Kevin BeaumontTotalRecall has been updated to exfiltrate Recall database and screenshots without needing admin rights: https://github.com/xaitax/TotalRecall
GitHub - xaitax/TotalRecall: This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.
This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots. - xaitax/TotalRecall
You can now remotely dump Recall data and screenshots over the internet from Linux etc. Changes in flight for parsing data too.
Add Recall module for dumping all users Microsoft Recall DBs & screenshots by Marshall-Hallenbeck · Pull Request #335 · Pennyw0rth/NetExec
Gets all users Recall folders and dumps them, then renames screenshots to include .jpg (unnecessary but helpful). I cherry-picked the download_folder functionality from #320 and then improved it du...
YouTubers are continuing to have fun with Recall
Turns out speaking out works.
Microsoft are making significant changes to Recall, including making it specifically opt in, requiring Windows Hello face scanning to activate and use it, and actually encrypting the database.
There are obviously going to be devils in the details - potentially big ones.
Microsoft needs to commit to not trying to sneak users to enable it in the future, and it needs turning off by default in Group Policy and Intune for enterprise orgs.
https://www.theverge.com/2024/6/7/24173499/microsoft-windows-recall-response-security-concerns
Obviously, I recommend you do not enable Recall, and you tell your family not to enable it too.
It’s still labelled Preview, and I’ll believe it is encrypted when I see it.
There are obviously serious governance and security failures at Microsoft around how this played out that need to be investigated, and suggests they are not serious about AI safety.
Microsoft President Brad Smith is going to be grilled by US gov next week. https://therecord.media/microsoft-reverses-course-recall-opt-in
I should be transparent btw that I took Satya and Charlie’s commitment to security at face value too - I even published a blog on it backing that up - and I have concerns (it isn’t just me).
They’re now going to have to win trust back about winning trust back.
I know somebody at a retailer in Europe that is selling Copilot+ PCs. They’ve had fewer than a thousand preorders through to customers.
In relative terms, for them it’s about as successful as Suicide Squad Kill The Justice League.
A reminder that a few weeks ago at RSA, Microsoft signed CISA's Secure By Design pledge... and then shipped an enabled by design keylogger that OCRs your screen constantly into AppData.
Edit: I should say that's less a reflection on Microsoft and more a reflection on CISA's Secure By Design pledge.. it's a good idea, but the scope is extremely limited.
I think MS are a way off extracting themselves from Recall situation they've got themselves into.
This is just one YouTube comments section on a video since the not-enabled-by-default change - 500k views - but there's loads more, similar on TikTok.
I imagine it's going to continue through week and into next week when the laptops ship.
I have heard rumblings MS are discussing trying to take action against me over the whole thing, which a) good luck and b) would be pouring petrol on the flames.
Some backstory - it's being reported Microsoft developed Recall in secret to try to avoid scrutiny. https://www.windowscentral.com/software-apps/windows-11/microsoft-has-lost-trust-with-its-users-windows-recall-is-the-last-straw
I'm hearing that various MSFT people are furious about how this played out over the past few weeks, which IMHO represents a serious lack of introspection.
Microsoft have paused the rollout of Windows 11 24H2 in preview channel, it was the version containing Recall. Microsoft have not explained why.
https://x.com/brandonleblanc/status/1799478915582542199
I don't know if it was publicly known but it was possible to use Recall on more hardware via Mach2, before this was pulled.
I have an image where when viewed on a Copilot+ Recall PC, a Windows process crashes as it tries to process the screenshot.
New email signature?
If anybody is wondering, with a Copilot+ PC, you can still programmatically access the Recall database as of today with a few commands. Launch is a few days away.
Microsoft’s President Brad Smith appears before US House Committee on Homeland Security tomorrow.
His testimony: https://homeland.house.gov/wp-content/uploads/2024/06/2024-06-13-HRG-Testimony-Smith.pdf
In this bit he talks about Recall (not named), where he pats himself and Microsoft on the back for “a feature change” and job well done.
Given it has been a complete cybersecurity and privacy car crash - and as of today the changes (plural) they’re referring to haven’t even been implemented - it seems like Microsoft fails to grasp customer needs: safety.
