TotalRecall is a new open source tool for Windows that can be used to run searches across the entire Recall database.
Recall is a new feature of Windows 11 that takes snapshots of the screen every five seconds. It stores them locally and makes them available for processing by the user.
Recall is enabled by default on supported systems. Users may disable Recall, but only after the initial setup. While that may change before public release, and Microsoft would do good to make the change, it is on by default right now.
The feature is officially available only for a batch of ARM64 devices at the time of writing, but it will expand to Intel and AMD hardware soon as well. Plus, there are tools available already to make it work on older ARM devices that do not have a NPU chip.
The data is protected, but unlocked once the user logs in. It is then accessible by the user, but also by System or Admin accounts. In other words, any process that runs as System or Admin may be used to access the data.
It does not take an Einstein to connect the dots here to spot the elephant in the room: malware and spyware will target Recall data. It reveals any activity of the user, with the exception of activity in certain private browsing windows.
Forget tracking, you get a clear picture of a user’s likes, dislikes, webpages, apps, games, documents, financial transactions, online banking, private and public messages on forums and chats, and much more, when you gain access to that data.
TotalRecall
TotalRecall is a third-party tool that makes the data searchable via the command line. Run a search for password, and the tool runs a query to return any user activity associated with the term password.
It saves the search results to a text document on the system. This file provides details on the “captured windows, images, and search results”.
You can limit the search to a specific data range or run it across the entire data.
Here is what the tool does:
TotalRecall copies the databases and screenshots and then parses the database for potentially interesting artifacts. You can define dates to limit the extraction as well as search for strings (that were extracted via Recall OCR) of interest. There is no rocket science behind all this. It’s very basic SQLite parsing.
Closing Words
Microsoft, probably, did not expect to receive that much backlash for Recall. It is anyone’s guess whether Microsoft is going to make adjustments to Recall.
Windows 11 users who buy a laptop that is Recall capable, may want to strongly consider turning it off. While it may be a useful tool in very specific work scenarios, the chance of Recall turning into a nightmare for many Windows users is a real one.
This MS Recall needs to be brought to light for the multitudes of PC users that do not know about it. This is a major security issue and a prime target for malware.
There is no reason to have this Recall spyware running. If you are worried about having copies of data as you make changes to it ther are other tools for that. Almost all word processor software, and busness software suites like MS Word and MS Office have the abilty to make auto saves as you use it.
MS Recall needs to be not included. It should be a optional installation, and never installed without a giant warning screen with a big cancel button.