Many people are rightly worried about Microsoft’s Recall, with some even calling it “spyware.” It’s a valid concern, as it’s designed to record nearly all activity on your PC, creating a database of sensitive information that could be targeted by malware. To Microsoft’s credit, the company re-evaluated its approach to Recall and then re-launched it with security improvements and overall tweaks. But come to think of it, if you were one of those who worried about Microsoft Recall, you probably should be just as concerned with a clipboard manager.
Clipboard managers aren’t too dissimilar from Microsoft’s Recall, as they also save a history of everything you copy. Would you trust that your clipboard manager stores its data more securely than how Recall data is stored nowadays? It’s easy to be carried away by the convenience and productivity boost these tools offer. Hence, it’s vital to stress that in the case of a cyberattack, a hacker might be able to access your clipboard history just as easily as they could previously access Recall’s data..
Initial features of Microsoft Recall
Public complaint against Microsoft Recall
In May 2024, Microsoft announced the release of Microsoft Recall for Copilot+ PCs. If you can’t remember how Microsoft described it, here is a quick refresher. Microsoft Recall was designed to monitor and save all activity on your PC screen by taking screenshots of your PC screen every few seconds. These screenshots are saved on your PC, where an AI model analyzes the content of the screenshot and creates a searchable history that users can use to retrieve any content displayed on their PC screen.
While its potential was appealing to some, other security and privacy-conscious individuals took to social media to vehemently criticize Microsoft for planning to release it. They contend that essentially represented a target for malicious actors, who would instead focus on retrieving a computer’s Recall data. At the time, it would store screenshots of text, documents, and images in an unencrypted local SQLite database, which could allow malicious actors to access all sensitive information that has ever been displayed on users’ screens, including passwords, banking credentials, and confidential information. Microsoft’s Recall could easily make users an easy target for hackers if no adequate security guardrails were implemented to protect users’ data from exfiltration. The worst part was that Microsoft planned to enable Microsoft Recall by default on the new Copilot+ PC, and the responsibility to opt out was placed on users who may not have been aware that the feature was enabled.
After Microsoft was bombarded with this barrage of complaints and backlash, it decided to revamp the app to keep users’ data “safe.” The backlash caused Microsoft to delay the release of the public version, rebuilding it to use an encrypted database, making it opt-out, and ensuring that it wouldn’t track applications showing private content. It was eventually released in April 2025. Despite the fix, however, several users are still concerned that having a database containing the history of users’ digital lives is an inherent risk. Many privacy-focused apps, including Brave, Signal, and AdGuard, have taken stringent actions against Recall.
You might be wondering how this is related to a Clipboard Manager, but the truth is that there are many parallels.
Clipboard manager history might be a goldmine for malicious actors
A lot of clipboard managers don’t auto-delete history
Each time you press Windows + V on a PC, assuming you have the built-in clipboard history switched on, you may notice it displays a list of text and pictures you recently copied. I’ve been using this for a while and enjoy some of its features, like the pinning function, which makes it easy to save text or images you use regularly. It also allows syncing across multiple devices as long as you are signed into the same Microsoft account across these devices.
For me, that’s enough, but others may feel that they need more features or quality of life improvements. That’s where third-party clipboard managers come in. The reason? Unlike Windows’ built-in clipboard managers, which are limited to storing 25 items and auto-deleting anything not pinned when you shut down your PC, some third-party clipboard managers can store an indefinite number of items, providing far more flexibility.
These restrictions may not sit well with many, and it’s easy to see that users might turn to third-party clipboard managers for a better experience. The truth, however, is that this convenience comes with a potential privacy risk. In a way, clipboard managers work similarly to the initial design of Microsoft Recall. Like the Recall feature, clipboard managers save an unending list of users’ data that has been copied to their clipboard, and there’s no guarantee that it’ll be encrypted, either. This gets even more concerning if we look at the categories of data that could be stored in a clipboard manager.
Users save several types of sensitive information in clipboard managers
It’s an easy way to gift hackers our passwords
Have you ever tried to create an account on a platform and noticed that you are prompted to input your password and then re-enter the same password to confirm it’s correct? Situations like these might tempt you to copy the initial password you typed manually and paste it in the text field, to save time and avoid mistakes. Or what about API keys? Their length, nature, and complexity often necessitates copying and pasting, and the same goes for lots of sensitive data you might want to move between locations on your computer.
While copying and pasting this information may seem like an easy way to boost speed and avoid the stress of typing alphanumeric characters, and it is, it’s also an example of how easily you could be handing over your passwords to third-party clipboard managers.
The SANS Technology Institute Research Review Journal mentions some of the different kinds of sensitive and confidential information that can be in your clipboard manager’s history, and these include passwords, private URLs, and more. Basically, just imagine the kinds of things you’ve copied at some point or another, and check if it’s there in your clipboard manager.
While many have expressed their displeasure with Microsoft’s Recall for storing such sensitive data, it’s worth noting that clipboard managers do exactly the same. Worse yet, some clipboard managers don’t even have the security guardrails used by Microsoft to protect data captured by Recall. Ditto is one such case, where encryption could be added in the future, but isn’t there yet.
Clipboard managers may protect user data, too
While I won’t endorse any software, it’s worth noting that some clipboard managers are specifically designed to auto-delete sensitive information after a specified short period. So they might probably not pose as much of a security risk. However, whether you use Copilot+ PC with Microsoft Recall enabled or not, it’s worth noting that the ransomware industry is projected to reach a staggering $250 billion over the next five years.
Any tool that stores confidential information on your computer is susceptible to malicious actors who are looking make money, and the truth is that having a problem with Microsoft’s Recall and its centralized, encrypted database means you should have a problem with a clipboard manager’s unencrypted database, too. Plus, truth be told, if malware is running on your computer, Recall doesn’t have to exist for your online accounts to be compromised. It can just watch and wait, so in that sense, there’s no difference.
If you’re worried about Recall, though, then analyze the other software you use, too. If you were disturbed by what Recall was capable of (and it’s understandable why), then a clipboard manager should be used cautiously and perhaps even avoided altogether, too.