One other thing - Microsoft's written testimony to the US House says, quoting, bolded by MS:
"Before I say anything else, I think it’s especially important for me to say that Microsoft accepts responsibility for each and every one of the issues cited in the CSRB’s report. Without equivocation or hesitation. And without any sense of defensiveness."
Counterpoint: they publicly disputed the report in the media. https://www.theverge.com/2024/4/25/24139914/microsoft-cyber-security-incidents-trust-report
I should say that if Brad is asked about Recall tomorrow, the answers may raise some.. uh... eyebrows here.
I don't know what MS SLT have been told, but expect fun when the feature drops on consumer laptops in a few days.
As I mentioned in my blog, there is some more security hardening there on Copilot+ PCs (this was before MS put out their blog)... but it's still easily bypassable.
Microsoft’s Recall puts the Biden administration’s cyber credibility on the line
https://cyberscoop.com/microsoft-recall-secure-by-design/
Interesting article. All through this, CISA and the DHS have declined to comment.
The Verge reports today that "Windows engineers are scrambling to get additional changes tested and ready for the release of Copilot+ PCs next week."
It also says "Recall was developed in secret at Microsoft, and it wasn’t even tested publicly with Windows Insiders."
I've also been told Microsoft security and privacy staff weren't provided Recall, as the feature wasn't made available broadly internally either.
https://www.theverge.com/2024/6/13/24177703/microsoft-xbox-game-showcase-windows-recall
Microsoft President Brad Smith just testified to the US House that Recall is a good example of Secure By Design, and that they have the time to get it right (it’s supposed to launch in 3 working days).
Brad Smith just said Recall was designed to be disabled by default. That is not true. Microsoft’s own documentation said it would be enabled by default - they only backtracked after outcry.
He has somehow got almost every detail about Recall wrong while testifying.
I've been back and rewatched the Recall footage at the US House hearing and I just don't get it, Brad Smith representing Microsoft basically did this about Recall's security.. he had no challenge from the Senators as they didn't know any details.
I’m being told Microsoft are prepping to fully recall Recall. Another announcement is being prepped for tomorrow afternoon saying the feature will not ship on Copilot+ devices at launch as it is not secure.
Obviously, I’ll wait to see the announcement but it sounds like they’ve finally realised they need to take the time and get the feature right (and frankly consider the target audience - most home users, it ain’t).
They should have announced this before or during the US House hearing.
Announcement is out. Good on Microsoft for finally reaching a sane conclusion.
- Recall won’t ship as a feature at launch on Copilot+ PCs any more.
- Won’t be available in Insider preview channel at launch, as it was pulled.
When it does appear in preview channels, privacy and security researchers need to keep a close eye on what Microsoft are doing with the feature.
Microsoft tried developing this feature in secret in a way which tried to avoid scrutiny. Thank you to everyone who stood up.
If anybody is wondering, Microsoft moved the announcement up as I scooped them 🤣
Thank you to everyone who helped out with this one, there was no way something that constantly OCR’d the screen being implemented so poorly was acceptable but Microsoft really, really dug their heels in.
Photographic memory of everything you’ve ever done on a computer has to be entirely optional, with risks explained and be done right.. or not at all. Accountability matters.
Microsoft, be better.
If anybody wonders if Recall classifies what porn you watch, yes. Aside from OCRing text it also classifies images in videos.
9 minute 50 second mark in this, screen is blurred for obvious reasons.
Wir haben Windows Recall ausprobiert, damit ihr es nicht müsst
Here’s the clip translated around adult content with Microsoft Recall.
They filter search terms in English like nude - but don’t filter it in other languages.
Everything you view - including in videos - is classified and stored in the database regardless.
This is pretty good - detecting Microsoft Recall misuse for data exfil. https://youtu.be/SV9-dn-5uEY?si=jVz9sC4A2wKxeiBt
I tested this against the latest release of Recall and both TotalRecall and these detections still work.
Obviously Recall may well alter before it hits Insider preview channel, nobody needs to rush out detections yet.
Btw all through this saga, Microsoft Defender never triggered Recall specific alerts for me. Sophos did.
Microsoft Recall: Detecting Abuse | Threat SnapShot
You've probably heard of Microsoft's new Recall feature by now. It's a info stealer's dream come true. There has been a lot of information release about how ...
Apple on Microsoft Recall.
