Over five months after publicly scrapping the first version of the Windows Recall feature for its first wave of Copilot+ PCs, Microsoft announced today that a newly rearchitected version of Recall is finally ready for public consumption.
For now, the preview will be limited to a tiny subset of PCs: Qualcomm Snapdragon X Elite and Plus Copilot+ PCs enrolled in the Dev channel of the Windows Insider program. Intel and AMD Copilot+ PCs can’t access the Recall preview yet, and regular Windows 11 PCs won’t support the feature at all.
If you haven’t been following along, Recall is one of Microsoft’s many AI-driven Windows features exclusive to Copilot+ PCs, which come with a built-in neural processing unit (NPU) capable of running AI and machine learning workloads locally on your device rather than in the cloud. When enabled, Recall runs in the background constantly, taking screenshots of all your activity and saving both the screenshots and OCR’d text to a searchable database so that users can retrace their steps later.
The initial version of Recall never officially launched, but testers (including Ars) managed to enable it on unsupported PCs in a Windows Insider build. Recall originally stored all of the screenshots and text on disk in plaintext with no additional encryption or any other protections, and users with local or remote access to the machine could easily copy and open other users’ Recall data. Since the feature was opt-out by default and took no steps to hide sensitive information (users could exclude certain cites or apps from being saved by Recall, but that had to be done entirely manually), security researchers and other users correctly identified it as a huge security and privacy risk.
Users will be asked to reauthenticate with Windows Hello every time they access their Recall database.
Credit:
Microsoft
Microsoft has now delayed the feature multiple times to address those concerns, and it outlined multiple security-focused additions to Recall in a blog post in September. Among other changes, the feature is now opt-in by default and is protected by additional encryption. Users must also re-authenticate with Windows Hello each time they access the database. Turning on the feature requires Secure Boot, BitLocker disk encryption, and Windows Hello to be enabled. In addition to the manual exclusion lists for sites and apps, the new Recall also attempts to mask sensitive data like passwords and credit card numbers so they aren’t stored in the Recall database.