{"id":24076,"date":"2025-05-15T06:08:55","date_gmt":"2025-05-15T10:08:55","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=24076"},"modified":"2025-05-15T15:43:59","modified_gmt":"2025-05-15T11:43:59","slug":"recall-2025-risks-benefits","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/recall-2025-risks-benefits\/24076\/","title":{"rendered":"Should you disable Microsoft Recall in 2025?"},"content":{"rendered":"<p>When Microsoft first announced its \u201cphotographic memory\u201d Recall feature for Copilot+ PCs a year ago, cybersecurity experts were swift in <a href=\"https:\/\/www.kaspersky.com\/blog\/how-to-disable-copilot-recall-spyware\/51522\/\" target=\"_blank\" rel=\"noopener nofollow\">sounding the alarm<\/a>. Recall\u2019s many flaws posed a serious threat to privacy, prompting Microsoft to postpone its release for further refinement. The updated Recall came to Windows Insider Preview builds in April 2025, and was rolled out widely in May on devices equipped with the necessary hardware. The essence remains the same: Recall memorizes all your actions by continuously taking screenshots and using <a href=\"https:\/\/en.wikipedia.org\/wiki\/Optical_character_recognition\" target=\"_blank\" rel=\"nofollow noopener\">OCR<\/a> to analyze their content. However, with the latest update, the security of this data has been significantly enhanced. How much difference does this actually make? And is the convenience of Recall really worth the potential loss of control over your personal data?<\/p>\n<h2>What\u2019s new in Recall\u2019s second coming<\/h2>\n<p>Since the initial announcement, <a href=\"https:\/\/www.kaspersky.com\/blog\/how-to-disable-copilot-recall-spyware\/51522\/\" target=\"_blank\" rel=\"noopener nofollow\">which we covered in detail<\/a>, Microsoft has addressed several key criticisms raised by cybersecurity professionals.<\/p>\n<p>First, Recall now only activates with user permission during the initial system setup. The interface doesn\u2019t manipulate users into agreeing with visual tricks like highlighting the \u201cYes\u201d button.<\/p>\n<p>Second, Recall\u2019s database files are now encrypted, with key storage and cryptographic operations handled by the hardware-based TPM (Trusted Platform Module), making their extraction significantly more difficult.<\/p>\n<p>Third, a special filter <em>attempts<\/em> to prevent saving screenshots or text when the screen contains potentially sensitive information \u2014 a <a href=\"https:\/\/www.kaspersky.com\/blog\/incognito-myth-how-private-browsing-works\/51408\/\" target=\"_blank\" rel=\"noopener nofollow\">private browser window<\/a>, a payment data input form, <a href=\"https:\/\/www.kaspersky.com\/blog\/kaspersky-international-password-day-2024\/51095\/\" target=\"_blank\" rel=\"noopener nofollow\">password manager<\/a> cards, and so on. Note it only \u201cattempts\u201d: testers have already reported numerous instances where confidential data slipped through the filter and ended up in the OCR database.<\/p>\n<p>Ars Technica <a href=\"https:\/\/arstechnica.com\/gadgets\/2025\/04\/in-depth-with-windows-11-recall-and-what-microsoft-has-and-hasnt-fixed\/\" target=\"_blank\" rel=\"nofollow noopener\">highlights<\/a> several other positive changes:<\/p>\n<ul>\n<li>Recall is enabled for each PC user individually, rather than everyone at once.<\/li>\n<li>Recall can be uninstalled completely.<\/li>\n<li>A Microsoft account isn\u2019t required.<\/li>\n<li>No internet connection is needed \u2014 all data is processed locally.<\/li>\n<li>To initially launch Recall, BitLocker disk encryption and Windows Hello biometric authentication (face or fingerprint recognition) must be enabled.<\/li>\n<li>Windows Hello authentication is required every time the Recall search is used.<\/li>\n<\/ul>\n<h2>Why Recall still poses risks<\/h2>\n<p>Microsoft has indeed put some effort into responding to the criticism. However, the current version of Recall still has a number of issues.<\/p>\n<p>First, biometric authentication is only required during the initial setup of Recall. For subsequent launches, the AI assistant will also ask to confirm your identity, but presenting your face or fingerprint is no longer necessary. A regular Windows PIN will suffice, and it\u2019s relatively easy for someone to take a peek at, or guess, your PIN, no matter whether you\u2019re at home or at work. One reviewer <a href=\"https:\/\/doublepulsar.com\/microsoft-recall-on-copilot-pc-testing-the-security-and-privacy-implications-ddb296093b6c\" target=\"_blank\" rel=\"nofollow noopener\">admits<\/a> to asking his girlfriend to find a screenshot of a specific Signal chat on his computer \u2014 she guessed the password and found the screenshot in just five minutes.