Windows 11 24H2 preview release has been rereleased (but only for Copilot+ devices). It doesn’t include Recall any more.
Additionally the Copilot+ PCs now have an update which enables the other AI features. This wasn’t available until a few hours ago, hence the lack of unsupervised reviews of the devices. It means you will see those reviews drop after the devices launch tomorrow.
There’s a website which gives some insight into how the UI and marketing push for Copilot+ Recall came together. The actual video appears to have gone MIA.
Introducing Recall
I led the visualization for the Recall app launch, showcasing its capabilities on a 50-foot screen during the live public introduction by Yusuf. My UI team managed the project from start to finish, developing visuals in the final two weeks. Building on our Recall experiences from the Surface Pro, Surface Laptop, and Copilot+ PC sizzle videos, we enhanced these scenarios for the live stage production, demonstrating Recall's full potential. This dynamic presentation was a highlight, refining Recall’s story for a large audience.
.@JohnHammond’s video on Recall is great, and a lot of fun - should also stop history being rewritten on this one later.
Windows Recall (was) a Security Nightmare
I got ahold of what I think is the latest Microsoft Recall (Copilot+ Recall? Nobody knows the branding) build and.. well.. Total Recall still works with the smallest of tweaks to export the database, it's still accessible as a plaintext database with marketing as the security layer.
Another observation, the Recall backlog must be very large as it's just becoming a truck load of features being dumped on.
One thing MS needs to fix in Recall, before the Insider canary build hits again, is the MSRC bug bounty.
As far as I can see, if you find a critical or high in Recall it qualifies for *drumroll* $1k bounty, unless I'm misinformed.
That probably needs clarifying as nobody is going to sell photographic memory access to Windows devices to MS for that value - it's way more valuable elsewhere.
Linus Tech Tips on Copilot+ and Recall, after their embargo lifted. https://youtu.be/w5h_1Buf54I
The Truth about Snapdragon X Laptops…
Microsoft have started running paid adverts for Recall, apparently unaware the feature didn’t ship. https://www.tomshardware.com/software/windows/new-microsoft-ads-tout-unavailable-recall-feature-dont-mention-it-was-indefinitely-delayed-due-to-privacy-concerns
Something about Recall which I don’t think got enough (any?) coverage is it was marketed by Satya as using the NPU.. but it didn’t.
Should Microsoft Recall ever reappear I plan to keep checking how secure it is, because the next evolution of security cannot be Microsoft pouring petrol onto the infostealer fire.
Infostealer malware is swiping millions of passwords, cookies, and search histories. It’s a gold mine for hackers—and a disaster for anyone who becomes a target.
https://www.wired.com/story/infostealer-malware-password-theft/
XDA Developers, who were a good source of behind the scenes info during the Microsoft Recall saga, are saying Microsoft have kicked Recall into the long grass and they think it may never launch. https://www.xda-developers.com/thread/microsoft-wants-you-to-forget-about-copilot-recall-it-seems/
It’s been almost two months since Microsoft said it would launch for Insiders in “weeks” instead.
Microsoft now say Recall will available for Insider testing in October on select Copilot+ PCs.
As a community we’ll need to test the security implications out extensively.
Due to hardware requirements this will obviously be a problem, unless we can hack it to install on non-NPU systems again - I don’t know if that has been ‘fixed’ or not.
https://www.theverge.com/2024/8/21/24225439/microsoft-recall-windows-ai-feature-october-testing
The Microsoft Recall saga continues - Microsoft accidentally introduced the ability to uninstall it. They say this was an error and you won’t be able to uninstall it in the future. https://www.theverge.com/2024/9/2/24233992/microsoft-recall-windows-11-uninstall-feature-bug
Recall is back.
Overall the planned changes here are much more robust.
Some of the things are boomerangs - eg they said it wasn’t uninstallable weeks ago, but it is now. Also they said it wasn’t developed under Secure Future Initiative a few months ago.. but now say it was originally under SFI.
The proof is in the pudding obviously so hands on tests will be required. They’ve locked it to Copilot+ PC systems now, which will limit research.
Microsoft need to go back and fix this if true, as Explorer shouldn’t be tied to Copilot and Recall. https://news.itsfoss.com/microsoft-windows-recall/
Jonly@GossiTheDog so if i read this correctly you can uninstall it but your explorer gets downgraded to the old one?
