Microsoft is again pushing ahead with the rollout of its controversial ‘Recall’ feature – an AI-powered screenshot tool slammed by critics as a potential goldmine for hackers and a serious privacy risk.
The feature, once dubbed a ‘privacy nightmare’, has begun a limited rollout for Windows Copilot+ PCs, this time with tighter privacy controls.
After multiple delays due to backlash, Recall is now being gradually rolled out to Windows Insiders in the Release Preview channel, marking its closest step yet to a full public launch.
Originally unveiled in 2024 as a key feature of Microsoft’s AI-driven Copilot+ PCs, Recall uses on-device AI to take continuous snapshots of user activity – ranging from websites to documents and apps – allowing users to retrieve content through text-based queries.
When it was first announced concerns were raised about sensitive data being captured without users’ full understanding, with experts warning it could create a goldmine for hackers if systems were ever compromised.
In response, Microsoft has reworked the tool to be opt-in only, requiring Windows Hello authentication to access the saved snapshots. Users can also pause, delete or disable the feature entirely at any time.
Sensitive information like passwords and credit card numbers are now reportedly filtered out automatically, and private browsing sessions or specific apps can be excluded from being recorded.
Snapshots and their associated data are encrypted and stored locally on the user’s PC, with Microsoft stressing that no data is shared with the company or third parties.
“With the AI capabilities of Copilot+ PCs, it’s now possible to quickly find and get back to any app, website, image, or document just by describing its content,” Microsoft wrote in a blog post, adding that Recall has been designed to “think more like a human brain” in helping users remember digital interactions.
Despite Microsoft’s efforts to clean up Recall’s image, the skepticism has not entirely gone away. Critics still argue the system could unintentionally record information from other people, such as disappearing messages or private conversations.
Cybersecurity researcher Alex Hagenah previously showed how Recall’s local database could be exploited using a proof-of-concept tool dubbed ‘TotalRecall’, which sparked the initial delay in rollout.
Microsoft insists that recent updates, including anti-malware protections, adjustable storage controls, and opt-out options, will prevent those scenarios from recurring.
For now, Recall is only available to Windows Insiders on Copilot+ PCs running Build 26100.3902, with a broader rollout expected later this year. However, users in the EU will have to wait a bit longer, with Microsoft saying the feature will arrive in that region in late 2025.
