Microsoft’s new “Recall” feature promises to make your PC more helpful by silently capturing screenshots of your activity every five seconds.
Sounds futuristic—and a little unsettling.
We’re not anti-innovation.
In fact, we see the potential use cases: looking back on something you forgot, grabbing a past conversation, retracing your digital steps.
But for now?
We’re strongly recommending our clients disable it.
Here’s why.
What Is Microsoft Recall?
Recall is a new AI-powered feature built into Copilot+ PCs.
It saves automatic snapshots of what’s on your screen to create a searchable timeline. Imagine saying, “Show me that tax site I visited last Thursday,” and having your PC pull it up instantly.
The data is stored locally and, according to Microsoft, Recall uses AI to strip out sensitive content like passwords and credit card numbers.
The problem?
It doesn’t catch everything.
The Security Risk Is Too High
In tests, Recall successfully blurred out sensitive data in many cases—but not all.
It missed:
- Credit card numbers typed in a Word document
- Social Security numbers not labeled in a way AI could recognize
- Email addresses on account login screens (which can aid phishing attempts)
Worse, those screenshots are not encrypted at rest by default.
That means if someone gains access to your computer, they could browse everything Recall has saved—without needing a separate password or decryption key.
For businesses that deal with client data, financial records, or even just internal strategy documents, that’s a risk we’re not comfortable with.
Can You Turn It Off? Yes—Here’s How
If you have a new Copilot+ PC, you may have enabled Recall during setup without realizing it.
The good news?
You can turn it off:
- Go to Settings > Privacy & Security > Recall & Snapshots
- Toggle it off
- Then, go to the Recall file location and delete the stored screenshots:
C:\Users\[YourName]\AppData\Local\Microsoft\Windows\Recall
Don’t see Recall in your settings?
You probably don’t have it installed yet—and that’s a good thing.
For Business Networks, IT Can Block It Entirely
If you manage devices through Microsoft Intune or use Group Policy, Recall can be disabled across your entire organization.
That’s what we’re doing for our managed clients—because waiting for a breach to happen isn’t a plan.
Should You Ever Use Recall? Maybe—Someday
If Microsoft adds proper encryption, lets users opt in (not out), and gives us the ability to specify which apps it can and can’t see, Recall could become a useful productivity tool.
But right now, it’s an always-on screen recorder with too many gaps in its safety net.
And if you’re dealing with sensitive data, 99% accuracy isn’t enough.
The Bottom Line
We’re keeping an eye on it. But for now, our recommendation is simple:
- If Recall is turned on—disable it
- If you’re an IT admin—block it at the network level
- If you’re a business owner—ask if this affects your devices
Got questions or need help checking your system?
Reach out here.
Security first, always.