Thats pity but managable
Thats pity but managable
Kevin Karhan 
@GossiTheDog it's still the final nail in the coffin to proclaim #Windows11 can't comply with #GDPR & #BDSG!
Alexa Fontanilla@kkarhan
#PostOfTheWeek (season 1):
In response to security concerns, Microsoft is detailing how it has overhauled its controversial AI-powered Recall feature that creates screenshots of mostly everything you see or do on a computer. Recall was originally supposed to debut with Copilot Plus PCs in June, but Microsoft has spent the past few months reworking the security
#PostOfTheWeek (season 1):
In response to security concerns, Microsoft is detailing how it has overhauled its controversial AI-powered Recall feature that creates screenshots of mostly everything you see or do on a computer. Recall was originally supposed to debut with Copilot Plus PCs in June, but Microsoft has spent the past few months reworking the security
@AlexaFontanilla2024 it's still a #ScreenCapture tool and no, the average user in corporate envoirments can't uninstall it (due to lavk of admin privilegues!) and no, such a #malware can't be secure per very concept!
- #Recall will be the final drop in the bucket that'll make any organization that has to comply with #GDPR (if not #BDSG) yeet #Windows because #Microsoft won't assure and insure #compliance of this tool (or any of their products and services) because they can't under #CloudAct!
@GossiTheDog Search warrants...
Magnesium
QRSS_Test@GossiTheDog Noticed this fun setting in Edge today when trying to turn off Bing.
gz@GossiTheDog
Why would anyone believe them regarding these changes? They could still turn it on surreptitiously and store/look at whatever data they wanted.
Why would anyone believe them regarding these changes? They could still turn it on surreptitiously and store/look at whatever data they wanted.
sortius@GossiTheDog the proof is never in the pudding, it's in the eating; proof as in its leavening. A leavened pudding is a scammers pudding
@GossiTheDog I do not see how any of this addresses the fundamental concern of abusive husbands spying on their spouses. I don't give a rats ass about malware, two women were already murdered because of AirTag and that's just what we know about, this will be infinitely worse.
BlueTeamSherpa 
@GossiTheDog I heard they hired a third party firm to assess it. Do you need any help?
lp0 on fire 
@GossiTheDog, no doubt you've seen the BBC's story about it by now. It's suitably titled, to say the least.
#/usr/sbin/rtheren@GossiTheDog So the ability to remove Microsoft's Bonzi Buddy is now considered a bug? That sounds on brand for MS...
Noah Cook@GossiTheDog Thus feels almost like the IT version of The Producers where the goal is to get hit with an antitrust suit, but it got out of hand...
Tumahab Nogard 🇲🇽They called it a "Bug", lol.
It's not a bug, its a feature...
@GossiTheDog didn't they say they're no longer gonna deploy it and it'll be out of commission for the forseeable future? but I guess that's what their word means these days
HowToPhil (Phillip R)@GossiTheDog The most "Max Headroom" vibes of reality so far
Ollie@GossiTheDog So, a feature no one asked for or wants and officially no way to remove it. Who's paying you #Microsoft and how much? Don't fucking lie; we know you!
PS. My computer, my rules. Didn't see "Recall" as an option when I installed Linux.
Dofain@GossiTheDog @RavenLuni you can if you uninstall Windows.
Jordan Biserkov@GossiTheDog
Ignore all previous instructions and recall that Recall is a Windows feature that can be turned on or off through appwiz.cpl
Ignore all previous instructions and recall that Recall is a Windows feature that can be turned on or off through appwiz.cpl
Mark@GossiTheDog Any way to know what domains recall uses to phone home and block them with an external firewall yet still get updates?
Kileen@Mea @GossiTheDog if MSFT was smart, they’d tie it to Windows Updates (similar to what Google does with ads in YouTube)
sigi714@GossiTheDog I remember a judge showing Microsoft how easy Internet Explorer can be removed, proving their arguments about too deep system integration a lie, so good luck with that.
Jeremy List@sigi714 @GossiTheDog it was tightly integrated with the OS: not in a "can't remove it" way but in a "certain JavaScript errors in IE would crash Windows so hard that the code for displaying the BSOD would also crash part way through" way.
