PSA, it looks like KB5037850 was taken out of rotation in Windows Updates... so trying to recreate an Azure ARM64 VM to bring Windows 11 24H2 26100.560 up to 26100.712 likely won't come through. I'm not sure why this was removed, perhaps Microsoft not wanting folks to play with it any more 😂 twitter.com/_JohnHammond/status/1799350383506313671

MOM IM ON TV

People are applauding that Recall is off by default??? What the hell??? How about NOT INSTALLING that misfeature that nobody but the NSA wanted, thank you very much?

“Thank you, thank you, thank you Microsoft.” -hackers, government, cops, FBI, CCP, Google, Apple, Facebook, kidnappers, etc.

Recall is a classic example of just because you could, doesn't mean you should.

Windows Recall is (still) a Security Nightmare

But dude, this tool is so useful! When you get hacked, not only can a hacker access everything on your computer, but see everything you've done in the past!

Use AI to extract text from an image but still can't copy a windows error popup to find what the error code is.. priorities guys come on

"She Chose The Wrong T-Shirt" ... yep you really demonstrated it John

Still is. That garbage should have never made it into the OS.

This feature needs to have a giant hack reported in the news before Microsoft gives a crap.

Crazy how microsoft added its own post exploitation screenlogging module into its OS so I don't have to write my own anymore 💀💀💀

Time for another antitrust case… Microsoft has no right to put malware companies out of business by bundling it with windows 😂

Even turned off i do not want this feature in my windows installation. I'll be switching to linux.

The people who support this feature have the same level of brain-rot to support kernel-level anticheat.

As a Linux user, some distros are trying to implement AI. Please for the love of god learn from Windows failure and never clone that company's decision

So, in order to do corporate espionage all you need to do is place your man as system admin in an organisation and run a search. Like, what sort of toxic glue has Microsoft been eating on their pizza sauce?

Just gonna point out password managers are now going to get compromised due to Microshaft.

201* keylogger is a malware 2024 keylogger is a windows feature

Bill Gates be looking at everyone's homework folder soon

If there was a government crackdown on one certain thing they could say “let us see your computer” and go through recall to see if you participated in said “problem” its so authoritarian for absolutely no reason

"She Chose The Wrong T-Shirt" She surely did

I don't want to be able to turn this feature off. I don't want this feature even shipped on the Windows install. If it's not possible to remove completely I'm jumping ship 🤓

Windows is now assumed malicious.

Recalling recall sounds like the best option. If they care about security, they would be reducing the attack surface, not broadening it 🤦🏻‍♂️

They requiring auth is better than nothing but this features means that every windows install in the feature is now 1 or 2 bugs away of being a keylogger for every windows user. And no matter how good I think MS developers are, everyone makes mistakes and with a single zero-day attack someone can potentially silently enable this and collect everything. No need to write a hidden logger. Even though the added security is better than the previous, it's still a nightmare.

Or, my fave. All those screenshots of what you were doing constitute gigabytes upon gigabytes of data, which, if sent up the pipe in their native form, would be an unmistakable and unsustainable traffic flow. But now we have Recall, and advertisers, Microsoft and the government can now just access Recall through a back door! Recall can do all the heavy lifting there locally, using the user's very own hardware! "Hey, Recall, does John have any music that he might not have paid for?" "Hey, Recall, does John have any photos or video that your algorithm might classify as 'prurient'?" "Hey, Recall, did John have any double-plus-ungood communication with any unpeople today?" and instead of wads of screenshots, now "Recall API, the Undisclosed Back Door" can now offer a brief, concise opinion of whether John needs to be considered for a nice knock at his door by the Feds or the local gendarmes.

Remember everything is open source if you reverse engineer it

Oh so recall will BE there, ready to use but not enabled. Here's what's wrong with that and it should be obvious. OPT-IN should be "I install it and run it" not "it's all there waiting to be used but you don't have to use it." Imagine a "self repo feature" in your car or truck that you paid for in cash. My car or truck NEVER needs to be repossessed because it's 100% mine and always has been. I don't want that feature but it's BUILT IN and you can't tell them to REMOVE IT. We live in a world where mistakes are common and normal. I don't need to go any deeper than that. Someone orders a self-repossession on a car or truck and get some entry data wrong and BOOM, my car or truck is no longer in my possession or under my control. Forget about all of the other "But, but, but" anti-commentary, my rights have been violated and I have been harmed because of something that never ever needed to be there in the first place. "I'm sorry your car or life has been damaged... it was just a mistake." A mistake happens when you didn't reasonably know that it could happen. If you REASONABLY KNOW it COULD happen, it's no longer simply an honest mistake -- it is placing people at RISK with intention of private benefit. This is EXACTLY what Microsoft's recall is. This is EXACTLY what Adobe's terms of service is.

