X

Microsoft's AI Recall Feature May Not Even Hit Your PC, but Here's How to Disable It

There are calls for Microsoft to pull back on its recall feature before it creates a security crisis.

Omar Gallaga
3 min read
AI key for your keyboard
Screenshot by CNET

Microsoft unveiled Windows Recall as a key feature of its Copilot artificial intelligence tool just two weeks ago, but the software feature is already being blasted by security experts.

Recall, which tracks all activity on a Windows computer to make things easier to find later using natural language, is being labeled a potential hackable security disaster. The feature is part of a new generation of PCs that Microsoft announced at its Build event. Labeled Copilot Plus, the generation is set to launch June 18.

Using AI, Recall is supposed to capture data from all applications -- unless you exclude any -- by taking a series of screenshots and storing these interactions in a database. It runs locally and can function without an internet connection, and even when you're not logged in to your Microsoft account.

At least one white-hat hacker has already created a tool that can extract sensitive data from Recall. It's called, naturally, TotalRecall.

AI Atlas art badge tag

In response to a query from CNET, Microsoft pointed to a Windows support page with information on privacy and security aspects of Recall.

Disabling Recall on your PC

Before you panic, Recall is only coming to new Copilot Plus PCs -- Windows Recall isn't coming as an update to a PC you already have.

If you do plan on buying a Copilot Plus PC and don't want Recall, other sites have published guides on how to disable the feature

The short version: Go to Windows settings, select Privacy & Security, go to Recall & Snapshots and use these settings to toggle off the feature or delete any data that's already been collected.

What security experts are saying about Recall

Security expert Kevin Beaumont posted a detailed analysis on Medium after testing out the feature, which is expected to be enabled by default on these new Copilot Plus systems. Beaumont said the feature will appeal to some people, but it presents such a huge security risk that it could take down the entire Copilot Plus brand.

"I think it's an interesting entirely, really optional feature with a niche initial user base that would require incredibly careful communication, cybersecurity, engineering and implementation," he wrote. "Copilot Plus Recall doesn't have these. The work hasn't been done properly to package it together, clearly."

Barry Briggs, a former CTO at Microsoft's information technology unit, wrote a post on the Directions on Microsoft website called Should Microsoft Recall Be Recalled. In the post, Briggs said that even though Recall is "at least on the surface ... a cool-looking feature," he has doubts about whether it adds real value for individual users or for businesses. 

"It's even harder to imagine that bad guys, such as well-funded and well-trained foreign actors, won't expend a ton of energy working to break the code," Briggs wrote.

You can read more of CNET's hands-on reviews of AI tools like Copilot, Gemini, ChatGPT and Claude on our AI Atlas hub.

Editors' note: CNET used an AI engine to help create several dozen stories, which are labeled accordingly. The note you're reading is attached to articles that deal substantively with the topic of AI but are created entirely by our expert editors and writers. For more, see our AI policy.