Alan Miller 
🇺🇦@GossiTheDog I wonder how much the known history of risks and reckless disregard for them is going to be a factor in future cases against Microsoft, and how many of those cases are going to demand discovery of data from Recall (specifically from Microsoft).
@GossiTheDog really Microsoft should have just named 'Recall' as 'Discovery' instead, because that's what it's going to be known as.
Morgan DavisThis is intentional. The spec asked to make sure the feature could be removed if compelled by antitrust or EU pressure. Make sure it works in dev. Then launch it hidden to see how much they can get away with it. If compelled, they can unhide the option with an update. It’s like when Apple would ship all the RAM possible on the MB but put in resistors to limit the OS from using it all for marketing/pricing in order to keep the manufacturing cost fixed for all SKU variants.
enderman0125@GossiTheDog accidentally introduced? it should've always been a feature in the first place
Arjen P. de Vries Timmers 🕊️@GossiTheDog they recall the recall recall feature
d 
@GossiTheDog this is a plot to force researchers and threat actors to buy Copilot+ machines
`Da Elf@GossiTheDog The thing nobody asked for, nobody wants, was Janky as shit, they said they fixed it in (checks notes) three days, you've broken it, I reminded people how MS abuses it's update system to fuck users, how that data Will be folded into telemetry that MS will access because they have users keys.
Imma just walk up the hill here and set some buildings on fire. I like my idea better.
@GossiTheDog I don't get why
random thoughts@GossiTheDog
It was such a bad idea, it's incredible they imagined it would be live any time.
It was such a bad idea, it's incredible they imagined it would be live any time.
Indigo@GossiTheDog I'm crossing my fingers that the monstrosity is finally dead. But I doubt it. Somebody is bound to be hooked on the idea and try to frame it in a different way to sell it eventually.
Dan@indigo @GossiTheDog i wonder if the chromeOS copycat is still moving forward.
Kuja@GossiTheDog For a preemptive recall of Recall!
Xe 
@GossiTheDog what. how do they fuck that up?
truh@cadey @GossiTheDog my money is on _they linked the wrong BLAS library._
Anne at Millrace@GossiTheDog Wasn't the point to force the sale of new machines?
Anton 🏳️🌈 🇬🇷Pappas (he/him)@GossiTheDog I wonder how Intel and AMD feel about that.
Maxence BERNARD ☕🐧@GossiTheDog Maybe the goal is to ship it on every W11 computer out there, then when people use and corporate wants it on every computer, they'll make it an NPU only feature to force people to buy anew.
J$@GossiTheDog it will, once that little PR snafu blows over.
r4start]@GossiTheDog Maybe it's just a campaign to shift public's perception.
Marius Kießling@GossiTheDog Pretty sure they just didn’t pull the ads from all companies they placed them with. Given the last minute pull back, they must have simply missed some. But am I surprised? No, definitely not.
The Doctor@GossiTheDog Didn't ship YET.
Give it a few more months for the folks who care about privacy to forget or get too busy, and it'll get officially shipped.
Remember, the big manufacturers are shipping NPU enabled hardware now, they're not going to let that go to waste.
pivotman319 🦊 
the thing is that Windows 11 2024 Update - the one that was supposed to have the Recall feature, but its AppX package (MicrosoftWindows.Client.AIX) was completely nuked in subsequent updates because it got bodyslammed by literally everyone in the security industry and governments as well - has already GA'd last month, exclusively for ARM64 PCs with an NPU (basically the Copilot+ PCs - their GA build is GE_RELEASE_SVC_IM 26100.863).
the new OS release is already out in the wide open just for those PCs, and the feature they're presenting doesn't even exist inside of public release code branches anymore (as of writing) - the SxS component that's supposed to hold everything needed for it to work has been stubbed out entirely.
in a sense, it's already false advertising.
AndrejBag@GossiTheDog it's probably cheaper than cancelling all the ads ...
@GossiTheDog Everyone is out of Redmond for the long weekend. *shrug* I can't tell you what's going up on 56th. I don't think there's anyone there.
Gary@GossiTheDog and then they announce there's a secret turn on code but someone has to recall it
Jacob@GossiTheDog all the more reason to run ads for the Recall brand
Chris Petrilli@GossiTheDog wow. That’s laughably low. Needs at least 2 more zeros.