“TotalRecall Reloaded” tool finds a side entrance to Windows 11’s Recall database

"TotalRecall Reloaded" waits for the user to authenticate Recall using Windows Hello and can then scoop up Recall's information. Credit: Andrew Cunningham

Two years ago, Microsoft launched its first wave of “Copilot+” Windows PCs with a handful of exclusive features that could take advantage of the neural processing unit (NPU) hardware being built into newer laptop processors. These NPUs could enable some AI and machine learning features that could be run locally rather than in someone’s cloud, theoretically enhancing security and privacy.

One of the first Copilot+ features was Recall, a feature that promised to track all your PC usage via screenshot to help you remember your past activity. But as originally implemented, Recall was neither private nor secure; the feature stored its screenshots plus a giant database of all user activity in totally unencrypted files on the user’s disk, making it trivial for anyone with remote ...