<\/p>\n<p>Second, Recall can also be re-activated without biometrics. If the account owner tried Recall but then disabled it, anyone who knows the PIN can re-enable screenshot capture and smart search. All that\u2019s left is to wait a little while, log back in, and browse the results.<\/p>\n<p>Third, as mentioned, automatic filtering of sensitive data is unreliable. In theory, Recall doesn\u2019t take screenshots in many high-risk scenarios: when a browser window is opened in private mode, when remote access to another desktop is active, when entering payment info or passwords, and also on additional inactive displays and desktops. In practice, these situations aren\u2019t always recognized \u2014 for example, the filter fails to detect the private mode in not-so-common browsers (such as Vivaldi) and remote desktops, including those accessed with the hugely popular AnyDesk.<\/p>\n<p>Finally \u2014 and this deserves a whole category of its own \u2014 Recall meticulously logs the computer owner\u2019s interactions with other users, potentially violating both their privacy rights and the data retention policies of messaging and collaboration tools. For example, if the computer owner is in a Zoom or Teams call with automatic transcription enabled, Recall will save a full recording of the call with a transcript of who said what. If a <a href=\"https:\/\/www.kaspersky.com\/blog\/whatsapp-privacy-security\/51428\/\" target=\"_blank\" rel=\"noopener nofollow\">self-destructing WhatsApp<\/a> or <a href=\"https:\/\/www.kaspersky.com\/blog\/messengers-101-safety-and-privacy-advice\/53300\/\" target=\"_blank\" rel=\"noopener nofollow\">Signal<\/a> chat is open on screen, Recall will save it anyway, despite the chat\u2019s privacy policies. Photos and videos intended for one-time viewing will also be stored if just one person in the conversation uses Recall.<\/p>\n<p>All of this matters in two dangerous scenarios: (i) when someone who knows (or can guess) the PIN gains unauthorized physical access to the computer; and (ii) when an <a href=\"https:\/\/www.kaspersky.com\/blog\/mysterysnail-cve-2021-40449\/42448\/\" target=\"_blank\" rel=\"noopener nofollow\">attacker exploiting Windows vulnerabilities<\/a> gains remote access to it. Year after year, despite the tightening of security measures, <a href=\"https:\/\/www.kaspersky.com\/blog\/march-2025-patch-tuesday\/53162\/\" target=\"_blank\" rel=\"noopener nofollow\">hackers keep finding ways<\/a> to elevate privileges on compromised machines and exfiltrate information \u2014 even encrypted data.<\/p>\n<h2>Impact on performance and battery life<\/h2>\n<p>Although Recall was originally designed for high-performance PCs equipped with a dedicated chip for AI computing (NPU) \u2014 only found in models released over the past 12 months \u2014 the capture and processing of screenshots can still sometimes interfere with the user experience in such powerful PCs. This is particularly noticeable when playing games, as Recall diligently takes screenshots and records in-game dialogue, consuming significant memory and computing resources, thus loading the NPU by up to 80%! Even when the device isn\u2019t plugged in (but the battery is almost fully charged), Recall continues working, draining the battery much faster than usual.<\/p>\n<h2>Who should disable or remove Recall?<\/h2>\n<p>Microsoft is now offering users a fair choice: enable Recall, ignore it, or completely remove it from the computer. This is a much better approach than previous campaigns to push Edge, Cortana, or Windows Media Player. If you see a screen prompting enabling Recall, consider whether you fall into one of these categories:<\/p>\n<ul>\n<li>Anyone working with trade secrets, other people\u2019s confidential data, or personal data in general (e.g., lawyers, doctors, and other professionals).<\/li>\n<li>Active users of video conferencing, remote tech-support services, or other tech involving the handling of others\u2019 information.