Microsoft’s new Recall for Copilot+PCs criticized as spyware
Join us in returning to NYC on June 5th to collaborate with executive leaders in exploring comprehensive methods for auditing AI models regarding bias, performance, and ethical compliance across diverse organizations. Find out how you can attend here.
This week, Microsoft is hosting its annual developer conference Build from the Seattle Convention Center, and amid the flurry of AI-related announcements from the valuable software company, one has struck a false note among many tech industry followers on X (formerly Twitter).
Of many Microsoft announcements, perhaps the biggest was the introduction of new Microsoft Copilot+PCs — laptops and desktop computers outfitted with a new version of Microsoft Windows that contains its AI assistant Copilot baked into the very fabric of the operating system itself.
Copilot, in turn, is powered by a range of underlying AI models including the new GPT-4o introduced last week by Microsoft partner and investment OpenAI.
Yet the one feature in particular, Recall, stood out to some observers — and not in a good way. The Recall feature essentially records a user’s screen activity on their Copilot+PC, including mouse movements and application actions — whether a user is sending messages, checking email, editing a document or image — and allows the user to go back, replay them to find a detail or interaction they want to access again. Microsoft describes Recall this way in a blog post announcing the Copilot+ PCs:
“With Recall, you can access virtually what you have seen or done on your PC in a way that feels like having photographic memory. Copilot+ PCs organize information like we do – based on relationships and associations unique to each of our individual experiences. This helps you remember things you may have forgotten so you can find what you’re looking for quickly and intuitively by simply using the cues you remember.”
Microsoft elaborated that the feature will allow users to “get back to where you were, whether to a specific email in Outlook or the right chat in Teams.”
Microsoft execs equated the feature to being like “photographic memory” on your PC:
A program that records all your PC activity may sound Orwellian/dystopian or ill advised, but in that same blog post, the company sought to quell concerns over privacy and security, stating that the data was “stored entirely on your device,” in something called a “personal semantic index.” As the blog post goes on:
“Your snapshots are yours; they stay locally on your PC. You can delete individual snapshots, adjust and delete ranges of time in Settings, or pause at any point right from the icon in the System Tray on your Taskbar. You can also filter apps and websites from ever being saved. You are always in control with privacy you can trust.“
A spokesperson for Microsoft reiterated those privacy and security mechanisms to VentureBeat in a brief phone call, and they also stated that the data was stored in an encrypted format on the user’s PC, would never be sent up to the cloud or the web, nor would it be used to train any Microsoft AI models — on device or elsewhere. The spokesperson said it was always in the user’s control — not any system administrator from a company.
Yet a number of users on X immediately greeted the feature and demos of it with alarm. Some even equated it to spyware or keyloggers, malware that records a user’s keystrokes and can be used to record sensitive information such as passwords.
Some pointed out the risks of having even a copy of your PC activity stored on device if the device was seized by an antagonistic party, say a government agency or security apparatus.
Others recalled how Microsoft itself, as the largest software company in the world by sheer number of devices running variants of Windows and Office, has already been subject to many hacks and cyber attacks, making this kind of on-device activity storage a potentially enticing target for hackers.
Even in a more benign case, losing your device or having it stolen — users expressed concern that their sensitive information, such as passwords, could be accessed through the Recall feature.
Even X owner Elon Musk joined in the pileup on Microsoft’s Copilot+PC Recall feature, stating “this is like a Black Mirror episode,” in reference to the dystopian sci-fi/horror series on Netflix.
Whether this backlash is deserved or not, it will be interesting to see how it impacts sales of Microsoft Copilot+PCs — if it does at all — and if any of the concerns materialize into concrete harms caused by this new Recall feature. Or, in the best case scenario for Microsoft and users of the new devices, the system works as designed and manages to provide benefits of rewinding to the past without sacrificing privacy and safety.