Windows Recall, Microsoft's screenshot-based activity tracker for Copilot+ PCs, has been breached again. A tool called TotalRecall Reloaded has found a side entrance into the Recall database, bypassing the security overhaul Microsoft spent nearly a year building after the original 2024 disaster.
The backstory matters here. The first version of Recall stored screenshots and a full user activity database in unencrypted files, readable by anyone with local or remote access. Microsoft delayed the rollout, added Windows Hello authentication, enabled encryption, turned the feature off by default, and added filters for sensitive financial data. That was supposed to be the fix.
The original TotalRecall tool exposed the first version. Now its successor is back, targeting the hardened version. The full article details exactly how the bypass works, what data is reachable, and what this means for the 'local AI equals private AI' premise that Copilot+ hardware was sold on. Read it before drawing conclusions about whether any amount of patching makes Recall salvageable.
[READ ORIGINAL →]