Literal spyware OS, should be banned from sale.

Large corporations own the government, so they are the government. This is big brother.

*IS Malware will simply enable the recall feature so they don’t need to code an AI keylogger/screen grabber themselves. I know that’s what I’d be doing at least if I was a malware dev.

The fact that it's a sqllite database really hints at the fact 1. they are prepared for your recall information to be easily sent to serverside databases If it was meant to be local just why use a database and not just store it in a encrypted file. 2. They didn't really put to much effort into the actual development of recall since anyone with a few years of backend experience can probably setup sql database hook up a ocr make a function call to the windows screenshot api so the only hard part would be creating the ui. Yet they pretend it's this revolutionary technology to mask the obvious spyware.

Microsoft will always "Recall" this moment.

Haven't used Windows for the past 8 years😅. Stay away from Microsoft folks, run.

So basically a keylogger that takes snapshots

Who in their right mind gave Recall the Green light for development given the obvious privacy and security issues of the entire concept.

theres no way. When you opened the image folder i thought "surely you cant just rename the file" and then you did just that. amazing.

M$ keeps adding BS to their OS...

NSA, CIA, FBI are pissed that their wish to have this developed and “sold to” the world as good, has fallen on its face, and SO OBVIOUS

thats crazy. New malware doesnt need to bring its own info stealer, we have recall for that now. Which will not be detected by Antivirus, because its from microsoft itself.

it makes me uncomfortable that windows will ship with all of the DLLs there to do extremely advanced infosec allowing a hacker to ship an extremely small payload and potentially utilize those functions to do some of these features without the encryption features and the UI

I'm still reluctant to have this available for company computers but that's just me 😅

Let's cut through the B.S. Post covid, many people are now working from home. Employers want tools to monitor their staff remotely. That's who this is for. It's not so Microsoft can spy on you, it's so your boss can, and that keeps your company firmly on the Windows ecosystem. This feature will be enabled by your organization and will not be something you can opt-out of or disable without admin credentials. But the end users would flip their shit if Microsoft said that, so they're trying to dress it up as a productivity feature for the user. They want you to think it will make your life easier so you accept it. Querying a SQL database across a network is trivial, and unlike most collected telemetry data, there won't be specific IP addresses and domains you can just block to prevent it being sent. It's going to be locked down to your specific organization. So what you need to do now is write a script that injects data into Recall to make it look like you're working, lol. The arms race is on, Lazy bastards unite! We can spoof this data.

You literally picked the only four videos I watched about Recall. Hilarious. I’ll never use recall because I’m on Linux but it’s juicy drama

I would like to see changes to virtual desktop clients so they refuse to start if recall is turned on. Potentially logging company owned data on a non-corporate owned device is just a leak waiting to happen. If you want to work from home, you have to disable recall first.

i wonder, who in this entire world with 8 billion people thought this feature is good?

The Most sophisticated spyware I've ever seen.

I remember, years ago fantasizing about being able to capture screen shots and keylogs with time stamps. Never knew Microsoft was already on it 😀

I'm sure this is obvious to everybody here, but Recall was developed for Mid to Large corporation to track employees. this does not belong on the modern desktop. Recall is some CEO's dream. This should only be available to large companies with intranets and no real access to the web for employees.

"She Chose The Wrong T-Shirt" thanks John!

I would have loved this as a productivity tool if it only managed screenshots I manually took.

I switched to linux just a few days ago.

Windows Recall is absolutely still a security nightmare and it still affects you even if you don't use Windows. Be careful what you share and who you share it with now.

Thanks for that John. Interesting to know 😊

Ram Eating haCker Assistant LoL

Any version of Recall is a security issue. Such a feature will always be exploited by bad actors.

I remember when I went back to school online to study Medical Administration and I was required to study a tremendous number of problematic medical conditions, which no one could have easily discerned from a search history between personal searches and those for school. Then meeting people online with various issues I had to familiarize myself with repeated the entire experience where the subsequent search results became weighted and distorted, accordingly.

Yay, Mutahar collaboration with John will be fun

Could this be why Bitlocker is being pushed for Win11?

