Microsoft promoted Recall as essentially a new type of search engine. For example, if you wanted to revisit a document, video, or webpage but can’t remember where you saw it, you can enter what you remember into a text interface. Windows will then use AI to find what you are looking for.
Recall’s Potential Benefits vs. Privacy Concerns
Recall offers a promising solution for those who often find themselves lost in the digital maze of documents and media. Imagine having a personal assistant that can instantly locate any piece of information you've interacted with, simply based on your recollection. However, this convenience comes with significant privacy concerns. The idea of a PC recording everything you do just seems creepy, even if all your activities are entirely innocent. Adding to this concern is that the Recall feature in the Windows 11 24H2 Build, which Microsoft hasn’t yet generally released, has already been compromised. It further underscores the idea that using the Recall feature poses significant risks.
Malware and Access Risks
Despite these reassurances, there are undeniable risks associated with using the Recall feature. Imagine a user accidentally clicks on a malicious link and installs malware on their Windows 11 PC. Generally, malware operates with the same permissions and within the same security context as the user who installed it. In theory, malware could interact with the Recall history programmatically, perhaps by silently submitting Recall queries in the background.
Prevailing wisdom suggests that malware cannot directly access the screen capture repository, as accessing the repository requires local administrative credentials. However, a recent blog post on Tyranid’s Lair explains that it would be relatively easy for a cybercriminal to gain access without administrative credentials. The blog post notes that since the user who creates the files owns them, you can rewrite the DACLs (discretionary access control list) to gain access without needing admin rights. The blog post also outlines another method involving opening an instance of AIXHost.exe, copying its token, and using the security token to gain access to the screen capture repository.
Even if the Recall feature were secure, the idea of a PC recording everything you do just seems creepy, even if all your activities are entirely innocent. Adding to this concern is that the Recall feature in the Windows 11 24H2 Build, which Microsoft hasn’t yet generally released, has already been compromised. It further underscores the idea that using the Recall feature poses significant risks.
