![Building A Digital PR Strategy: 10 Essential Steps for Beginners [With Examples]](https://buzzsumo.com/wp-content/uploads/2023/09/Building-A-Digital-PR-Strategy-10-Essential-Steps-for-Beginners-With-Examples-bblog-masthead.jpg)
Windows Recall Is Back (but Should You Use It?)
There are still several security and privacy concerns with Windows Recall.
Originally launched by Microsoft last July, Windows Recall was swiftly pulled in response to a barrage of security and privacy complaints. Now it's back, with some tweaks to make it more palatable for users—but there remain plenty of concerns about what happens when it's enabled.
If you're new to the story, Recall is an AI-powered feature that acts like a memory for your computer. It regularly snaps and analyzes screenshots of whatever you're doing. It's handy if you want to get back to a document or message you vaguely remember from three weeks ago, while at the same time sounding several alarm bells in terms of having all your past Windows activity stored on your system.
I tested an early version of Windows Recall at the end of last year, and found it to be genuinely useful at times—for those prepared to put up with the security and privacy problems. Back then it was still in a rather unfinished form, with some basic features missing, such as the option to filter snapshots by app.
To get Recall today, you need to have a Copilot+ PC, with all the necessary AI processing power: If you have a compatible computer with the latest version of Windows, you'll find the Recall app on the Start menu. It won't be enabled by default; making the feature opt-in is one of the changes Microsoft has made after the wave of criticism directed towards Recall when it was first unveiled.
Microsoft has made other changes, too. The data stored by Recall is now more securely encrypted; Windows Hello authentication is required each and every time you want to access it; and sensitive information such as passwords, credit card numbers, and official IDs are filtered out—though it remains to be seen how effectively that works.
Are the changes enough to win back trust for Windows Recall? It's certainly now much harder for someone else to get at the screenshots that Recall stores, but there remain questions about how well they're protected—not just on your own computer, but on the computers of anyone else you might be communicating with.
Recall still has problems
Security researcher Kevin Beaumont has been digging into the latest version of Recall, and there are still some worrying problems here. The first is that someone else can access your PC and Recall using your computer PIN, if they can guess it or trick you into revealing it: While biometric authentication is required to set Recall up, you can fall back to using a PIN whenever you need to see or search through the screenshots.
Now this isn't too different from someone hacking into your phone using your PIN, and you might be confident that no one else will even get hold of your set of digits. However, if they do, Recall gives these unauthorized visitors instant access to everything you've ever done on your PC since you set up the feature.
Secondly, Beaumont found that the sensitive data filtering is hit and miss (something I noticed in my own testing too): You can't really rely on it to wipe out details of your credit cards or your medical histories. That's not a huge issue if you're the only one looking at this information, but that's difficult to guarantee.
There's another problem here, highlighted by Ars Technica: If someone you know enables Recall, and is syncing photos and chats you've sent them to their computer, all that information then gets snapped and sorted on their PC (think Signal for Windows, for example). Your data is more likely to be exposed, and you've not even had any say in it.
It seems as though insisting on biometric authentication every time Recall is accessed is an obvious fix Microsoft could apply here—making it much harder for someone else to get at your data, whether it's on your PC or the PC of someone you know. It still feels wrong that your emails, photos, or chats might be getting collected together in someone else's Recall library, though.
More robust filtering tools would certainly help as well. Windows Recall already lets you exempt certain sites and apps from being screenshotted, but it's a rather clunky system, and better automatic censoring would be welcome. In the meantime, you not only need to decide if you're going to enable Recall, you need to check in with family and friends to see what they're doing as well.
