Technology You're wrong about Windows Recall — How Microsoft keeps your data safe on Copilot+ PCs


Level 79
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
Since Microsoft announced Windows 11's big next-gen AI feature push, the internet has been up in arms over Windows Recall, the company's magnum opus AI experience that's exclusive to Copilot+ PCs launching this summer. While some responses have been sane, a large percentage of people have wasted no time spreading FUD (fear, uncertainty, and doubt) over this new feature without really understanding it.

In case you've been living under a rock: Windows Recall is a new feature that will take snapshots of your screen every few seconds and use on-device AI to analyze and triage that content. This allows you to semantically search for anything and everything you've ever done on your computer using natural language, and is arguably the next generation of search of Windows.

Unsurprisingly, this has led to many people calling Recall a spyware tool for Microsoft to watch everything we do on our computers, which is a particularly unfair description of the feature. Microsoft is actually taking privacy and security very seriously, and this article attempts to explain how, and why your worries about Windows Recall are unfounded.

Victor M

Level 10
Oct 3, 2022
The 2 main points the article reveals to me: 1) There is an Recall API. 2) That attackers/hackers can access Recall and the article admits that BitLocker is the only protection which is of no use when you are logged in. In the article's own words: 'you are kinda screwed', The API can be mis-used by malware and hackers. Until someone fully examines the capabilities of the API, this is a concern. Hackers abuse API as a routine.

The article says that there is no talking to network by Recall and it is not sending anything. That is probably from the MS announcement event. If you choose to doubt that, then you would have to hook up WireShark the network traffic monitoring and capturing program and observe for yourself. And do tell the world what you discover please.


Level 85
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
"Researchers Show How Malware Could Steal Windows Recall Data"
Researcher Marc-André Moreau showed how a remote desktop manager password collected by Recall can easily be recovered from a local unencrypted SQLite database, making it easy for information-stealing malware to obtain.

Another cybersecurity expert, Alexander Hagenah, has made available an open source tool, named TotalRecall, that can easily extract and display data from the Recall database.
“It’s a bit disappointing to see such a powerful feature not taking security more seriously. I hope Microsoft will address this before the official release,” Hagenah said.

Researcher Kevin Beaumont has taken a close look at Recall’s security and warned that threat actors could modify infostealers to grab data from the new Windows feature.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.