Microsoft Confirms Windows Upgrade Choice—You Must Now Decide
It’s decision time.
Update: Republished on May 17 with new warnings over the enterprise risks from this new AI upgrade and a game-changing big brother threat to Windows users.
Microsoft has now released its latest update for Windows 11 users, which is mandatory given the raft of new security fixes accompanied by the near obligatory attack warnings. I covered the headline security fixes earlier, but perhaps just as critically this update comes with a very different warning and a key decision all users must now take.
Because “KB5058411 is a mandatory security update,” Windows Latest explains, “it’s supposed to download and install automatically whether you like it or not.” The catch with this one is that “we noticed that it finally turns on Recall, which is an AI-based feature that captures snapshots of your screen every few seconds.”
There can’t be any Windows 11 users who are still unaware of Microsoft’s controversial photographic memory upgrade — the headline AI feature now available on new Copilot+ PCs. “If you allow Recall to save snapshots,” Microsoft says, “an image of your screen will be saved every few seconds. This will create a photographic memory for you of the apps, websites, documents, and images you’ve seen on your PC.”
Per Windows Latest: “After installing the May 2025 Windows 11 24H2 update, during the reboot and installation process, you’ll be asked if you want to try Recall, and there’ll be an option to opt in… Windows Recall is one of the most anticipated and hated features of Windows 11 AI update, but it’s finally here, whether you like it or not.”
Given all the publicity and the extent to which this has been heralded, it’s certain that a vast number of users will opt in to see how it works. Be warned though, once you opt in the first time, the security bar for re-enabling Recall is much lower after you have turned it off. So just be careful. You can find details on how to remove Recall here.
The more serious caution is for those you communicate with, not for your own security and privacy. As I’ve warned before, once enabled, Microsoft’s AI will read and save all your WhatsApp, Signal and other secure messages and emails. While you might be fine with that — albeit it’s far from ideal, you should really let those messaging with you know that everything is being saved outside the messaging app with a much lower security hurdle to compromise their content.
Recall is finally here.
Of all Recall’s risks, the capture of secure comms and documents outside of their usual enclave is top of the list. It’s a security nightmare in the making. Just look at the furor in the U.S. over an extension to Signal’s usual security architecture.
“To test this,” Kevin Beaumont posted, “I tasked my partner with using my device while I was away from desk to use Recall to find out who’d I’d been talking to the previous day in Signal and what I’d been saying.” She guessed the PIN. “In 5 minutes, a non-technical person had access to everything I’d ever done on the PC, including disappearing Signal conversations (as Recall retains anything deleted). That isn’t great.”
In an otherwise positive review of Recall, PC Mag echoes this warning. “One case where privacy could be a concern has less to do with you than those you interact with. If you have a private conversation with someone else on Signal and they are running the app on their Copilot+ PC with Recall active, it will record your conversation, or at least a snapshot every few seconds. But someone could just as easily save screenshots to any device, of course.”
I suspect a further update will address this. Recall has been steeped in controversy for a reason — make sure you consider all the pros and cons before you decide to opt in.
And it isn’t just individual users who need to make this AI upgrade decision. As reported by Accounting Today, “despite security enhancements from Microsoft, CPA firms are likely to disable the controversial Recall feature in Windows 11, which uses AI to create a precise record of user activity, but leaders concede there is little they can do about potential indirect tracking via third parties that still have it enabled.”
Again, the focus is not just on the user enabling Recall, it’s on all those that user communicates with. Recall is new and exciting, and so much of the media furor both now and when it really hit the skids last year has been seen from the individual user perspective. But the risk of thousands of devices capturing everything and then the security and privacy implications for an organization will take time to assess.
There’s also the individual privacy dimension. I’m sure almost all employees will not want a constant photographic memory of their workday stored anywhere, certainly not on a work PC — but that’s likely where we’re heading. Imagine a Recall that can’t be disabled by the user sitting at the keyboard in front of the screen. And that’s before we look at the counterparty risk from all the screen capturing.
“While firms can take action for themselves,” Accounting Today says, “the indirect third party risk remains. While one user might disable Recall, anything shared with someone who has enabled it will be saved to their device, which could still result in data leakage and cyber incidents. Imagine someone from a firm with Recall disabled talking about sensitive matters with a vendor who does have it enabled; now imagine that vendor getting hacked and the attackers getting that sensitive data despite the firm itself protecting on their end.” It’s hard to imagine the implications of such a leak.
“How secure is the encrypted database?” Beaumont asks. “There’s much attack surface that needs exploring. Recall runs various processes as the end user, e.g. aihost.exe — the end user can terminate it and watch it respawn — which write to the database. Microsoft have taken measures to secure those processes from things like memory dumping, but there’s still processes running as the end user which don’t have this protection, that you can memory dump (e.g. the Recall UI, which contains the text seen in snapshots in memory — and can be programmatically extracted). Currently there’s 0 research online around Recall’s security stack… I suspect info stealer developers will be all over this, and will frankly be a better resource than dumb infosec people like me.”
Per PC Mag, “many old-school Windows users will, out of fear and loathing, never try Recall. Ditto for those who shun anything with a whiff of AI… There are indeed reasons that some people shouldn’t use it: Those who engage in super-secret conversations should probably steer clear and avoid communicating with people who use Recall, for instance. That said, Microsoft has locked it down. And unlike Apple Intelligence, which sends data to the company’s servers, everything in Recall stays local.”
That might be fine if you own the hardware and software stack, but if someone else is running the IT, it’s a very different ballgame. Meantime, Windows Copilot+ users have another AI decision looming. Per a new Microsoft blogpost, “we are beginning to roll out an update for the Microsoft Copilot app on Windows via the Microsoft Store.” This introduces “Hey, Copilot!” And so another privacy vector opens.
Microsoft explains that “Windows Insiders can now invoke Copilot with the phrase ‘Hey, Copilot!”’. This opt-in feature gives people a new way to easily start a conversation with Copilot Voice, anytime the feature is enabled, and their PC is unlocked. With this new hands-free experience, you can stay in your flow when you need answers to a question or just need someone to bounce an idea off of.”
As with recall, this requires you to opt in. “You must enable this feature within Copilot’s settings to use it.” From a security and privacy standpoint, there seem to be some sensible precautions built in. “When ‘Hey Copilot’ is enabled, Copilot uses the microphone with an on-device wake word spotter that only detects the ‘Hey Copilot’ phrase. The wake word spotter uses an on-device 10 second audio buffer in memory. This audio buffer is never recorded or stored locally.”
Less controversial than Recall and likely an easier decision to make.