Brad Smith just said Recall was designed to be disabled by default. That is not true. Microsoft’s own documentation said it would be enabled by default - they only backtracked after outcry.
He has somehow got almost every detail about Recall wrong while testifying.
Obviously, I’ll wait to see the announcement but it sounds like they’ve finally realised they need to take the time and get the feature right (and frankly consider the target audience - most home users, it ain’t).
They should have announced this before or during the US House hearing.
Announcement is out. Good on Microsoft for finally reaching a sane conclusion.
- Recall won’t ship as a feature at launch on Copilot+ PCs any more.
- Won’t be available in Insider preview channel at launch, as it was pulled.
When it does appear in preview channels, privacy and security researchers need to keep a close eye on what Microsoft are doing with the feature.
Microsoft tried developing this feature in secret in a way which tried to avoid scrutiny. Thank you to everyone who stood up.
If anybody is wondering, Microsoft moved the announcement up as I scooped them 🤣
Thank you to everyone who helped out with this one, there was no way something that constantly OCR’d the screen being implemented so poorly was acceptable but Microsoft really, really dug their heels in.
Photographic memory of everything you’ve ever done on a computer has to be entirely optional, with risks explained and be done right.. or not at all. Accountability matters.
Microsoft, be better.
If anybody wonders if Recall classifies what porn you watch, yes. Aside from OCRing text it also classifies images in videos.
9 minute 50 second mark in this, screen is blurred for obvious reasons.
Here’s the clip translated around adult content with Microsoft Recall.
They filter search terms in English like nude - but don’t filter it in other languages.
Everything you view - including in videos - is classified and stored in the database regardless.
This is pretty good - detecting Microsoft Recall misuse for data exfil. https://youtu.be/SV9-dn-5uEY?si=jVz9sC4A2wKxeiBt
I tested this against the latest release of Recall and both TotalRecall and these detections still work.
Obviously Recall may well alter before it hits Insider preview channel, nobody needs to rush out detections yet.
Btw all through this saga, Microsoft Defender never triggered Recall specific alerts for me. Sophos did.
You've probably heard of Microsoft's new Recall feature by now. It's a info stealer's dream come true. There has been a lot of information release about how ...
Windows 11 24H2 preview release has been rereleased (but only for Copilot+ devices). It doesn’t include Recall any more.
Additionally the Copilot+ PCs now have an update which enables the other AI features. This wasn’t available until a few hours ago, hence the lack of unsupervised reviews of the devices. It means you will see those reviews drop after the devices launch tomorrow.
There’s a website which gives some insight into how the UI and marketing push for Copilot+ Recall came together. The actual video appears to have gone MIA.
I led the visualization for the Recall app launch, showcasing its capabilities on a 50-foot screen during the live public introduction by Yusuf. My UI team managed the project from start to finish, developing visuals in the final two weeks. Building on our Recall experiences from the Surface Pro, Surface Laptop, and Copilot+ PC sizzle videos, we enhanced these scenarios for the live stage production, demonstrating Recall's full potential. This dynamic presentation was a highlight, refining Recall’s story for a large audience.
.@JohnHammond’s video on Recall is great, and a lot of fun - should also stop history being rewritten on this one later.
I got ahold of what I think is the latest Microsoft Recall (Copilot+ Recall? Nobody knows the branding) build and.. well.. Total Recall still works with the smallest of tweaks to export the database, it's still accessible as a plaintext database with marketing as the security layer.
Another observation, the Recall backlog must be very large as it's just becoming a truck load of features being dumped on.
One thing MS needs to fix in Recall, before the Insider canary build hits again, is the MSRC bug bounty.
As far as I can see, if you find a critical or high in Recall it qualifies for *drumroll* $1k bounty, unless I'm misinformed.
That probably needs clarifying as nobody is going to sell photographic memory access to Windows devices to MS for that value - it's way more valuable elsewhere.
Should Microsoft Recall ever reappear I plan to keep checking how secure it is, because the next evolution of security cannot be Microsoft pouring petrol onto the infostealer fire.
Infostealer malware is swiping millions of passwords, cookies, and search histories. It’s a gold mine for hackers—and a disaster for anyone who becomes a target.
https://www.wired.com/story/infostealer-malware-password-theft/
XDA Developers, who were a good source of behind the scenes info during the Microsoft Recall saga, are saying Microsoft have kicked Recall into the long grass and they think it may never launch. https://www.xda-developers.com/thread/microsoft-wants-you-to-forget-about-copilot-recall-it-seems/
It’s been almost two months since Microsoft said it would launch for Insiders in “weeks” instead.
