The TotalRecall script can pull out all the data from Windows Recall and there's still no reaction from Microsoft

This elegant hacking script should be a clear red flag for Microsoft

Reading time icon 3 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

TotalRecall pulls out all data from Windows Recall exposing your information to everyone

In what it’s becoming a ridiculous twist, a fresh tool called TotalRecall has surfaced that can pull out each data bit stored by Microsoft’s Recall feature. It has its own GitHub page and everyone can use it.

Here’s the whole story about Windows Recall

Let’s recap this saga really quickly so we can have a broad picture of this privacy mishap: Recently, Microsoft announced Recall, an AI feature for Copilot+ PCs to take a snapshot on everything you’re doing on your PC, to provide Copilot with data that will help you in your local searches. When users started threatening to leave Windows 11 due to privacy concerns, Microsoft said that Recall is harmless and you can disable anyway.

A few days later, a few developers discovered that Recall stores everything in a plain text database that can be accessed as easily as opening it. So, we got to present day, when a researcher even created the script that really does a great job in hacking Recall by automating the job in a totally elegant way.

The TotalRecall script made hacking Windows Recall even easier

So, picture a tool with such strength that it can go through your computer’s digital memories, finding screenshots, text data, and even coded messages you believed were secured. TotalRecall, made by a researcher named Alex Hagenah, is an important example that highlights Recall’s weaknesses.

The TotalRecall risks are not only about personal privacy but also involve broader concerns. In a time when cybersecurity is critical, this tool highlights the necessity for strong security actions to safeguard our digital marks. Now, we’re sure that Hagenah didn’t put TotalRecall on GitHub to encourage people to hack Windows Recall. It is an encouragement for Microsoft to take action about these safety problems before Recall’s full release.

However, TotalRecall is not the single voice sounding alarms. Another cybersecurity researcher named Kevin Beaumont has made a website for searching Recall databases, too; he hasn’t yet released it in hopes that Microsoft will reply. Controls like switching off screenshot saving and pausing Recall are mentioned in Microsoft’s documentation, but these steps might not be sufficient to ease worries about possible misapplication of this tool.

The worse part about all this is that Microsoft didn’t have any reaction to all this issue apart from the fact that they keep repeating that Recall can be disabled.

In an X post, Beaumont highlights the fact that Microsoft thinks it’s the organization’s responsibility to secure this feature, and they might not be prepared for such a complicate task. Luckily, we have a guide on how to disable Recall in Windows 11 and we recommend doing so when the feature is released.

The debate between Recall and TotalRecall is part of a larger conversation about the tension between innovation and privacy. We do not know yet whether Microsoft will listen to Hagenah and Beaumont. However, one thing is sure—discussions on digital privacy and security continue.

Let’s discuss about Windows Recall and privacy implications in the comments below.

More about the topics: AI, Cybersecurity, windows recall