Microsoft makes Recall more secure ahead of rollout, promises users can customize or uninstall it

Microsoft’s Copilot+ platform is designed to bring new AI features to Windows by tapping into the powerful neural processing units baked into the latest Qualcomm, AMD, and Intel processors. And when Microsoft first announced the platform earlier this year, one of the most impressive features also turned out to be the most controversial.

Recall is an optional Windows feature that saves snapshots of (nearly) everything you do on your computer, allowing you to interact with your history in interactive ways without saving (and remembering) a bunch of bookmarks. As first described, it was a security nightmare. So Microsoft delayed the rollout of Recall to address those concerns. Now the company is explaining the changes that have been made as it prepares to bring Recall to Copilot+ PCs.

First off, and possibly most importantly: you don’t have to use Recall. The feature is opt-in by default which means it’s only active if a user has explicitly enabled Recall on a Windows 11 PC with Copilot+ capabilities. And if you’re pretty sure you’re never going to use Recall, you can remove Recall entirely using the Optional Features setting in Windows.

If you do decide you want to use Recall, Microsoft notes that your data is always encrypted and your keys are protected. The good news is that this should make it a lot tougher for somebody with unauthorized access to your computer to start digging through your history – because it’s all saved in a virtualization-based security enclave (VBS Enclave). But it sounds like the enhanced security could also make actually using Recall a little more of a hassle.

That’s because not only will you need to set up Windows Hello Enhanced Sign-in Security for biometric authentication, but you’ll then need to use a fingerprint, facial recognition, or a PIN for “run-time authorization of access to the Recall user interface.” In other words, every time you want to ask your computer to find that recipe you read last week, the picture of your kids you were editing last month, or the travel plans you started making for your next vacation, you’ll need to use Windows Hello to authenticate your request.

Microsoft has always insisted that Recall data is stored and processed only on your computer and never sent over the internet to Microsoft servers or any other third-parties. That’s why Recall is only available on PCs with an NPU capable of delivering at least 40 TOPS of AI performance.

The company is also giving users some additional control over privacy features though. For example, users can ensure that Recall won’t save snapshots when you’re using specific applications or visiting specific websites in supported web browsers (including Edge, Chrome, Firefox, and Opera).

If you enable private browsing or “incognito mode” in supported browsers (including any Chromium-based web browser), Recall also won’t save any snapshots of your browsing activity.

There’s also a “sensitive content” filter that’s enabled by default, which is supposed to detect when you’re entering a password, credit card number, driver’s license, state ID, passport, or other government ID number, or other things that you may not want saved by Recall.

And users can manually delete snapshots by “time range, all content from an app or website or anything and everything found in Recall search.”

A preview version of Recall is expected to roll out to members of the Windows Insiders program in October before Recall is made available to the general public some time in the future.

You can find more details about security and privacy features that will be available in Recall at launch in a post on the Windows Experience Blog.