At yesterday’s Surface event, Microsoft unveiled its Copilot+ PCs, including the Surface Laptop 7 and Surface Pro 11, which are powered by Snapdragon X series chipsets. The company showcased several new AI features for these devices that require a robust NPU. A notable feature is Recall, also known internally as AI Explorer, which represents the next generation of AI on Windows 11.
Recall takes screenshots of your screen every few seconds, effectively creating a photographic record of your PC activity. You can later search for specific items using natural language queries and interact with content from your past activity.
For instance, if you previously searched for a brown leather bag online, you can type “brown bag” into Recall, and it will display the precise timeline from the source app. Even if the screenshot didn’t include any text about the brown bag, Recall can still locate the content by analyzing the image with AI object detection.
Additionally, you can use Recall to search for emails or snippets from meeting transcriptions. To use Recall, you need to allocate at least 25GB of storage, which can retain information for up to three months.
What About Privacy?
While Recall might appear to be a useful feature, it could also be seen as invasive due to its constant screenshot capturing. According to Microsoft’s FAQ, these screenshots are encrypted and stored locally on the device.
All AI processing is done on the device using the integrated NPU, and no personal data is transmitted to the cloud. Microsoft further says “Your snapshots are yours; they stay on your PC.”
Additionally, you have the option to pause or completely disable the Recall AI feature. You can also set it to exclude certain apps and websites from screenshot capture. Individual snapshots or all of your snapshots can be deleted from the Settings menu. Notably, Recall is designed to avoid taking screenshots of Incognito windows (Private browsing) and DRM-protected content.
Recall does not include content moderation for captured screenshots, meaning it won’t obscure passwords or financial details. Currently in preview, Microsoft plans to enhance Recall with improved controls and privacy features based on user feedback.
I am Not Comfortable with Sharing My Screen for Recall
Despite the available privacy safeguards and controls, I am uncomfortable with sharing my screen through Recall, particularly when it offers features I may never use. My main concern is that Recall is enabled by default, meaning many users might not even realize it’s active on their PCs. I believe Microsoft should make this feature opt-in by default.
Additionally, while the semantic index is encrypted locally, it introduces a potential security risk. This index contains sensitive contextual information about my files, emails, browsing activity, and more. Unknown vulnerabilities could be exploited to access this sensitive data.
In information security, the principle of avoiding the centralization of sensitive data and promoting data minimization is well-established. Centralizing such data can create a single point of failure in the event of a breach. Personally, I’m not enthusiastic about the Recall AI feature on Windows 11. My first action on a Copilot+ PC would be to disable it immediately.
0 Comments