top of page

Microsoft Recall: The Screenshot System You Didn’t Know You Needed to Fear

Microsoft Recall

Recently, Microsoft made headlines with the announcement of their new Co-Pilot Plus PCs, which come equipped with a Neural Processing Unit (NPU). This little gadget, also known as an ARM Snapdragon chip, is separate from your CPU and GPU. But the star of the show here isn’t just this hardware marvel; it’s Microsoft Recall, a system that screenshots every single thing you do on your computer, processes it, and stores it in an encrypted local database. Sounds cool, right? It’s like having a photographic memory for your PC activities. But, hold your horses – it’s not all sunshine and rainbows.

Let’s get this straight from the get-go: the whole NPU thing is somewhat of a marketing gimmick. While it does have a role to play, it’s not a necessity for running Recall. Enthusiasts have been tinkering with Recall on existing ARM64 hardware, even getting it to work on x86 systems via ARM emulation. Basically, the NPU makes things more efficient but isn’t indispensable.

Here's where it gets dicey. Recall processes your data locally on your device, which seems like a win for privacy advocates. However, once you’re logged in, this data, stored in a SQLite database, is accessible in plain text. Sure, it’s encrypted at rest (meaning when your system is off), but once you're logged in, it’s game on for anyone with malicious intent.

Now, you might be thinking, “Isn’t my data safe?” Well, not exactly. Hackers can exfiltrate this plain text database of everything you’ve done on your PC quite easily if they gain access. Imagine info-stealer Trojans, which have been a cybersecurity headache for years, but on steroids. Once they’re in, they can scrape your entire Recall database within seconds. So much for security, huh?

The out-of-the-box experience (OOBE) for Windows 11 with Recall on Co-Pilot Plus PCs is where things get scarier. Recall is enabled by default, and while there’s a nondescript option to adjust settings after setup, it’s easily overlooked. In a corporate context, this means group policies need to be meticulously managed to prevent sensitive data from being automatically logged and exposed.

And then there’s the GDPR. Recall processes all data locally, sidestepping immediate GDPR concerns. But when – not if – a data leak happens, the legal landscape might change dramatically. European regulators aren't known for their leniency with privacy violations.

For a bit of good news, Recall doesn’t log DRM content or data from private windows in Chromium-based browsers. Firefox private windows, however, seem to be an exception (probably a bug). Also, apps like KeePassXC are safe since they treat themselves like DRM windows.

For those already weary of Windows, this might be the final nudge towards Linux. The security implications of Recall are enough to make even the most die-hard Windows user reconsider their OS allegiance. Linux users are probably having a good chuckle right about now.

In the end, while Recall offers some nifty features, the security trade-offs are significant. For tech-savvy users, disabling or configuring Recall is a minor hassle. But for the average user, it’s a Pandora’s box of potential data breaches. So, if you're using a Co-Pilot Plus PC, it might be time to get acquainted with your settings menu – and maybe start looking into Linux, just in case.


bottom of page