Windows Recall sounds like a privacy nightmare

Original Article ↗ Hacker News Discussion ↗

Overall reaction

  • Many see Recall as a “slow, silent screen recording” of all activity and characterize it as dystopian and privacy‑hostile.
  • A minority find the idea genuinely useful (e.g., for ADHD, memory, or productivity) if it were strictly local, transparent, and clearly user‑controlled.

On‑device logging & privacy risks

  • Core concern: constant screenshots create a detailed history of passwords, banking flows, private chats, medical/legal matters, etc., that previously existed only ephemerally or in RAM.
  • Users worry about roommates, partners, “one‑night stands,” repair techs, stolen laptops, seized devices, or malware gaining access to months of screenshots in one place.
  • Domestic abuse and repressive regimes are repeatedly cited: an abuser or government can demand to see Recall history and expose attempts to seek help or dissent.

Trust in Microsoft, defaults, and future changes

  • Many explicitly say they do not trust Microsoft’s assurances that data stays local or will remain local after future updates.
  • Deep resentment toward Windows’ existing telemetry, cloud account push, and hard‑to‑disable features amplifies skepticism.
  • The fact it will be enabled by default on “Copilot+” PCs and surfaced during setup is seen as especially dangerous, as most users will accept recommended settings without understanding.

Cloud, encryption, and security details

  • Docs say snapshots are stored locally and encrypted via Device Encryption/BitLocker; some clarify that both Home and Pro use the same crypto, with Pro offering better key management.
  • Critics note: encryption doesn’t prevent exfiltration once the attacker or abuser has OS‑level access. One cited test showed commodity malware could steal Recall data before Defender remediated.
  • It is unclear whether extracted text/embeddings/“activity summaries” might be synced to Microsoft in the future.

DRM vs passwords

  • Strong backlash to Microsoft’s emphasis that DRM video is excluded while passwords and financial data may appear if visible on screen.
  • Some argue DRM blocking is a long‑standing GPU/OS constraint, not a new special case for Recall, but others see it as proof corporate IP is prioritized over user privacy.

Comparisons to other tools

  • Several note similar third‑party apps (Rewind.ai, home‑built Linux scripts) exist and can be helpful when consciously installed and controlled.
  • Key distinction for many: voluntary, opt‑in tools vs. an OS‑level, vendor‑controlled, default‑on system at massive scale.
  • Some argue the outrage is selective “moral panic,” given earlier HN enthusiasm for such tools from startups; others counter that scale, defaults, and Microsoft’s track record fundamentally change the risk.

Workplace surveillance & enterprise angle

  • Many expect enterprises to use Recall as “bossware”: replaying employee activity, feeding models to automate grunt work, or scoring productivity.
  • Some security/HR uses (forensics, investigations) are acknowledged as useful, but routine monitoring is seen as ethically and sometimes legally dubious.

Performance and hardware

  • Concerns about performance, heat, and battery drain from constant screenshots and OCR, especially on low‑power systems.
  • Others note Microsoft is gating Recall behind specific Copilot+ hardware (NPU, ≥16 GB RAM), suggesting they expect acceptable performance there.

Proposed mitigations and alternatives

  • Suggestions include: OS‑level APIs for apps/sites to opt out of capture (similar to Android’s FLAG_SECURE), explicit per‑app opt‑in, clear on‑screen recording indicators, easy global kill‑switch, and disabled‑by‑default behavior.
  • Some advocate moving to Linux or open‑source OSes where such features can be audited or removed; others push for legislation and litigation to curb pervasive surveillance features.