Microsoft now say Recall will available for Insider testing in October on select Copilot+ PCs.
As a community we’ll need to test the security implications out extensively.
Due to hardware requirements this will obviously be a problem, unless we can hack it to install on non-NPU systems again - I don’t know if that has been ‘fixed’ or not.
https://www.theverge.com/2024/8/21/24225439/microsoft-recall-windows-ai-feature-october-testing
Recall is back.
Overall the planned changes here are much more robust.
Some of the things are boomerangs - eg they said it wasn’t uninstallable weeks ago, but it is now. Also they said it wasn’t developed under Secure Future Initiative a few months ago.. but now say it was originally under SFI.
The proof is in the pudding obviously so hands on tests will be required. They’ve locked it to Copilot+ PC systems now, which will limit research.
Microsoft have recalled Recall again.
It still hasn't even made it to Insider preview yet, that's been delayed too, now in December.
Good, by the way. They should take the time to get it right. I still don't know what they were thinking when they had the CEO stand on stage and say it was launching on devices 6 months ago and would be fully secure, when they hadn't even done a basic security review of it.
https://www.theverge.com/2024/10/31/24284572/microsoft-recall-delay-december-windows-insider-testing
I'd be surprised if it is released in December btw, as Redmond is a ghost town in the office from basically now until mid January.
I guess a cynical version is they're trying to rush out the Insider preview during Christmas so nobody actually reviews it.. but, well, I don't think that would happen as it'd be another own goal. It probably needs 6 months in Insider release with a bug bounty, to avoid exploits dropping like Joker 2 at the box office on release.
In a newly released blog entitled "Windows: AI-powered, cloud-enabled, and secure", Microsoft say the business versions of Windows will ship with Recall disabled by default - IT departments will have to enable the feature before it is available.
This is a smart move and frankly it was incredible that the original idea was to ship this enabled by default in business - it was never, ever going to fly and hopefully Microsoft is rightly humbled by the experience.
Microsoft are getting positive press for calling Recall “one of the most secure experiences it has built”.
I’d point out - they haven’t provided a Preview build to Insiders still, and there’s been no externally provided build (outside of NDA), so nobody has been able to assess the security and talk about it. There’s no specific bug bounty for it either.
When they first announced Recall, they called it totally secure - which was laughably inaccurate. It feels like a lot of premature high fiving
Microsoft Recall is now available for testing.
https://www.theregister.com/2024/11/22/microsoft_recall_release/
It’s only available on Qualcomm Snapdragon-powered Copilot+ PCs. My feeling is we’re probably going to want to hook one up to the internet and hack RDP for unlimited sessions, to allow research - I’ll look into it.
I’ve been told Recall is eligible for bug bounty as part of the Insider programme. I think the process is supposed to be sandboxed so in theory (my reading) the payout limit should be $20k.
Microsoft are rolling out Recall to users in Windows Insider (testing) before a wider rollout to all compatible systems.
It's definitely one to watch (and yes, I am) from a security point of view.
I've took a look at the past year of work Microsoft has done on Recall, which is due to roll out to compatible Windows devices soon
tl;dr it's much better from a security and privacy point of view. My partner managed to hack my Recall memory in 5 minutes to browse prior Signal discussions, by guessing my Windows Hello PIN.
There's a bunch of risks people who enable it need to understand.
Tabletop scenario for you:
Employee gets into a dispute with employer, leaves, had sensitive role. Employer revokes access, devices etc. Employee had logged in via BYOD to email, IM etc.
Due to Recall, employee walks away with 6 months of screenshots of everything she's ever worked on in a text indexed form - every email, chat, document, Teams call with video snapshots, transcripts of verbal calls etc - even if they set M365 to not store documents locally.
What does the employer do now?
Signal have rolled out an update to all users that stops Microsoft Recall from capturing Signal conversations.
I’ve tested this and it works. Brilliant work by the @signalapp team. 💪
They call on Microsoft to build better, as there was no standardised way as an app developer to do this. Because Signal is open source, now app developers have a template to protect their users from Windows.
Signal Desktop now includes support for a new “Screen security” setting that is designed to help prevent your own computer from capturing screenshots of your Signal chats on Windows. This setting is automatically enabled by default in Signal Desktop on Windows 11. If you’re wondering why we’re on...
I found an interesting Microsoft Recall issue with the latest version - Recall is enabled on my PC, but the tray icon (bottom right) saying it is running is missing.
