Microsoft has moved a step closer to launching its controversial AI-powered Recall tool, a feature for Windows that stores a comprehensive history of the user’s activity and has been called a “privacy nightmare”.

The feature has begun testing with users signed up to Microsoft’s Windows Insider testing programme in the Windows Release Preview channel, Microsoft said.

The Release Preview channel is normally where features are released for testing immediately before being rolled out more broadly to Windows 11.

Security concerns

Recall was originally intended to be released last June as key selling point for its Copilot+ PCs and laptops, which feature specialised chips from the likes of Qualcomm, Intel and AMD and are fine-tuned to run AI workloads.

The tool is designed to allow users to easily call up information from their browsing history or desktop activity, even if they can’t remember exactly which app the information was from, such as an item viewed online several days or weeks earlier.

Security researchers last year called the feature a potential security nightmare, due to the comprehensive information it stores, which could create issues if it fell into the wrong hands – for instance, if the user’s system were hacked.

Recall’s initial launch was pushed back as Microsoft chose to carry out more security testing, and a second launch was announced in September, but this was also delayed.

Microsoft released a preview of the tool in November to testers in the Developer channel for Qualcomm-based Copilot+ PCs, followed shortly afterward by a similar test version for Intel- and AMD-powered Copilot+ systems.

The company said it plans to release Recall worldwide, but that users in the EU would have to wait for it until later in 2025.

A key alteration Microsoft made last autumn was to make Recall an opt-in feature – originally, it was enabled by default, and users who didn’t want it had to turn it off.

User control

In a blog post, Microsoft emphasised that users “can pause saving snapshots at any time” and said Recall does not share snapshots or associated data with Microsoft, third parties, or other users.

It said users must confirm their identity before accessing snapshot data, which is stored locally.

Users can choose which apps the feature captures data from, private browsing mode from some browsers won’t be captured, and users can delete screenshots that have already been captured.

Last autumn Microsoft said Recall would use its Purview software, an enterprise-level system designed to ensure Recall doesn’t save sensitive information such as passwords, national ID numbers or credit card numbers.

Purview contains a database that allows it to recognise such data and prevent the feature from capturing it.

Microsoft said it had conducted months of security reviews via its own Offensive Research and Security Engineering team and third-party experts.

The UK Information Commissioner’s Office said it had expectations that in Microsoft’s latest iterations of Recall, “user transparency was improved and personal data was not used for purposes other than those for which it was originally collected”.

It added that “organisations are accountable for demonstrating their ongoing compliance with data protection law”.