<\/li>\n<li>People engaged in particularly private correspondence \u2014 especially using <a href=\"https:\/\/www.kaspersky.com\/blog\/what-makes-a-messenger-secure\/48671\/\" target=\"_blank\" rel=\"noopener nofollow\">secure messengers<\/a> and disappearing chats\/messages.<\/li>\n<li>Individuals living with jealous or nosy family members, or working in an office with overly curious colleagues.<\/li>\n<\/ul>\n<p>For all these users, we recommend steering clear of Recall \u2014 or, better yet, removing it entirely.<\/p>\n<h2>How to disable or remove Recall<\/h2>\n<h4>To disable Recall:<\/h4>\n<ol>\n<li>Open <strong>Settings<\/strong> in the Windows <strong>Start<\/strong> menu and select <strong>Privacy &amp; security<\/strong>.<\/li>\n<li>Within <strong>Privacy &amp; security<\/strong>, find the <strong>Recall &amp; snapshots<\/strong> subsection.<\/li>\n<li>In this subsection, toggle off <strong>Save snapshots<\/strong>, and click <strong>Delete snapshots<\/strong> to erase any data already collected.<\/li>\n<\/ol>\n<div class=\"mceTemp\"><\/div>\n<div id=\"attachment_24074\" style=\"width: 1137px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2025\/05\/15141223\/recall-2025-risks-benefits-01.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-24074\" class=\"size-full wp-image-24074\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2025\/05\/15141223\/recall-2025-risks-benefits-01.jpg\" alt=\"How to disable Microsoft Copilot+ \" width=\"1127\" height=\"843\"><\/a><p id=\"caption-attachment-24074\" class=\"wp-caption-text\">How to disable Microsoft Copilot+ Recall and delete any stored data. <a href=\"https:\/\/support.microsoft.com\/en-us\/windows\/manage-your-recall-snapshots-and-disk-space-2c35b596-5a96-4090-b791-c27fae75f660\" target=\"_blank\" rel=\"nofollow noopener\">Source<\/a><\/p><\/div>\n<h4>To remove Recall completely:<\/h4>\n<ol>\n<li>In the Windows <strong>Start<\/strong> menu search bar, type <strong>Turn Windows features on or off<\/strong>.<\/li>\n<li>In the retro-looking window that opens, locate the <strong>Recall<\/strong> entry.<\/li>\n<li>Uncheck the box next to this item and click <strong>OK<\/strong>.<\/li>\n<\/ol>\n<p>After this, Recall will be removed from your PC, and its settings will no longer appear under <strong>Privacy &amp; security<\/strong>.<\/p>\n<div id=\"attachment_24075\" style=\"width: 772px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2025\/05\/15141242\/recall-2025-risks-benefits-02.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-24075\" class=\"size-full wp-image-24075\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2025\/05\/15141242\/recall-2025-risks-benefits-02.jpg\" alt=\"How to remove Microsoft Copilot+ Recall completely \" width=\"762\" height=\"736\"><\/a><p id=\"caption-attachment-24075\" class=\"wp-caption-text\">How to remove Microsoft Copilot+ Recall from your computer completely. <a href=\"https:\/\/arstechnica.com\/gadgets\/2025\/04\/in-depth-with-windows-11-recall-and-what-microsoft-has-and-hasnt-fixed\/\" target=\"_blank\" rel=\"nofollow noopener\">Source<\/a><\/p><\/div>\n<h2>How to configure Recall if you decide to try it anyway<\/h2>\n<p>If you don\u2019t fall into any of the categories above and really want to Recall something like \u201cthe photo where Jane\u2019s cat is lying on the blue sofa\u201d, we recommend taking a few precautions and adjusting your settings for better security:<\/p>\n<ul>\n<li>Disable less secure sign-in methods in Windows, such as pattern locks and PINs. Use only a strong password and biometric authentication.<\/li>\n<li>Manually add to Recall\u2019s exclusion list all messengers you use for confidential correspondence, password managers, finance apps and websites, and any other apps or websites that may contain private information. For ethical reasons, it\u2019s a good idea to exclude all video conferencing apps. For performance reasons, exclude all games.<\/li>\n<li>Set a screenshot retention period that suits your needs, keeping it to a minimum. Possible options range from 30 to 180 days.<\/li>\n<li>Periodically \u2014 ideally a few times a week \u2014 check Recall to see which apps and sites were recently captured. This will help you identify and manually delete or filter out any sources of sensitive information you may have missed earlier.