Following Microsoft having to postpone the release of its ‘Recall’ screenshot feature in May over privacy concerns, it now plans to re-launch an updated version in November on its new CoPilot+ computers.

Recall – What Happened? 

At its Microsoft Build 2024 developer conference back in May, Microsoft announced that it planned to introduce the ‘Recall’ AI-powered feature which was designed to take periodic screenshots (snapshots) of everything a user interacts with on their PC. The screenshots (taken every 5 seconds) were to be stored (encrypted) and analysed using optical character recognition (OCR) – using AI, locally on the user’s PC.

Why Take Snapshots? 

The screenshots (referred to as snapshots) were intended to be used to provide a timeline of everything a user’s done and seen, and to enable the use of voice commands to search through this timeline. Yusuf Mehdi, Microsoft’s executive vice president and consumer chief marketing officer, said that with Recall, Microsoft “set out to solve one of the most frustrating problems we encounter daily — finding something we know we have seen before on our PC”.  Recall was, therefore, intended to be a productivity and user experience-enhancing feature.

Privacy Concerns 

However, Microsoft very quickly faced a backlash due to fears around privacy and data security relating to the Recall feature. Recall was described as a “privacy nightmare” and attracted the attention of the UK Information Commissioner’s Office (ICO), plus critics pointed out that the tool (which continuously records user activity) could easily become a “honeypot” for hackers, especially if malware gained access to these snapshots.

Other concerns centered around:

– The default setting enabling Recall on Copilot+ PCs without explicit user consent.

– A lack of moderation in what Recall recorded, i.e. very sensitive information including snapshots of passwords, financial account numbers, medical or legal information (and more) would be recorded and, therefore, could potentially be accessed and taken.

– Worries about who could access these recordings, particularly if devices fell into the wrong hands or were compromised by malicious software.

– Anyone who knew a user’s password could access that user’s history in more detail.

– With gaining initial access to a device being one of the easier elements of an attack, this is all that would be needed to potentially access the screenshots and steal sensitive information or business trade secrets.

Listened 

Microsoft now says that it has listened to feedback, and after planning to debut Recall with its new CoPilot+ computers in June, it has spent time removing some of Recall’s more controversial features, and now plans to re-launch Recall in November (on its new CoPilot+ computers).

What’s New About It? 

With the revamped Recall, users must actively choose to enable it, rather than having it automatically activated. This change should give users more control over whether their data is recorded. Also, Microsoft has introduced encryption measures, secured via the Trusted Platform Module (TPM), to protect the screenshots that Recall takes. The data is also stored within a Virtualisation-based Security (VBS) Enclave, ensuring it’s more difficult for hackers or malware to access.

Additional enhancements are also understood to include the ability to set preferences for what content Recall captures, how long the data is stored, and what types of sensitive information (such as credit card details) should be automatically excluded from being recorded. For example, an icon in the system tray will now notify users when screenshots are being taken, providing transparency and the option to pause the feature whenever desired.

What Does It Mean For Your Business? 

As Microsoft prepares to relaunch Recall with a more privacy-conscious design, it shows the company’s commitment to addressing the concerns raised earlier this year. By shifting to an opt-in model and enhancing encryption, Microsoft aims to give users more control over their data, which is crucial in today’s security-focused landscape. The added features, such as notification alerts and more granular content preferences, demonstrate a thoughtful balance between innovation and user safety.

These changes are not just superficial adjustment, but they reflect Microsoft’s awareness of the growing need for transparent data management, especially with AI-powered tools that handle sensitive information. By actively listening to (and involving) users in deciding how Recall operates on their devices, Microsoft will, no doubt, be hoping to regain trust and re-establish Recall as a valuable productivity tool rather than a security risk.

Ultimately, whether these revisions are enough to win over privacy advocates remains to be seen. However, the revamped version of Recall marks a step in the right direction, highlighting how user feedback can shape technology in ways that benefit both functionality and security. Microsoft’s ability to adapt will likely be key to the long-term success of Recall and its broader Copilot+ initiative.