reply
  • CmdrShepard
    Metal Messiah. said:
    Yes, we can easily pretend to disable "Recall" permanently ! Since this is just a “photographic memory" AI explorer app made by MS, being dubbed weirdly as "recall".
    FTFY.

    By the way, for now it's just recording snapshots, next step will be policing them for inappropriate content and punishing you accordingly.
    Reply
  • A Stoner
    Windows loves to reset your toggles. At work we have to have certain things turned on or off in their browser to get our programs to function, and every single browser update changes every last toggle back to default.
    Reply
  • CelicaGT
    The faster MS ditched Nadella the better. He's completely tone deaf and a blight on the industry. I'm sure stocks are up...
    Reply
  • ThomasKinsley
    "Recall is a key part of what makes Copilot+ PCs special"

    If Picture-Snapper 5000 is the key ingredient behind Copilot+, then Microsoft needs to go back to the kitchen because I've yet to see one person genuinely excited over this feature.
    Reply