Microsoft says pairing artificial intelligence with constant screenshots of a user’s device allows its newest PCs to remember everything a user does on their computer — all while protecting their security and privacy.
The claim has raised concerns from some security experts and privacy advocates, after the company unveiled an upgraded version of its AI assistant Copilot on Monday amid an accelerating AI push in the technology industry.
The new feature, named Recall, is described by Microsoft as “like having photographic memory”.
It says the software takes “snapshots” of a user’s screen every few seconds, before a generative AI model analyses the images locally on their device, to allow them to later find what they are looking for “across any application, website, document”.
The snapshots are encrypted and only stored on the computer’s hard drive, Microsoft says, and can be used to scroll back in time.
Dr Dana McKay from RMIT's School of Computing Technologies says that while the technology behind Recall “could have significant productivity benefits”, there are also potential dangers.
“Documenting every activity necessarily means it is available not just to you, but to everyone who can access your account, whether this be an employer or an abusive partner who has coerced you into sharing your password,” she says.
“It also, potentially, makes your behaviour much easier to mimic or automate, increasing the risk of identity theft.
“Whether these challenges have been taken into consideration in the design of such systems remains to be seen, but greater surveillance always imposes greater risk on more vulnerable groups.”
In a statement to Information Age, a Microsoft spokesperson says the organisation's goal is to “provide a seamless and secure experience that enhances productivity without compromising on privacy”.
"We’ve ensured that these snapshots are protected using data encryption on your device and saved locally on your local hard disk, never leaving the user’s device and remains private and accessible only to the user logged into their profile,” they said.
Microsoft says it is not able to access a user’s snapshots, and they are not used for targeting advertising.
The company says users and organisations can turn off Recall, delete individual snapshots or chunks of time, and stop images of apps and websites of their choice from ever being saved by the system.
Passwords, banking info and more captured
Microsoft’s FAQs about Recall state that the feature does not moderate the content it captures.
"It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry,” the company says.
Microsoft says Recall won’t take snapshots of some content, namely copyrighted content protected by digital rights management (DRM) systems, or private browsing sessions in Microsoft’s Edge internet browser.
Paul Haskell-Dowland, a cyber security professor at Edith Cowan University and a member of the Australian Computer Society’s Cyber Security Committee, tells Information Age that Recall may capture content which a user might not have permission to save, such as personal or proprietary data in emails, or images of people on video calls.
“It is amusing that Microsoft makes explicit comment about not capturing DRM content — presumably to avoid any copyright issues — but makes no mention about the implications for a video-conference session which could capture images of individuals who have not given permission for their image to be captured,” he says.
Haskell-Dowland says some users will be reassured that Recall is processed locally, but some industry figures have suggested that even locally stored and encrypted information will be an enticing opportunity for hackers and scammers.
Gary Marcus, founder and CEO of Geometric Intelligence (which was acquired by Uber), wrote on X: “If you don’t think Microsoft Recall, local or no, will be one of the biggest cyber targets in history, you aren’t paying attention.”
Microsoft says Recall allows users to search through their entire computer history. Image: Microsoft
Watchdog ‘aware of privacy concerns’
In a statement to Information Age, a spokesperson for the Office of the Australian Information Commissioner (OAIC) said it was “aware of privacy concerns” raised around Microsoft’s Recall feature.
“We actively monitor the environment to identify potential privacy issues, including through collaborating and exchanging information with other regulators,” they said.
The spokesperson added that due to “immense privacy challenges associated with the use of AI and other technologies that collect personal information”, the OAIC urged organisations to carry out privacy impact assessments on technology which handles personal information.
Elsewhere, the UK’s Information Commissioner’s Office (ICO) told the BBC that it was asking Microsoft to detail “the safeguards in place to protect user privacy”.
Recall’s debut comes as other tech giants such as Google, Meta and OpenAI race to develop multimodal AI platforms which can see what their users see and interact with them through audio, images, text and video.
Apple is also expected to unveil its largest swathe of AI software to date at its Worldwide Developers Conference (WWDC) in June.
