Windows Recall draws scrutiny
Microsoft’s Windows Recall tool is under renewed privacy scrutiny after researchers showed it can extract stored data, prompting questions about what the feature captures and how it’s secured. The debate centers on whether the tool’s data‑extraction behavior exposes user or enterprise secrets. (x.com)
Windows Recall is back under pressure after a researcher showed he could pull decrypted data from the feature’s local archive on a logged-in PC. (github.com, pureinfotech.com) Recall is a Windows 11 feature for Copilot+ personal computers that saves periodic snapshots of what appears on screen, then lets users search those snapshots in plain language. Microsoft says the snapshots and related data stay on the device, are encrypted, and require Windows Hello sign-in to access. (learn.microsoft.com, support.microsoft.com) The new proof-of-concept, called TotalRecall Reloaded, was published on GitHub in April 2026 by security researcher Alexander Hagenah. Reporting on the release said the tool injects code into a Recall-related process after Windows Hello authentication and then reads data after decryption. (github.com, thecyberexpress.com) Microsoft’s position is that the behavior does not meet its bar for a security vulnerability. Coverage of the company’s response said Microsoft closed the March 6, 2026 report on April 3, 2026 as “Not a Vulnerability,” saying the behavior matched the documented design. (thecyberexpress.com, itnews.com.au) That answer lands on a feature Microsoft already had to rework after its first 2024 unveiling triggered a privacy backlash. The company delayed the rollout, made Recall opt-in, added Windows Hello checks, and said users can remove the feature entirely. (blogs.windows.com, blogs.windows.com) Microsoft then began general availability of Recall in preview on April 25, 2025 for Copilot+ personal computers. The company described the release as part of a broader push to keep artificial intelligence processing local on devices with neural processing units. (blogs.windows.com, support.microsoft.com) The technical dispute is not over whether Recall encrypts data at rest. Microsoft says snapshots, the vector database used for search, and exported snapshots in the European Economic Area are encrypted; the researcher’s argument is that data becomes reachable when Recall has already unlocked it for an authenticated user session. (blogs.windows.com, learn.microsoft.com, thecyberexpress.com) Microsoft has also added policy controls for companies. Administrators can disable Recall, filter apps and websites, and use Microsoft Purview data loss prevention policies to reduce the chance that sensitive information ends up in snapshots. (learn.microsoft.com, learn.microsoft.com) Those controls do not settle the basic question raised since 2024: how much risk comes with a feature designed to remember what was on your screen. The latest research suggests the debate has shifted from whether Recall stores sensitive material to what happens once that material is legitimately opened on the device. (bleepingcomputer.com, thecyberexpress.com)
