The return of Recall the AI feature in Windows 11 Copilot+ PCs that automatically saves screen moments raises an important question: has convenience trumped privacy?
The feature was originally announced in May 2024, but security experts at the time labeled it a nightmare. After all, Recall takes screenshots of user activity, stores them locally AND appeared to capture passwords in plain text. With the rollout of update KB5055627 in April/May 2025, Recall will again become available on Copilot+ PCs.
What is Windows 11 Recall?
Recall periodically takes screenshots of everything you do on your screen. These images are made searchable via OCR (text recognition) and stored locally. This allows you to easily search back by keywords and navigate directly to the right moment. Microsoft calls it “a digital memory” convenient, but the feature is still in preview.
What has been improved?
Microsoft has taken a number of steps to address last year’s criticism:
- Opt-in required: Recall is off by default and asks for permission twice.
- Windows Hello authentication: Accessible only after biometric authentication or PIN.
- Automatic filtering: Sensitive data such as IDs, credit cards and banking info are automatically excluded.
- Adjustable exclusions: You can filter apps, websites and content or disable Recall completely.
What remains of concern?
Despite improvements, there are still serious areas of concern:
- PIN access: Instead of just biometrics, a simple PIN also provides access.
- Unreliable filtering: In some cases, sensitive data is still stored.
- Chat apps not blocked by default: Signal, WhatsApp and Telegram are simply captured unless manually excluded.
- Data at other parties: If your organization disables Recall, but an external party does not, your shared data may still be stored locally.
To whom does this apply?
Recall is only available on Copilot+PCs for now, but it is likely that the feature will eventually be rolled out more broadly. So any organization working with sensitive information should create policies on this now.
What can you do?
- Make sure Recall is active: Go to Settings → Privacy & Security → Recall.
- Use filters: Exclude specific apps, websites or sensitive data.
- Disable Recall: You can do this through settings. Delete existing snapshots.
- Use Group Policy or PowerShell: Allows you to block Recall completely in a corporate environment.
- Check after updates: Major Windows updates can reactivate Recall.
Conclusion
The return of Recall once again leads to discussions about privacy. Although Microsoft has made clear improvements, it is still important for organizations to look critically at the feature. Disable Recall, establish policies and keep a close eye on updates. Privacy should never be the price of convenience.