Microsoft’s new AI PCs will screenshot everything every 2 seconds

Redmond's new Arm-based line of computers feature essentially built-in keylogger for hackers and abusers: Lovely.

Microsoft has unveiled a new line of Copilot+ PCs priced at $999+ that will start shipping on June 18 from a range of manufacturers – and has run into a firestorm over their “Recall” function, which screenshots everything users do, every two seconds and stores it for three months.

Recall will be turned on by default on Copilot+ PCs. Users and administrators will have the option to turn it off and prevent certain websites from being “Recalled” – although this latter option will “only work in supported browsers such as Microsoft Edge” said Redmond.

The feature will demand 50GB of storage.

For enterprise customers, admins will need to go to the “turn off saving snapshots for Windows” policy. Private browsing activity on any Chromium-based browser won’t be saved, said Microsoft; a statement that suggests those using Firefox for example will have no such safeguard. 

Recall “does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device” noted Microsoft. 

As security researcher Kevin Beaumont put it, with a soupcon of sarcasm: “When a threat actor gains access to a PC, they currently don’t have an instant search engine showing every credit card statement, WhatsApp message, date of birth entry, passport application etc. for the past few months – they’re in hard times. So Threat Actor Copilot fixes.”

The Microsoft Recall announcement comes weeks after Microsoft CEO Satya Nadella on May 3 emailed the company’s 200,000+ staff to say that “if you’re faced with the tradeoff between security and another priority, your answer is clear: Do security. In some cases, this will mean prioritizing security above other things we do, such as releasing new features.”

The UK Information Commissioner’s Office (ICO) said it is contacting Microsoft over the Recall feature. Microsoft said in its product documentation that “your snapshots aren't sent to Microsoft. Recall AI processing occurs locally, and your snapshots are securely stored on your local device only. Snapshots are encrypted by Device Encryption or BitLocker, which are enabled by default on Windows 11. Microsoft can't access or view the snapshots.”

The Big Idea? “Semantic” or natural language search to recall anything a user saw on their screen. The computers augment these local Recall capabilities with other AI features “connected to and enhanced by the Large Language Models running in our Azure Cloud” Microsoft added.

The furore over Recall has drowned out most of the other updates in the PCs from Microsoft, which are Arm-based and feature an impressive roster of applications that can perform on the Arm instruction set, including what Redmond highlighted as the "fastest implementation of Microsoft 365 apps like Teams, PowerPoint, Outlook, Word, Excel, OneDrive and OneNote. Chrome, Spotify, Zoom, WhatsApp, Adobe Photoshop, Adobe Lightroom, Blender, Affinity Suite, DaVinci Resolve and many more [that] now run​ natively on Arm."

For those already using Microsoft Copilot for Microsoft 365 apps (such as Word, PowerPoint, Excel, OneNote, Loop, or Whiteboard) meanwhile and curious about Microsoft’s privacy approach here, it notes that “we store data about these interactions. The stored data includes the user's prompt and Copilot's response… This data is processed and stored in alignment with contractual commitments with your organization’s other content in Microsoft 365. The data is encrypted while it's stored and isn't used to train foundation LLMs, including those used by Microsoft Copilot for Microsoft 365. Microsoft Copilot for Microsoft 365 calls to the LLM are routed to the closest data centers in the region, but also can call into other regions where capacity is available during high utilization periods.”