<\/li>\n<\/ul>\n<p>Regardless of your Recall settings or whether it\u2019s installed at all, the two most common data leak scenarios are direct theft from your device by infostealer malware, and entering your credentials on a phishing site. To guard against these risks, be sure to use a comprehensive cybersecurity solution, such as <a href=\"https:\/\/me-en.kaspersky.com\/premium?icid=me-en_bb2022-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">Kaspersky Premium<\/a>.<\/p>\n<blockquote><p>Under the pretense of user convenience \u2014 and sometimes without any pretense at all \u2014 various organizations collect information about you that you may not even be aware of. How? Read here:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/visited-links-privacy-protection\/53380\/\" target=\"_blank\" rel=\"noopener nofollow\">Turning purple: how visited links threaten your privacy<\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/protecting-from-tracking-via-findmy-airtag\/53245\/\" target=\"_blank\" rel=\"noopener nofollow\">How to track anyone via the Find My network<\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/disable-mobile-app-ad-tracking\/53096\/\" target=\"_blank\" rel=\"noopener nofollow\">How smartphones build a dossier on you<\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/geolocation-data-broker-leak\/53050\/\" target=\"_blank\" rel=\"noopener nofollow\">Geolocation data brokers: What they do and what happens when they leak<\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/blog\/airtag-and-stalkerware-protection-on-android\/52652\/\" target=\"_blank\" rel=\"noopener nofollow\">How to protect yourself from Bluetooth stalking and more<\/a><\/li>\n<\/ul>\n<\/blockquote>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"premium-generic\">\n","protected":false},"excerpt":{"rendered":"<p>A year after its disastrous announcement, Microsoft is finally launching its AI-powered Recall feature on Copilot+ PCs. Is the new version secure, and what&#8217;s actually changed?<\/p>\n","protected":false},"author":2722,"featured_media":24078,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1225,9],"tags":[2088,1481,2760,38,43,1040,2768,738,321,783],"class_list":{"0":"post-24076","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"category-tips","9":"tag-tips","10":"tag-ai","11":"tag-copilot","12":"tag-microsoft","13":"tag-privacy","14":"tag-private-browsing","15":"tag-recall","16":"tag-surveillance","17":"tag-technology","18":"tag-tracking"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/recall-2025-risks-benefits\/24076\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/recall-2025-risks-benefits\/28849\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/recall-2025-risks-benefits\/12428\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/recall-2025-risks-benefits\/28955\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/recall-2025-risks-benefits\/28136\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/recall-2025-risks-benefits\/30951\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/recall-2025-risks-benefits\/29662\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/recall-2025-risks-benefits\/39529\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/recall-2025-risks-benefits\/13368\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/recall-2025-risks-benefits\/53407\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/recall-2025-risks-benefits\/22788\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/recall-2025-risks-benefits\/23817\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/recall-2025-risks-benefits\/32178\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/recall-2025-risks-benefits\/29131\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/recall-2025-risks-benefits\/34897\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/recall-2025-risks-benefits\/34530\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/microsoft\/","name":"microsoft"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/24076","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=24076"}],"version-history":[{"count":4,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/24076\/revisions"}],"predecessor-version":[{"id":24082,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/24076\/revisions\/24082"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/24078"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=24076"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=24076"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=24076"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}