The Security Nightmare Known As Recall

Table of Contents

Microsoft unveiled Windows Recall as a key feature of its Copilot artificial intelligence tool, It will take screenshots of the desktop every few seconds. They claim it is to make things easier to find later. (Guess they never heard of something called search before). Labeled Copilot Plus, the generation is set to launch June 18.

The problem is this will take shots of EVERYTHING! Well everything outside of DRM’ed stuff. Using AI, Recall is supposed to capture data from all applications unless you exclude any by taking a series of screenshots and storing these interactions in a database. It runs locally and can function without an internet connection, and even when you’re not logged in to your Microsoft account.

Of course they say all the screenshots are stored locally. At least for now, but how long will it be until it has to be done on the cloud? They say the data is secure and encrypted. Well, sure it is encrypted when the machine is turned off but once you log into the machine all that data is wide open for the taking.

It won’t take long for the data to be hacked, Microcrap has shit security that has never changed nor will it ever change cause Microcrap is a shit company that the only thing they do care about is how much money they can rape from people. And as for recall… well its been hacked already, You read that correctly recall hasn’t be officially released and it has already been exploited.

Enter Total Recall This very simple tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC’s activity snapshots.

Recall saves all the data in

C:Users$USERAppDataLocalCoreAIPlatform.00UKP{GUID}

And the images are all stored in the following subfolder

.ImageStore

The database, ukg.db, is relatively straightforward in its structure, but it holds a wealth of information. TotalRecall copies the databases and screenshots and then parses the database for potentially interesting artifacts. You can define dates to limit the extraction as well as search for strings (that were extracted via Recall OCR) of interest. There is no rocket science behind all this. It’s very basic SQLite parsing.

latest update: When they do release recall it will be opt-in (at least they are saying that right now) and even if that is true, it won’t be long till it is opt-out, and even if you opt-out you can bet your ass it will get randomly turned on after some “update”, it wouldn’t be the first time that has happened eh?

I can’t wait for all the data leaks this shit is going to be the cause of. But I have said for years if you use microcrap anything you are a fool. And if you are still using windows after all this shit well when all your data gets leaked it is your own damn fault. TL;DR use Linux.