Something about Recall which I don’t think got enough (any?) coverage is it was marketed by Satya as using the NPU.. but it didn’t.
Should Microsoft Recall ever reappear I plan to keep checking how secure it is, because the next evolution of security cannot be Microsoft pouring petrol onto the infostealer fire. https://www.wired.com/story/infostealer-malware-password-theft/
XDA Developers, who were a good source of behind the scenes info during the Microsoft Recall saga, are saying Microsoft have kicked Recall into the long grass and they think it may never launch. https://www.xda-developers.com/thread/microsoft-wants-you-to-forget-about-copilot-recall-it-seems/
It’s been almost two months since Microsoft said it would launch for Insiders in “weeks” instead.
Microsoft now say Recall will available for Insider testing in October on select Copilot+ PCs.
As a community we’ll need to test the security implications out extensively.
Due to hardware requirements this will obviously be a problem, unless we can hack it to install on non-NPU systems again - I don’t know if that has been ‘fixed’ or not.
https://www.theverge.com/2024/8/21/24225439/microsoft-recall-windows-ai-feature-october-testing
The Microsoft Recall saga continues - Microsoft accidentally introduced the ability to uninstall it. They say this was an error and you won’t be able to uninstall it in the future. https://www.theverge.com/2024/9/2/24233992/microsoft-recall-windows-11-uninstall-feature-bug
Recall is back.
Overall the planned changes here are much more robust.
Some of the things are boomerangs - eg they said it wasn’t uninstallable weeks ago, but it is now. Also they said it wasn’t developed under Secure Future Initiative a few months ago.. but now say was originally.
The proof is in the pudding obviously so hands on tests will be required. They’ve locked it to Copilot+ PC systems now, which will limit research.
Microsoft need to go back and fix this if true, as Explorer shouldn’t be tied to Copilot and Recall. https://news.itsfoss.com/microsoft-windows-recall/
Microsoft have recalled Recall again.
It still hasn't even made it to Insider preview yet, that's been delayed too, now in December.
Good, by the way. They should take the time to get it right. I still don't know what they were thinking when they had the CEO stand on stage and say it was launching on devices 6 months ago and would be fully secure, when they hadn't even done a basic security review of it.
https://www.theverge.com/2024/10/31/24284572/microsoft-recall-delay-december-windows-insider-testing
I'd be surprised if it is released in December btw, as Redmond is a ghost town in the office from basically now until mid January.
I guess a cynical version is they're trying to rush out the Insider preview during Christmas so nobody actually reviews it.. but, well, I don't think that would happen as it'd be another own goal. It probably needs 6 months in Insider release with a bug bounty, to avoid exploits dropping like Joker 2 at the box office on release.
In a newly released blog entitled "Windows: AI-powered, cloud-enabled, and secure", Microsoft say the business versions of Windows will ship with Recall disabled by default - IT departments will have to enable the feature before it is available.
This is a smart move and frankly it was incredible that the original idea was to ship this enabled by default in business - it was never, ever going to fly and hopefully Microsoft is rightly humbled by the experience.
Microsoft are getting positive press for calling Recall “one of the most secure experiences it has built”.
I’d point out - they haven’t provided a Preview build to Insiders still, and there’s been no externally provided build (outside of NDA), so nobody has been able to assess the security and talk about it. There’s no specific bug bounty for it either.
When they first announced Recall, they called it totally secure - which was laughably inaccurate. It feels like a lot of premature high fiving
Microsoft Recall is now available for testing.
https://www.theregister.com/2024/11/22/microsoft_recall_release/
It’s only available on Qualcomm Snapdragon-powered Copilot+ PCs. My feeling is we’re probably going to want to hook one up to the internet and hack RDP for unlimited sessions, to allow research - I’ll look into it.
I’ve been told Recall is eligible for bug bounty as part of the Insider programme. I think the process is supposed to be sandboxed so in theory (my reading) the payout limit should be $20k.
Microsoft are rolling out Recall to users in Windows Insider (testing) before a wider rollout to all compatible systems.
It's definitely one to watch (and yes, I am) from a security point of view.
I've took a look at the past year of work Microsoft has done on Recall, which is due to roll out to compatible Windows devices soon
tl;dr it's much better from a security and privacy point of view. My partner managed to hack my Recall memory in 5 minutes to browse prior Signal discussions, by guessing my Windows Hello PIN.
There's a bunch of risks people who enable it need to understand.
I think the following groups should probably not enable Microsoft Recall
Ars Technica have a good look at Recall too https://arstechnica.com/gadgets/2025/04/in-depth-with-windows-11-recall-and-what-microsoft-has-and-hasnt-fixed/
One other Microsoft Recall observation, it records Citrix client sessions, even with anti-screen capture enabled.
Microsoft have announced, in a Friday night blog post, they are rolling out Copilot+ Recall to all compatible devices over the next month. https://blogs.windows.com/windowsexperience/2025/04/25/copilot-pcs-are-the-most-performant-windows-pcs-ever-built-now-with-more-ai-features-that-empower-you-every-day/
Tabletop scenario for you:
Employee gets into a dispute with employer, leaves, had sensitive role. Employer revokes access, devices etc. Employee had logged in via BYOD to email, IM etc.
Due to Recall, employee walks away with 6 months of screenshots of everything she's ever worked on in a text indexed form - every email, chat, document, Teams call with video snapshots, transcripts of verbal calls etc - even if they set M365 to not store documents locally.
What does the employer do now?
Signal have rolled out an update to all users that stops Microsoft Recall from capturing Signal conversations.
I’ve tested this and it works. Brilliant work by the @signalapp team. 💪
They call on Microsoft to build better, as there was no standardised way as an app developer to do this. Because Signal is open source, now app developers have a template to protect their users from Windows.
I found an interesting Microsoft Recall issue with the latest version - Recall is enabled on my PC, but the tray icon (bottom right) saying it is running is missing.
Edit: after a reboot, it's back. I'll keep an eye on it. After the latest Windows Update the UI wasn't visible, but it was still recording.
Brave are blocking Microsoft Recall by default, hopefully Vivaldi follow. https://www.bleepingcomputer.com/news/security/brave-blocks-windows-recall-from-screenshotting-your-browsing-activity/
The Register took a look at Microsoft Recall and found it captured personal information, such as social security numbers and such in its database.
They also found they could access it remotely using TeamViewer, using just a PIN.
https://www.theregister.com/2025/08/01/microsoft_recall_captures_credit_card_info/
This is why I have SERIOUS concerns regarding privacy, data protection and safeguarding concerns with this enabled, Schools use a system called CPOMS to report concerns in schools, this information is confidential and is usually very sensitive information (a disclosure from a child for example) all this recorded.
if while using MS recall decides to snap shot the page with identifiable information on it can have SERIOUS Implications for everyone involved.
