In May 2024, Microsoft announced Windows Recall, a Copilot+ feature that takes a screenshot of your screen every few seconds, runs OCR over it, and stores everything in a local database so you can search your entire activity history in plain English. Within weeks, a security researcher published TotalRecall, a tool that dumped the entire database in seconds. Passwords, private messages, banking screens, medical records. Everything you had done on that machine, searchable and extractable with no authentication required.
Microsoft delayed the feature and returned with fixes. The database got encrypted. Windows Hello biometric authentication was required to access it. The vault, in Microsoft's framing, was now secure. What TotalRecall Reloaded found is that the vault being secure does not matter much if there is another way to reach the data. The researcher's summary was direct. The vault is solid. The delivery truck is not.
The delivery truck is the pipeline. Recall has to move screenshots into the database somehow. It has to process them, index them, run OCR, make them searchable. That pipeline operates outside the same authentication boundary as the encrypted store. TotalRecall Reloaded found an entry point through the unprotected parts of that system, not through the database itself. The data can be reached through the collection or indexing layer, which has to maintain access to function, and which does not sit behind the same locks as the vault.
This is a predictable failure mode. When a feature exists to collect comprehensive data about everything a user does, and when that feature must continuously process that data to remain useful, there will always be a pipeline. Pipelines have edges. Encrypting the storage layer is a real improvement, but it does not change the fundamental shape of the problem. The data still has to move, be processed, and be retrieved. Any point in that flow is an attack surface.
Microsoft can patch the specific side entrance TotalRecall Reloaded found. Then there will be another one, or a different researcher will find a different edge. A comprehensive, always-on local surveillance log of your entire screen history is a permanently high-value target. Securing it is a maintenance obligation that does not end. Every fix is a new lock on a building that should not have been built.
Recall can be disabled. After the 2024 backlash, Microsoft moved it to opt-in on supported hardware. But the architecture to support it is built into the OS. The collection infrastructure exists whether or not the feature is active. That is the permanent legacy of how Microsoft chose to ship this. Opt-in today, quietly re-enabled in a future update, or on by default for users who never saw the original controversy. The pipeline stays.
Blackout VPN exists because privacy is a right. Your first name is too much information for us.
Keep learning
FAQ
What is Windows Recall?
Windows Recall is a Microsoft AI feature for Copilot+ PCs that takes periodic screenshots and makes your full activity history searchable. Everything displayed on screen is logged locally in a database on the device.
What did the original TotalRecall tool expose?
TotalRecall showed in 2024 that the Recall database was unencrypted and required no authentication. It extracted the full contents in seconds, including screenshots of passwords, messages, and sensitive documents.
What did Microsoft fix after TotalRecall?
Microsoft added encryption to the Recall database and required Windows Hello biometric authentication to access it. The underlying collection architecture and pipeline were not changed.
What is the side entrance TotalRecall Reloaded found?
The tool found a path to Recall data through the collection or indexing pipeline rather than through the encrypted database itself. The researcher described it as finding the delivery truck rather than cracking the vault.
Can Recall be turned off?
Yes. Microsoft changed Recall to opt-in after the 2024 backlash. It can be disabled in Windows settings or removed via optional features. The underlying infrastructure remains part of the OS regardless.