One Year Later, Windows Recall Still Can’t Shake Its Security Problem

Standard-user malware can silently extract Recall’s decrypted data in memory, a gap Microsoft says falls within its intended design

Al Landes Avatar
Al Landes Avatar

By

Image: Microsoft

Key Takeaways

Key Takeaways

  • Standard-user malware extracts Windows Recall data without admin privileges or kernel exploits.
  • Recall’s encryption protects stored data but leaves decrypted content vulnerable once users log in.
  • University of Pennsylvania flagged Recall’s legality risks, raising compliance concerns for regulated industries.

Microsoft promised a photographic memory for your PC. Researchers keep proving it’s more like leaving your diary open on a park bench. Windows Recall — the Copilot+ feature that screenshots your activity at regular intervals and makes it searchable with AI queries — launched to immediate backlash in 2024. Microsoft responded with encryption, Windows Hello authentication, and a Virtualization-based Security enclave. The feature got locked down, limited to specific hardware, and disabled by default. A year later, security researchers are still demonstrating that secretly tracking users via standard-user malware can silently extract Recall data without admin privileges, kernel exploits, or breaking a single byte of encryption. Microsoft reportedly calls this “working as intended.”

The Architecture Argument Nobody Is Winning

The core tension is simple: encryption at rest stops cold storage theft, but it doesn’t protect data once you’re logged in and the vault door is propped open.

Recall encrypts your captured screenshots and search index locally. Once you log in — which happens every time you sit down at your computer — that data gets decrypted in memory. Researchers can target that live stream directly, no elevated permissions required.

The findings keep stacking up:

  • James Forshaw of Google Project Zero demonstrated access to Recall data without admin privileges, reported by Wired in June 2024
  • Tools named TotalRecall and TotalRecall Reloaded showed practical extraction of screenshots and stored data in real conditions
  • CSO reported that malware running in a surveillance app standard user context can silently siphon Recall content — no elevated rights, no kernel exploits needed

“Substantial and unacceptable security, legality, and privacy challenges.”
— University of Pennsylvania Office of Information Security, on Windows Recall

Microsoft maintains the observed behavior fits Recall’s documented security design and does not constitute a security-boundary bypass. Critics argue that’s a lot like a lock manufacturer insisting the product works fine while people walk straight through the door. The Verge reported that the trust boundary remains too weak despite the layered defenses. Penn’s warning explicitly raised legality concerns alongside security ones — language that should make enterprise IT teams in regulated industries pay close attention, because compliance exposure tends to be more persuasive than researcher blog posts. Microsoft, Amazon and other major cloud providers have already faced regulatory restrictions in Europe over exactly these kinds of data-handling concerns.

Recall stays disabled by default and limited to Copilot+ PCs. But Microsoft’s ambitions for the feature stretch further. If the rollout expands, the scrutiny will follow. The question isn’t whether Recall works. It’s whether the people responsible for your data can afford to find out.

Share this

At Gadget Review, our guides, reviews, and news are driven by thorough human expertise and use our Trust Rating system and the True Score. AI assists in refining our editorial process, ensuring that every article is engaging, clear and succinct. See how we write our content here →