For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.
From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."
Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.
I've written up my thoughts on the Copilot Recall feature in Microsoft Copilot+ PCs
I think it will enable fraud and endanger users, and is not the sign of a company who are committed to security first.
Copilot+ Recall has been enabled by default globally in Microsoft Intune managed users, for businesses.
You need to enable DisableAIDataAnalysis to switch it off. https://learn.microsoft.com/en-us/windows/client-management/manage-recall
Two quick updates -
A) if you disallow recording of a website in Control Panel or GPO, in Chrome it is still recorded - disallow recording only works in Edge browser
B) Firefox and Tor Browser is recorded always, including in private mode - the exception is Hollywood DRM’d videos
I got ahold of the Copilot+ software.
Recall uses a bunch of services themed CAP - Core AI Platform. Enabled by default.
It spits constant screenshots (the product brands then “snapshots”, but they’re hooked screenshots) into the current user’s AppData as part of image storage.
The NPU processes them and extracts text, into a database file.
The database is SQLite, and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.
And if you didn’t believe me.. found this on TikTok.
There’s an MSFT employee in the background saying “I don’t know if the team is going to be very happy…”
They should probably be transparent about it, rather than telling BBC News you’d need to be physically at the PC to hack it (not true). Just a thought.
So the code underpinning Copilot+ Recall includes a whole bunch of Azure AI backend code, which has ended up in the Windows OS. It also has a ton of API hooks for user activity monitoring.
Apps themselves can also search and make themselves more searchable.
It opens a lot of attack surface.
The semantic search element is fun.
They really went all in with this and it will have profound negative implications for the safety of people who use Microsoft Windows.
If you want to know where tech companies are with AI safety, know Microsoft Recall won’t record screenshots of DRM’d movies..
..but will record screenshots of your financial records and WhatsApp messages, as corporate interests were prioritised over user safety.
And it’s enabled by default.
Copilot+ Recall feature pop quiz:
You deal with a sensitive matter on my Windows PC. E.g. an email you delete. Does Copilot Recall still store the deleted email?
Answer: yes. There's no feature to delete screenshots of things you delete while using your PC. You would have to remember to go and purge screenshots that Recall makes every few seconds.
If you or a friend use disappearing messages in WhatsApp, Signal etc, it is recorded regardless.
It comes up a lot as people are rightly confused, but if you wonder what problem Microsoft are trying to solve with Recall:
It isn't them being evil, it's business leaders who are middle aged and can't remember what they're doing driving decision making about which problems to solve.
A huge amount of business leaders are dudes who have no idea what the fuck is happening. This leads to the Recall feature.
Microsoft exists in and is driven by that bubble.
Some screenshots of Recall's SQLite database here: https://mastodon.social/@detective/112513529733646088
Just to clarify, I can access it without SYSTEM too. Microsoft are about to set cybersecurity back a decade by empowering cyber criminals via poor AI safety. Feature ships in a few weeks.
The latest Risky Business episode on Recall is good, but one small correction - it doesn’t need SYSTEM rights.
Here’s a video of two MSFT employees gaining access to the Recall database folder - with SQLite database right there. Watch their hacking skills. (You don’t need to go this length as an attacker, either). Cc @riskybusiness
I’m not being hyperbolic when I say this is the dumbest cybersecurity move in a decade. Good luck to my parents safely using their PC.
Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.
My look at the feature, FAQs from the community etc
I wrote a piece recently about Copilot+ Recall, a new Microsoft Windows 11 feature which — in the words of Microsoft CEO Satya Nadella- takes “screenshots” of your PC constantly, and makes it into an…
this is the out of box experience for Windows 11's new Recall feature on Copilot+ PCs. It's enabled by default during setup and you can't disable it directly here. There is an option to tick "open Settings after setup completes so I can manage my Recall preferences" instead.
HT @tomwarren
You allow BYOD so people can pick up webmail and such. It’s okay, because when they leave you revoke their access, and your MDM removes all business data from the machine ✅
What the employee does: opens Recall, searches their email, files etc and pastes the data elsewhere.
Nothing is removed from Recall, as it is a photographic memory of everything the former employee did.
Security and privacy researchers - You can now install Copilot+ Recall on any ARM hardware (doesn’t need an NPU) or in Azure VMs.
Guide from @detective
The devices launch THIS MONTH to customers so I suggest people look at this.
Recent DHS published report handed to the US President which said it had "identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management"
Microsoft: let’s use AI to screenshot everything users do every 5 seconds, OCR the screenshots, make it searchable and store it in AppData!
lol I guess that name was inevitable
@GossiTheDog Instead of doing security, they are doing screenshots.
The next time an Azure Master key is stolen is probably by a screenshot 😂
[1] https://blogs.microsoft.com/blog/2024/05/03/prioritizing-security-above-all-else/
Could we just go back to old way to get Windows updates: Paying for new versions or buying a new system? I'm tired of this "free" approach where everything is fair game to exploit...
@GossiTheDog I'm surprised it took this long.
But will it get my ass to Mars?
There is no possible secure implementation it's built for access. Although I'm relatively immune to conspiracy theories I still think this is seen at a corporate and govt level as a way out of the "we must be able to see everything" without the impossible idiocy of backdooring cryptography.
They've made a front door instead.
Recail will kill the ability for organisations to allow employees or contractors to use their own PCs to connect to any work system, including O365. Only managed devices where Recall has been removed will be trusted. Get ready for an explosion in costs due to this idiocy.
@GossiTheDog I really dislike Microsoft's wording around this. They throw around terms like "encrypted" and "secure" to placate the lay person, when they know as well as anybody that encrypted data has to be decrypted at runtime, and if the user has access to the unencrypted data, so does any malware running with that user's privileges.
And you just know that it's gonna be on by default, if you turn it off Windows updates will randomly re-enable it, etc. This will be a privacy nightmare.
@GossiTheDog this is actually the thing that will kill recall. bidirectional fuckery. if an employer is going to record everything i do, i'm going to export that out for my own purposes as well. and it's going to contain all the proprietary shit they don't want shared or disseminated.
fuck it, maybe i can just train a model to open and close documents and emails without making any changes and set autoit to do so for 10 hours a day.
]
When you leave work with a company supplied laptop, IT can log in with admin account and let your boss access all your Recall data of what you have been doing for thr last 6 months on the laptop?
Or
As part of outboardinng / exit interview, you are asked for work laptop password, which is then used with Recall to
Company IT systems configured to "manage" and "safely store this data" ie copied off your machine to a company server. Then used to train company AI to reduce head count.
Kevin Beaumont
João Tiago Rebelo (NAFO J-121)
Michael Gemar
Cameron Watters
Alan Miller 
🇺🇦
Marc-André Moreau
8tpercent
Andres Jalinton
Alexander 😷
Fi 🏳️⚧️
Atomic Orbitals
Kevin Riggle
KonsolentieR
Gary
Gustavo
xyhhx 🔻 (plz hire me)
infosec zathras
Bob
mbeddedDev
Marius Kießling
kaateeh 
Simon Lucy
Angie B
MichaelZ
Simon Thomas 
MostlyBlindGamer
Melroy van den Berg
Uwe Küchler
Bernard Quatermass
Marcus Adams
Koos van den Hout
Edgar Whelp
🟦🧙🏻simp
piofthings
Matt Palmer
malte.nyanbinary
LeTak
Fellows
Dan
The Witch of Crow Briar
daveyk00
Andrew Wippler
Martin Vermeer FCD
Phil Betts
SuperMoosie