Windows Recall: What It Is, Why Hackers Will Love It, and How to Stay Safe
By Corporal Punishmenton 06/05/2025 |
Microsoft recently introduced a new feature called Microsoft Copilot Recall, or Microsoft Recall for short, and it's already raising serious privacy concerns. It's theoretically designed to help you find things you've viewed on your computer by taking screenshots every few seconds and then using CoPilot to assist you in locating them. Sounds helpful, right?But there's a catch: The information gathered does not take security or privacy into consideration, and hackers can easily use those screenshots against you if your computer is compromised. Here's what you need to know, how to check if you even have it and how to protect yourself.
What Is Windows Recall?
Windows Recall is a new feature built into the latest Windows 11 Copilot+ PCs released in mid-2024. It automatically takes snapshots of your screen every few seconds while you use your computer, regardless of what is on your screen. Then, it saves those images so you can search through them later using keywords or a timeline. Think of it as a photo memory book for your PC. Recall then uses optical character recognition (OCR) to make screenshots searchable by text. The AI model used is called "Phi Silica" and runs locally on your device's Neural Processing Unit (NPU).
It can help you:
Is Windows Recall just a Jacked-Up Version of Folder Restore?[
No, Windows Recall is not the same as Folder Restore. Folder Restore (also called File History or Previous Versions) lets you recover a specific file or folder to an earlier version—basically a backup. Windows Recall, on the other hand, takes constant screenshots of everything you do on your PC and saves them so you can search your past activity like a timeline. One restores deleted files; the other logs your entire screen history. They are totally different tools with very different privacy implications.
Is Microsoft Using Recall to Train AI?
While Microsoft states that Recall data is stored locally and not uploaded to the cloud, many users are asking the obvious question: why collect all this screen data in the first place? The answer likely ties into the future of AI. These screen snapshots provide an incredibly detailed look at how people use their computers, including what they view, how they interact with apps, and the choices they make. That kind of real-world data is extremely valuable for training AI models to be more helpful, personal, and human-like. #JohnConnor
Even if Microsoft isn't using this data for training right now, the infrastructure is in place, and future updates could change how this information is handled. Once Recall is on millions of devices, the temptation to leverage that data for "better" AI, targeted suggestions, or even advertising could become just too strong to ignore. In short, while your Recall data might be private today, the long-term direction raises serious questions about how it might be used tomorrow.
How Much Space Does Recall Use—and Where Is It Stored?
You might be wondering: if Windows Recall is constantly taking screenshots, where does all that data go?
By default, Recall can use up to 25 GB of storage on your hard drive.
On higher-end systems, Microsoft allows it to grow to 150 GB or more depending on how much storage your device has.
The longer you use your PC and the more you do, the more space Recall will take.
All that data is stored locally, not in the cloud. That means it's on your own drive, but it also means it can be accessed if someone breaches your system/backup.
For the curious, all the Data for Widows Recall is located here:
C:\Users\[YourName]\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\Recall
This folder contains:
Microsoft says the data is encrypted and only accessible by you, but if malware or a hacker gains access to your user account, it's all fair game. Also, each snapshot is stored as an individual image file, not one giant log. That makes it more manageable for the system to index and retrieve but also easier for attackers to sift through if they gain access.
How Secure Is the Data? Understanding Recall Encryption
Recall data encryption is handled using Windows' built-in encryption technologies. In theory, this means that no other users on the system can view it.
However, encryption only helps if an attacker doesn't have your user credentials. If malware runs under your user account (as most successful malware does), it can bypass encryption entirely and access Windows Recall data just like you can.
This is why strong login security and malware protection are essential if you're using a system with Recall enabled.
Important: You Probably Don't Have Recall (Yet)
Before you panic, most people don't have Recall installed yet. So you have so prep time to school up.
Right now, it only works on brand-new Copilot+ PCs, which run special ARM-based processors like the Snapdragon X Elite or X Plus. These computers just hit the market in 2024, and you'd know if you bought one. They will have a Snapdraong badge someplace.
If you don't see a badge, here's how to check if you have Recall:
Option 1: Search for Recall
Option 2: Check Settings
Option 3: Look at Your PC Specs
No Recall app? No Copilot+ branding? You're safe for now.
Why Hackers Love Recall
The idea behind Recall is to help you, but it could also help hackers if they get into your life in a meaningful way. Here's how they could use it:
This will make having strong, proactive antimalware software in place like MalwareBytes Antimalware, Bitdefender, Avast, and even Fortect Pro even more important on Co-Pilot Recall-enabled machines.
How to Disable or Control Recall
If you do have Recall and don't want it running, you can turn it off or limit what it collects. If you do not have Recall yet, these items will not be on your system.
How to Turn Off Recall in Windows Settings
For advanced users with group policy (Pro or Enterprise editions):
For Home edition users with RegEdit:
Other Ways to Protect Yourself
Even if you don't have Recall, these steps will help keep your PC safer in general:Frequently Asked Questions (FAQ)
Q: Can I delete specific Recall snapshots? A: Not yet. You can only delete all Recall data or disable the feature entirely.Q: Does Recall record private/incognito browser sessions? A: Yes. If it's visible on your screen, Recall captures it—regardless of browser mode.
Q: Is Recall turned on by default? A: Yes, on Copilot+ PCs it is enabled by default unless you turn it off manually.
Q: Can I move the Recall folder to another drive? A: Currently, there is no official way to relocate the Recall folder.
Final Thoughts
Windows Recall could eventually be a powerful tool but also a very risky one. As someone who's spent decades helping people fix slow, broken, or compromised PCs, Windows Recall sets off every red flag I've got. The idea of my computer silently taking screenshots of everything I do, including every website I visit, every password I type, every private message or document --- is a hard no. Even if Microsoft says it's "private" and "local," and they keep their word, the moment malware sneaks in or some future update changes the rules, all that sensitive info becomes a massive liability. And, be certain, with this sort of treasure trove of information, hackers will develop malware just for this purpose. I wouldn't trust it on a personal PC, let alone a work machine. Productivity is great, but not at the cost of turning your computer into a silent surveillance system. If you care even a little about privacy, this is one feature you should shut down before it ever gets started.
If you have a new Copilot+ PC, take time to review your settings and decide if you're comfortable with it. If you don't have a brand-new machine, you're probably safe, for now.
Bottom line: Recall helps you remember what you did on your PC, but it can help hackers remember it too. Stay informed, stay updated, and lock down your system before someone else does.
