For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.
From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."
Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.
I've written up my thoughts on the Copilot Recall feature in Microsoft Copilot+ PCs
I think it will enable fraud and endanger users, and is not the sign of a company who are committed to security first.
Copilot+ Recall has been enabled by default globally in Microsoft Intune managed users, for businesses.
You need to enable DisableAIDataAnalysis to switch it off. https://learn.microsoft.com/en-us/windows/client-management/manage-recall
Two quick updates -
A) if you disallow recording of a website in Control Panel or GPO, in Chrome it is still recorded - disallow recording only works in Edge browser
B) Firefox and Tor Browser is recorded always, including in private mode - the exception is Hollywood DRM’d videos
I got ahold of the Copilot+ software.
Recall uses a bunch of services themed CAP - Core AI Platform. Enabled by default.
It spits constant screenshots (the product brands then “snapshots”, but they’re hooked screenshots) into the current user’s AppData as part of image storage.
The NPU processes them and extracts text, into a database file.
The database is SQLite, and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.
And if you didn’t believe me.. found this on TikTok.
There’s an MSFT employee in the background saying “I don’t know if the team is going to be very happy…”
They should probably be transparent about it, rather than telling BBC News you’d need to be physically at the PC to hack it (not true). Just a thought.
So the code underpinning Copilot+ Recall includes a whole bunch of Azure AI backend code, which has ended up in the Windows OS. It also has a ton of API hooks for user activity monitoring.
Apps themselves can also search and make themselves more searchable.
It opens a lot of attack surface.
The semantic search element is fun.
They really went all in with this and it will have profound negative implications for the safety of people who use Microsoft Windows.
If you want to know where tech companies are with AI safety, know Microsoft Recall won’t record screenshots of DRM’d movies..
..but will record screenshots of your financial records and WhatsApp messages, as corporate interests were prioritised over user safety.
And it’s enabled by default.
"The lights had probably gone."
"So had the stairs!"
Small print doesn't really cut it, though, it needs to be informed consent. The victim, sorry 'data subject' needs to *genuinely* know & understand what they're agreeing to, and IIRC the directive rules out hiding significant detail in "paragraph 3, subsection 42" of agreements no-one ever reads.
@BibbleCo @8tpercent @GossiTheDog
But lets be honest - all of us living under the GDPR protections know how "informed consent" is handled by big companies.
[ ] by using this feature I accept the additions to the <privacy policy>
With the policy linked and no-one ever going to actually read all 300 pages of it or if they do understand the content.
Kevin Beaumont
BibbleCo
8tpercent
Heals 
P Stewart