Microsoft Recall
Carolina Hernandez, principal product manager at Microsoft, presents Recall in May 2024. Credit: Microsoft

Microsoft shelves Recall feature release after security uproar

Microsoft will not release its controversial Recall feature next week after backlash from security researchers and privacy experts.

Recall was slated to be released on June 18 as part of a new line of Windows 11 Copilot+ devices. The feature allows the device to screenshot every action a person takes on their PC and was initially hailed by the tech giant as a way to “recreate moments from the past.”

Last Friday, Microsoft Vice President Pavan Davuluri admitted in a blog post that the negative feedback from the security community — along with quickly developed hacking tools that could exploit the feature — had forced the company to turn it off by default and make users proactively opt in. 

Microsoft updated Davuluri’s blog post on Thursday evening, writing that Recall will no longer be included with the Copilot+ PCs on June 18 and will instead only be available “in the coming weeks” for those involved in the Windows Insider Program (WIP) who are selected to preview new features. 

“Following receiving feedback on Recall from our Windows Insider Community, as we typically do, we plan to make Recall (preview) available for all Copilot+ PCs coming soon. We are adjusting the release model for Recall to leverage the expertise of the Windows Insider community to ensure the experience meets our high standards for quality and security,” the company explained. 

“This decision is rooted in our commitment to providing a trusted, secure and robust experience for all customers and to seek additional feedback prior to making the feature available to all Copilot+ PC users.” 

The update adds that the decision to remove Recall is part of a larger effort to include security in every aspect of Microsoft’s decision-making. For weeks, Microsoft declined to answer specific questions from the press about the security gaps researchers discovered with the feature and the larger concerns about how the evolution of infostealer malware could render any protections moot. 

Microsoft president Brad Smith testified before Congress on Thursday and reiterated a claim the company has often cited in defense of Recall — that all screenshots are stored locally on a person’s device and are encrypted.

Cybersecurity experts have repeatedly shown that gaining access to someone’s device is relatively easy, and with infostealing malware acquiring passwords for decryption is also not an insurmountable task. 

Several researchers even released code — dubbed “Total Recall” — that extracts and displays data from the Recall feature, providing “an easy way to access information about your PC's activity snapshots.”

Cybersecurity expert Kevin Beaumont, who previously worked for Microsoft, found a way to automate the process of exfiltrating the Recall screenshots. 

After multiple cybersecurity controversies over the last year, Microsoft has sought to burnish its reputation through several public declarations, even announcing yesterday that it planned to tie executive bonuses to the security outcomes of the company. But when pressed by members of Congress on the specifics of how that would work, Smith could not answer. 

Speaking to Politico last week, Sen. Ron Wyden (D-OR) said it was “clear that Microsoft did not learn the right lessons” from a recent government inquiry into several recent nation-state hacks. 

"Not even a month after the company pledged to put security first, it is already incorporating spyware into Windows, turned on by default, to enable new AI features," Wyden said.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.