Microsoft to delay release of Recall AI feature on security concerns

Original Article ↗ Hacker News Discussion ↗

What Recall Does (as described in the thread)

  • Periodically screenshots the entire desktop, runs OCR/vision models, and stores extracted content plus thumbnails in a local SQLite DB.
  • Enables natural-language and semantic search over “everything you’ve seen or done” on the PC.
  • Initially intended only for new Copilot+ PCs with NPUs and 16GB RAM, marketed as on‑device and not cloud-backed.

Security and Privacy Concerns

  • Core objection: it creates a centralized, searchable archive of passwords, tokens, private messages, financial data, work documents, porn, etc.
  • Early implementations reportedly stored data unencrypted in userland SQLite, accessible to any process with user privileges; encryption at rest with BitLocker is seen as irrelevant against malware already running as the user.
  • Critics argue this drastically increases the “blast radius” of any compromise and lowers the skill needed for infostealers or forensic abuse.
  • Particular worry for abusive employers and domestic abusers; pausing/blacklisting apps relies on users knowing and correctly configuring it.

“Is It Really Different from Existing Tracking?”

  • One camp says it’s just another log (like browser history, undo stacks, pagefile, GPU memory); if an attacker has local access, “all bets are off” anyway.
  • The opposing camp says nothing in the base OS currently builds a second‑by‑second, word‑for‑word history of the entire screen, including transient secrets and unsaved text; that qualitative jump justifies a stronger reaction.

Motives and Trust in Microsoft

  • Many cite a long history of telemetry, forced online accounts, ads in the OS, and security lapses; they see Recall as aligned with surveillance, bossware, and AI training data, not user benefit.
  • Others think the primary intent was personal utility (better search, memory aid), but argue intent is irrelevant given abuse potential.
  • Some expect Recall will return later, renamed, opt‑out or pitched as an accessibility/compliance feature.

Comparison to Apple and Others

  • Strong contrast drawn with Apple Intelligence: app‑intent APIs, sandboxing, secure enclave, dedicated “private cloud” OS; perceived as more privacy‑designed even if still concerning.
  • Disagreement over whether there’s a double standard vs Apple/Google or whether Microsoft’s design and reputation uniquely triggered backlash.

Broader Themes and Reactions

  • Seen as a symptom of “AI panic” and “move fast and break things” culture overriding security and privacy reviews.
  • Some users say this was the final push to switch to Linux or lock Windows to isolated gaming boxes.
  • A minority explicitly want a Recall‑like feature, but only as clearly opt‑in, strongly encrypted, sandboxed, and ideally open source.