Edit: after a reboot, it's back. I'll keep an eye on it. After the latest Windows Update the UI wasn't visible, but it was still recording.
The Register took a look at Microsoft Recall and found it captured personal information, such as social security numbers and such in its database.
They also found they could access it remotely using TeamViewer, using just a PIN.
https://www.theregister.com/2025/08/01/microsoft_recall_captures_credit_card_info/
This is why I have SERIOUS concerns regarding privacy, data protection and safeguarding concerns with this enabled, Schools use a system called CPOMS to report concerns in schools, this information is confidential and is usually very sensitive information (a disclosure from a child for example) all this recorded.
if while using MS recall decides to snap shot the page with identifiable information on it can have SERIOUS Implications for everyone involved.
@GossiTheDog Does any recall (pun intended) what the original justification for Recall was again?
Were Windows users regularly asking for a built-in keylogger on steroids as a feature?
@GossiTheDog Gee. Who could have seen this coming. 😐
It's also capturing insanely sensitive data elsewhere. Important business records, etc. And the only protection is basic user encryption. Besides TeamViewer, trojans and other exploits would just go right on in since it's already unlocked for the user.
And that's assuming it's not sending this stuff to Microsoft...
I still can't believe people let them just roll this out without a huge outcry.
@GossiTheDog detecting credit Credit card numbers solely by surrounding text that says it is seems universally stupid.
Luhn algorithm and known credit card regex, even broken down by vendor/bin patterns is pretty widely known and public knowledge. Even attackers use them to validate stuff.
@GossiTheDog Looks like your original note that requiring biometrics to set up but not on subsequent access seemed really squirmy has, indeed, proven to be really squirmy.
It's hard to imagine how they could ever get the actual 'recall' function of recall up to a safe level without measures that totally rule it out as a consumer feature. The sort of faff involved with HSMs, Data rooms, or SCIFs isn't going to fly; but it's unclear whether anything more convenient is fit for purpose.
@GossiTheDog Curious why you’re leaving Microsoft Recall enabled?
I’m still trying to figure out the intended use case.
“Hey copilot, what was the plot of last night’s pornography?”
The 'use case' of Recall and Copilot is to change user behaviour.
By encouraging users to become more reliant on MS to perform basic tasks, users will lose the ability (the skills) to perform those tasks.
For example, try using the MS Outlook client on iOS or Android to review an email's headers. (MS removed that capability a long time ago.)
The ultimate aim of MS is to have as many people as possible change to a 'subscription' model where users have *zero* access to the OS or any installed app's code.
All systems will require internet access to boot up, with possible exceptions being 'Pro' or 'Enterprise' versions for use by companies in the field.
Local storage memory will be controlled by MS, and may eventually form a 'distributed' cloud.
Therefore, the 'use case' of Recall and Copilot is to benefit MS and NOT the people who use it.
*Highly* recommended.
It is *amazing* what this utility can do.
Obviously, I’ll wait to see the announcement but it sounds like they’ve finally realised they need to take the time and get the feature right (and frankly consider the target audience - most home users, it ain’t).
They should have announced this before or during the US House hearing.
Announcement is out. Good on Microsoft for finally reaching a sane conclusion.
- Recall won’t ship as a feature at launch on Copilot+ PCs any more.
- Won’t be available in Insider preview channel at launch, as it was pulled.
When it does appear in preview channels, privacy and security researchers need to keep a close eye on what Microsoft are doing with the feature.
Microsoft tried developing this feature in secret in a way which tried to avoid scrutiny. Thank you to everyone who stood up.
If anybody is wondering, Microsoft moved the announcement up as I scooped them 🤣
Thank you to everyone who helped out with this one, there was no way something that constantly OCR’d the screen being implemented so poorly was acceptable but Microsoft really, really dug their heels in.
Photographic memory of everything you’ve ever done on a computer has to be entirely optional, with risks explained and be done right.. or not at all. Accountability matters.
Microsoft, be better.
If anybody wonders if Recall classifies what porn you watch, yes. Aside from OCRing text it also classifies images in videos.
9 minute 50 second mark in this, screen is blurred for obvious reasons.
Here’s the clip translated around adult content with Microsoft Recall.
They filter search terms in English like nude - but don’t filter it in other languages.
Everything you view - including in videos - is classified and stored in the database regardless.
