Windows AI Recall: Photographic Memory for Your PC

Windows Recall is one of the most ambitious AI features announced at Build 2024. It gives your PC a photographic memory - and raises important questions about privacy and security.

What is Windows Recall?

Recall continuously captures screenshots of your activity and makes them searchable through AI. Think of it as a time machine for your digital life.

How it works:

1. Takes screenshots every few seconds
2. Runs OCR and image understanding locally
3. Creates semantic embeddings of content
4. Stores everything in an encrypted local database
5. Enables natural language search across your history

The Technical Architecture

Screen Capture (every 5s)
        ↓
    NPU Processing
        ├── OCR (text extraction)
        ├── Image embedding
        └── Semantic indexing
        ↓
   Encrypted SQLite DB
        ↓
   Vector Search Index

All processing happens on-device using the NPU - no data goes to the cloud.

Privacy Considerations

What Recall Captures

Captured:
├── Application windows
├── Web browser content
├── Documents being edited
├── Chat conversations
├── Emails
└── Any visible screen content

Not Captured (by default):
├── InPrivate/Incognito browsing
├── DRM-protected content
├── Specific apps (user configurable)
└── Passwords in password managers

Data Protection

# Conceptual representation of Recall's encryption
from cryptography.fernet import Fernet
import sqlite3
import json

class RecallDatabase:
    def __init__(self, db_path: str, key: bytes):
        self.cipher = Fernet(key)
        self.conn = sqlite3.connect(db_path)

    def store_snapshot(self, timestamp: int, screenshot: bytes, metadata: dict):
        # Encrypt everything before storage
        encrypted_image = self.cipher.encrypt(screenshot)
        encrypted_metadata = self.cipher.encrypt(json.dumps(metadata).encode())

        self.conn.execute(
            "INSERT INTO snapshots (timestamp, image, metadata) VALUES (?, ?, ?)",
            (timestamp, encrypted_image, encrypted_metadata)
        )
        self.conn.commit()

    def search(self, query: str, limit: int = 10):
        # Search requires decryption key
        # Key is protected by Windows Hello
        pass

Security Model

Windows Hello Authentication
        ↓
    TPM-protected Key
        ↓
    Device Encryption Key
        ↓
    Recall Database

Access requires:

1. Windows Hello (biometric or PIN)
2. Device must be unlocked
3. No remote access to Recall data

Configuring Recall

PowerShell Management

# Check Recall status
Get-WindowsFeature -Name "Recall"

# Disable Recall completely
Disable-WindowsOptionalFeature -Online -FeatureName "Recall"

# Configure excluded apps
$recallConfig = @{
    ExcludedApps = @(
        "KeePass.exe",
        "1Password.exe",
        "Signal.exe"
    )
    ExcludedWebsites = @(
        "bank.example.com",
        "healthcare.example.com"
    )
    RetentionDays = 30
    SnapshotInterval = 10  # seconds
}

Set-RecallConfiguration @recallConfig

Group Policy for Enterprise

<!-- Recall Group Policy Template -->
<policyDefinitions>
  <policy name="DisableRecall"
          class="Machine"
          displayName="Disable Windows Recall"
          key="SOFTWARE\Policies\Microsoft\Windows\Recall">
    <enabledValue>
      <decimal value="1"/>
    </enabledValue>
    <disabledValue>
      <decimal value="0"/>
    </disabledValue>
  </policy>

  <policy name="RecallRetentionDays"
          class="Machine"
          displayName="Recall Data Retention (Days)">
    <elements>
      <decimal id="RetentionDays" valueName="RetentionDays"
               minValue="1" maxValue="365" default="30"/>
    </elements>
  </policy>
</policyDefinitions>

Developer Considerations

Marking Content as Private

using Windows.UI.Xaml;

public class SecureTextBox : TextBox
{
    public SecureTextBox()
    {
        // Tell Windows not to capture this control
        this.SetValue(
            Windows.AI.Recall.RecallExclusionProperty,
            true
        );
    }
}

// For WPF
public class SecureWindow : Window
{
    protected override void OnSourceInitialized(EventArgs e)
    {
        base.OnSourceInitialized(e);

        // Exclude entire window from Recall
        var hwnd = new WindowInteropHelper(this).Handle;
        RecallApi.ExcludeWindow(hwnd);
    }
}

Web Content Exclusion

<!-- Signal to browsers to exclude from Recall -->
<meta name="recall-exclude" content="true">

<!-- Or per-element -->
<div data-recall-exclude="true">
    Sensitive content here
</div>

Checking Recall Status

import ctypes
from ctypes import wintypes

# Check if Recall is enabled
def is_recall_enabled():
    try:
        recall_lib = ctypes.windll.LoadLibrary("RecallApi.dll")
        return recall_lib.IsRecallEnabled()
    except:
        return False

# Check if current app is excluded
def is_app_excluded():
    try:
        recall_lib = ctypes.windll.LoadLibrary("RecallApi.dll")
        return recall_lib.IsCurrentAppExcluded()
    except:
        return True  # Assume excluded if API not available

Use Cases

Legitimate Uses

1. "What was that article I read last week about Azure?"
   → Recall finds the browser session

2. "Show me the email with the project requirements"
   → Recall locates the email conversation

3. "When did I last edit that spreadsheet?"
   → Recall shows the document and timestamp

4. "What was the code snippet from yesterday's meeting?"
   → Recall finds the shared screen content

Enterprise Scenarios

# Compliance-aware Recall usage
class RecallCompliance:
    def __init__(self):
        self.excluded_data_types = [
            "PII",
            "PHI",
            "Financial",
            "Credentials"
        ]

    def should_exclude_window(self, window_title: str, app_name: str) -> bool:
        # Banking apps
        if any(bank in app_name.lower() for bank in ["chase", "wells", "bank"]):
            return True

        # Healthcare
        if any(health in app_name.lower() for health in ["epic", "cerner", "health"]):
            return True

        # Password managers
        if any(pm in app_name.lower() for pm in ["1password", "lastpass", "keepass"]):
            return True

        return False

Privacy Recommendations

For Users

1. Review excluded apps - Add sensitive applications
2. Set retention limits - Don’t keep data longer than needed
3. Use InPrivate mode - For sensitive browsing
4. Enable Windows Hello - Protect Recall access
5. Regular audits - Check what Recall has captured

For IT Administrators

1. Evaluate compliance requirements - GDPR, HIPAA, etc.
2. Create exclusion policies - Block sensitive apps
3. Train users - Explain implications
4. Monitor storage - Recall can use significant space
5. Plan for device disposal - Ensure data deletion

Storage Considerations

Estimated Storage Usage:
├── Screenshot (compressed): ~200KB each
├── Screenshots per day (8 hours): ~5,760
├── Daily storage: ~1.1GB
├── Monthly storage: ~33GB
└── Default retention (30 days): ~33GB minimum

Actual usage varies based on:
├── Screen resolution
├── Content complexity
├── Snapshot frequency
└── Compression efficiency

The Debate

Proponents say:

• Incredibly useful for knowledge workers
• All local, no cloud exposure
• User has full control
• Helps accessibility

Critics say:

• Single point of compromise
• Potential for misuse
• Privacy implications
• Data retention concerns

My Take

Recall is a powerful tool that requires careful consideration. For personal use, the benefits may outweigh risks with proper configuration. For enterprise, thorough evaluation of compliance and security implications is essential before deployment.

What’s Next

Tomorrow I’ll cover Azure AI Studio updates announced at Build 2024.

Resources

• Windows Recall Overview
• Privacy Settings Guide
• Enterprise Configuration