For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.
From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."
Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.
I've written up my thoughts on the Copilot Recall feature in Microsoft Copilot+ PCs
I think it will enable fraud and endanger users, and is not the sign of a company who are committed to security first.
The UK’s ICO have opened an investigation into Copilot+ Recall. https://www.bbc.co.uk/news/articles/cpwwqp6nx14o
Copilot+ Recall has been enabled by default globally in Microsoft Intune managed users, for businesses.
You need to enable DisableAIDataAnalysis to switch it off. https://learn.microsoft.com/en-us/windows/client-management/manage-recall
Here’s Copilot+ Recall search in action, showing instant text based search finding a WhatsApp chat and a PDF from 6 months ago being viewed on screen.
Two quick updates -
A) if you disallow recording of a website in Control Panel or GPO, in Chrome it is still recorded - disallow recording only works in Edge browser
B) Firefox and Tor Browser is recorded always, including in private mode - the exception is Hollywood DRM’d videos
I got ahold of the Copilot+ software.
Recall uses a bunch of services themed CAP - Core AI Platform. Enabled by default.
It spits constant screenshots (the product brands then “snapshots”, but they’re hooked screenshots) into the current user’s AppData as part of image storage.
The NPU processes them and extracts text, into a database file.
The database is SQLite, and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.
And if you didn’t believe me.. found this on TikTok.
There’s an MSFT employee in the background saying “I don’t know if the team is going to be very happy…”
They should probably be transparent about it, rather than telling BBC News you’d need to be physically at the PC to hack it (not true). Just a thought.
@GossiTheDog I forget his name but the guy talking is actually here on Mastodon. He at least was, and I think still is an employee at Microsoft.
@gerowen @GossiTheDog he's Scott Hanselman, I won't like to his profile but yes he's on Mastodon I belive.
@Powareverb @gerowen @GossiTheDog @shanselman that's fine he's the one doing transparency here and I would love to read his thoughts about the privacy concerns of Recall.
@ThibaultDu @Powareverb @gerowen @GossiTheDog @shanselman IMO it seems that this is the Ian Malcolm moment from Jurassic Park.
@ThibaultDu @Powareverb @gerowen @GossiTheDog I don’t work on the project but I find the NPU tech and the open SDKs behind it (and onyx runtime) interesting. My opinion is it should be not just opt-in but something you download explicitly and install if you want it. Similar to RescueTime and TimeSnapper and AugmenD and other apps that have done this stuff for years (using OCR). This should be as secure as your browser history, encrypted at rest, non roaming, etc.
My opinion as a technologist with all things like this is always should be optional, auditable, local, and transparent
@shanselman Thank you for answering truthfully Scott! 
@ThibaultDu We have nothing if we don’t have integrity
@ThibaultDu @shanselman indeed, thanks for chiming in Scott, your opinion was good to hear. I get your interest from a technical PoV, but this stuff is so many levels of concerning for myself and others, as you no doubt can see from the thread. Very much expect the product team would be aware of this, so it begs questions about how far up the chain are these discussions being ignored. Will be watching the space.
@shanselman @ThibaultDu @Powareverb @GossiTheDog That's what I'm hoping; that it'll be opt in. I could see it being very useful for some people, as long as the data cache is properly protected even while the user is logged in.
@shanselman @ThibaultDu @Powareverb @gerowen @GossiTheDog it's going to be interesting how IT departments handle this. FWIW I was invited to a Dell + MS event next month (I assume launching their line) and I had to refuse it - as it was a paid-for event, but also I could already see the risks for a company like us who have so many people and departments - all you need is one poorly configured laptop and company secrets can spill out.