Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Disable Microsoft’s Recall AI feature or be ready to…

Microsoft has yet to make Recall widely available to consumers; currently, it's included in the preview release for Windows 11 version 24H2. But y ou might want to disable it when it's up and running

byKerem Gülen
June 5, 2024
in Cybersecurity
Home News Cybersecurity

You might want to disable the Microsoft Recall AI feature when it’s ready, because of several significant cybersecurity concerns that have recently come to light. These issues could potentially compromise your data security.

Microsoft has refuted allegations that Recall, a feature designed to enhance system-wide searches by remembering user activities on your PC, presents a privacy threat. However, two security researchers now assert that Recall significantly eases the process for hackers to access data from Windows 11 users.

On Tuesday, cybersecurity expert Alexander Hagenah unveiled a demo tool that illustrates how malware can effortlessly exploit the saved data within the Recall function.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

“The database is unencrypted. It’s all plain text,” Hagenah emphasized in his discussion with Wired, highlighting the vulnerability of how Recall stores information on a PC. “It’s a Trojan 2.0 really, built in.”

Disable Microsoft’s Recall AI feature or be ready to
Microsoft has yet to make Recall widely available to consumers; currently (Image credit)

Just a few days after Hagenah’s disclosure of his tool, named TotalRecall, another security researcher and ex-Microsoft employee, Kevin Beaumont, released a blog post detailing supposed vulnerabilities in the Recall feature.

Microsoft has yet to make Recall widely available to consumers; currently, it’s included in the preview release for Windows 11 version 24H2. This also provides early access to Recall for Windows PCs utilizing Arm processors, either directly or via a virtual machine.

Upon testing the feature, Beaumont discovered that hackers or malware can easily access files saved by Recall, despite Microsoft’s assertion that it employs encryption. Beaumont noted that Recall saves information in a readily accessible database within the user’s AppData folder. Unexpectedly, the database stores this information in plaintext.

Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall activity remotely.

Reality: how do you think hackers will exfiltrate this plain text database of everything the user has ever viewed on their PC? Very easily, I have it automated.

HT detective pic.twitter.com/Njv2C9myxQ

— Kevin Beaumont (@GossiTheDog) May 30, 2024

Additionally, the database compresses the saved data tightly, allowing several months’ worth of user history to be extracted from the PC in seconds. The risk emerges if a hacker deceives the user into installing malware that taps into the Recall database and covertly steals sensitive details such as passwords and financial account numbers. To mitigate this risk, it is crucial to disable Microsoft Recall AI feature whenever possible.

“I think [Microsoft is] probably going to set fire to the entire Copilot brand due to how poorly this has been implemented and rolled out,” Beaumont stated. “It’s an act of self harm at Microsoft in the name of AI, and by proxy real customer harm.”


Telegram combolists show that we are all hacked


These revelations prompted Hagenah to develop TotalRecall. In his GitHub posting, Hagenah highlights that Recall “stores everything locally in an unencrypted SQLite database, and the screenshots are simply saved in a folder on your PC.”

These findings come amid growing concerns from many security and privacy experts who have labeled Recall as a potentially invasive spyware threat. Microsoft did not immediately respond to requests for comment. However, the company has previously indicated that it is still collecting user feedback on Recall to help develop more controls for the technology and enhance the overall user experience. Nevertheless, users have observed that Recall is enabled by default on new Windows 11 Copilot+ PCs, making it crucial to disable Microsoft Recall AI feature to avoid potential security risks.

Disable Microsoft’s Recall AI feature or be ready to
Microsoft has previously indicated that it is still collecting user feedback on Recall to help develop more controls for the technology and enhance the overall user experience (Image credit)

How to disable the Microsoft Recall AI feature?

If you’re concerned about the privacy and security implications of the Microsoft Recall AI feature, you can disable it by following these steps, when it reaches your PC:

  1. Locate Recall on the taskbar: When you reach your desktop, you’ll find Recall pinned to the taskbar.
  2. Check the system tray: Look for the Recall snapshot icon in the system tray, which indicates when Windows is actively saving snapshots of your activity.
  3. Access settings:
    • Click on the Start menu and select Settings.
    • Navigate to Privacy & security.
  4. Disable Recall & snapshots:
    • Under Privacy & security, find and select Recall & snapshots.
    • Here, you can toggle the option to save snapshots on or off according to your preference.

By following these steps, you can ensure that the Recall feature is disabled, helping to safeguard your personal data and maintain your privacy.

A bad reputation

Microsoft has a history of setting features to default without user consent, much like requiring a Microsoft account for installing Windows. According to cybersecurity experts, this trend might continue with the Recall feature. Kevin Beaumont mentioned on Twitter that Microsoft has hinted at possible changes to Recall before the release of Copilot+ consumer devices, although officially, they have remained silent on the matter.

Apparently Microsoft have off the record briefed they may make changes to Recall before Copilot+ consumer devices drop (soon). On the record they’ve no commented about everything. https://t.co/AjT37vuEfb

— Kevin Beaumont (@GossiTheDog) June 4, 2024

Zac Bowden added that users are likely to be prompted to enable Recall during setup, with the option to opt out. This situation suggests that the current issues with default settings in Microsoft products are neither the first nor likely the last.


Featured image credit: Kerem Gülen/Midjourney

Tags: FeaturedMicrosoftrecall

Related Posts

Texas Attorney General files lawsuit over the PowerSchool data breach

Texas Attorney General files lawsuit over the PowerSchool data breach

September 5, 2025
LunaLock ransomware hits artists/clients with AI training threat

LunaLock ransomware hits artists/clients with AI training threat

September 5, 2025
GWI: Gen Z lacks cybersecurity awareness vs boomers

GWI: Gen Z lacks cybersecurity awareness vs boomers

September 5, 2025
Browser attacks target third-party apps like Salesforce

Browser attacks target third-party apps like Salesforce

September 5, 2025
Government-level personal data leaked across seven countries

Government-level personal data leaked across seven countries

September 5, 2025
ShinyHunters uses vishing to breach Salesforce data

ShinyHunters uses vishing to breach Salesforce data

September 3, 2025

LATEST NEWS

Texas Attorney General files lawsuit over the PowerSchool data breach

iPhone 17 Pro is expected to arrive with 48mp telephoto, variable aperture expected

AI chatbots spread false info in 1 of 3 responses

OpenAI to mass produce custom AI chip with Broadcom in 2025

When two Mark Zuckerbergs collide

Deepmind finds RAG limit with fixed-size embeddings

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.