This is pretty good - detecting Microsoft Recall misuse for data exfil. https://youtu.be/SV9-dn-5uEY?si=jVz9sC4A2wKxeiBt
I tested this against the latest release of Recall and both TotalRecall and these detections still work.
Obviously Recall may well alter before it hits Insider preview channel, nobody needs to rush out detections yet.
Btw all through this saga, Microsoft Defender never triggered Recall specific alerts for me. Sophos did.
You've probably heard of Microsoft's new Recall feature by now. It's a info stealer's dream come true. There has been a lot of information release about how ...
Windows 11 24H2 preview release has been rereleased (but only for Copilot+ devices). It doesn’t include Recall any more.
Additionally the Copilot+ PCs now have an update which enables the other AI features. This wasn’t available until a few hours ago, hence the lack of unsupervised reviews of the devices. It means you will see those reviews drop after the devices launch tomorrow.
There’s a website which gives some insight into how the UI and marketing push for Copilot+ Recall came together. The actual video appears to have gone MIA.
I led the visualization for the Recall app launch, showcasing its capabilities on a 50-foot screen during the live public introduction by Yusuf. My UI team managed the project from start to finish, developing visuals in the final two weeks. Building on our Recall experiences from the Surface Pro, Surface Laptop, and Copilot+ PC sizzle videos, we enhanced these scenarios for the live stage production, demonstrating Recall's full potential. This dynamic presentation was a highlight, refining Recall’s story for a large audience.
.@JohnHammond’s video on Recall is great, and a lot of fun - should also stop history being rewritten on this one later.
I got ahold of what I think is the latest Microsoft Recall (Copilot+ Recall? Nobody knows the branding) build and.. well.. Total Recall still works with the smallest of tweaks to export the database, it's still accessible as a plaintext database with marketing as the security layer.
Another observation, the Recall backlog must be very large as it's just becoming a truck load of features being dumped on.
One thing MS needs to fix in Recall, before the Insider canary build hits again, is the MSRC bug bounty.
As far as I can see, if you find a critical or high in Recall it qualifies for *drumroll* $1k bounty, unless I'm misinformed.
That probably needs clarifying as nobody is going to sell photographic memory access to Windows devices to MS for that value - it's way more valuable elsewhere.
@GossiTheDog Didn't ship YET.
Give it a few more months for the folks who care about privacy to forget or get too busy, and it'll get officially shipped.
Remember, the big manufacturers are shipping NPU enabled hardware now, they're not going to let that go to waste.
@GossiTheDog It really feels like my full jump to Linux a year or two back was just in time.
My little one will never be given a Windows PC from me! They will have Linux and they will be mighty!
@GossiTheDog Rubbish. This is nothing to do with software not being tested, but the pure arrogance of a company on an insidious path to steal every scrap of data from its entire clientele, including potential rival businesses and take-over targets.
To lower the conversation to one of testing is to change the narrative in MS's favour.
The Recall ain't over until execs get fired.
@GossiTheDog Tracking-free link:
Thanks so much for all the analysis and coverage.
Kevin Beaumont
Zeljka Zorz
Paul Sutton
Dave 🐶
i_give_u_worms
Nazo
Matt Organ
Glyph
Aleksei
fuzzyfuzzyfungus
🔥 this is fine
Eastern Digital
Bee O'Problem 
Overripe Peach
Ernst Gucker
ℒӱḏɩę 
💾
F4GRX Sébastien
Knightmare
🦄Cyber Unicorn🦄
Phil
Xavier «X» Santolaria 
Philip Bragg
Dusk To Don 
Fuse Views
Sterling
J$
r4start]
Marius Kießling
The Doctor
Chris Petrilli
Marcus Adams
Stephan
Loren Kohnfelder
Wiredfire
dasparadoxon
Khleedril
Tom DB 🦣
number137
Artemesia
MzBlackwood 
Paul Thurrott
Apicultor 🐝
Maxi 11x 💉
CMDR Yojimbosan 🅅⁂
EvilGinger- Queen of Naps
v̾i̾t̾r̾i̾o̾l̾i̾x̾
Tim Hergert
whonose123
missed_sla
Erik Moeller
Pamela Barroway – Biz Editor
Luke Diaz
Andrew 
mhoye
CharlieG
trog
Andrew Bartlett
Futuristic Robert [KJ5ELX] 
Chester Wisniewski
Rairii (bootloader unlocked, MSR_LE set)
Nonya Bidniss 🥥🌴
Erik Johnson
Darth Kilroy
DiffieHellmanStan (Tony)
Rick Hunter