Assuming that this will restart itself after any updates like everything else MS does, I would first turn on Recall and then turn it off immediately, just to create the files it uses. Then I keep those files as my standard and every five minutes I would run a scheduled task that replaces that appdata directory with my template files. That way recall won't fail, just has useless data all the time. Maybe deleting files every five minutes would work, but that might make recall blow up in an unexpected way. There are all sorts of triggers and comparisons I could put in the scheduled tasks to see if Recall got turned back on and force that to be turned off by Registry or whatever.

Microsoft already opened a Pandora box. Even if Recall is dropped altogether, hackers now know it's possible to write this kind of application, and there will be copycats. Maybe part of a rootkit.

I have not even watched the full video but im glad there is a shoutout to Fireship! Thanks for that John!

I was just wondering how Microsoft came to the conclusion that users wanted this tool?

you just demonstrated the whole point at the very beginning, where the screenshot shows "she chose the wrong T-shirt"

i cant imagine why i would want this as a user.

For the record, you *can* package that python script into an .exe relatively easily so it can run without the interpreter installed.

Let's be fair and boil it down to this: Recall is literally malware (trojan/spyware), except it's made by Microsoft, so they get to call it "a feature". Then again, with the amount of telemetry Windows has, the OS itself is probably spyware and comes with a rootkit. Ohwait, I'm sorry, I meant "features".

It's a perfect feature for employers to look how their employees perform :| ... in one word = concerning

As far as I can recall, you didn't make a video about this.

someone needs to compare time machine to this, it definitely doesn't take screenshots, but would be interesting to compare

I recall windows being a nightmare a long time ago, still happily using linux

Moving to Linux when Windows 10 EOL 🗣️📢🔥

I have that too, it's called Print Screen.

see if you can use a veracrypt container to move that folder to it and making a junction. on boot i guess you'd have to delay the recall startup until the container is mounted. doable?

This is like pegasus, but you’re actually aware it’s on your pc

So this is simply in a folder that you share with Microsoft via One-drive... ?!

Just when am done with an insight, another one 🙌❤💯🙏.

The problem is that their way of implementing Recall is 'security last'. Security for the sake of not getting grilled too much on Twitter and KZfaq. It's just pathetic, a good time to consider switching to another OS for serious tasks.

Great video! Thank you. I'll have to check out more on recall.

THEY EVEN DID NOT TRY TO OBFUSCATE IMAGES WTFFFF? ARE THEY PROGRAMMERS WORK FOR 200K IN YEAR?????

Nadella about prioritization: "Security first!" LOL

🎶 For the memory of a lifetime… recall, recall, recall 🎶

Windows Recall.. Gets Recalled.

Man you are the best security research explainer on KZfaq💚💚

I stand by that I work with too many elderly tech illiterate people who get scammed daily to think this is a remotely good idea. Even if they require a password to access recall, these people will just type it in for them!!!!

Crazy thing is that LG TVs do a similar thing but instead of it being a feature that can benefit the user, they send screenshots of whatever is displayed to the cloud and do marketing analysis. So if you use an LG TV for sensitive things make sure it's opted out or even better, completely offline. How is that even legal? It's on by default. I can imagine that being the next step for Microsoft, they must be drooling over the idea.

"I don't recall searching for music and found this video..." 2:24

This brings back memories of the security disasters that were "active desktop" and "Every Windows 2000 server gets IIS installed and enabled by default"

What kind of resource utilization is seen by this? I'm asking because if you hash or generally encrypt the data that is captured and put into the database with something that takes a long time to parse unless you have a secret key or something it could greatly diminish the value the data has to threat actors. I'm happy with what has happened so far but, being a bit naive still from a security standpoint, I'm curious if there is anything more that could be done. I was actually considering switching to linux or back to windows 10, even though I run x86, just because I saw how serious a privacy and security risk it was as soon as I heard about it and feared it'd be released on my platform whether I liked it or not. The main reason I haven't switched is because most of the things I use my computer for have either only been developed for windows or simply run better or have a less convoluted setup on windows (admittedly most of this is games with KL-AC or similar such as destiny 2).

someone needs to make a meme of an A.I. bot surfing john's hair wave, cause that is a good looking swell right there

Utterly insane. I can't believe someone thought it was a good idea.

If there was a need for this, if people wanted a feature like this, people/ companies would have already made software for it. IMO I don’t believe the whole “it’s an opt-in feature”. “You can choose who sees what”. To me it looks like baby steps to more and more access and control over your computer.

The only thing they got right was the name “Recall” because that’s what they will need to do, once lawyers get involved.

Bet that after a few months of Recall being added to Windows and people using it, Microsoft are going to make it impossible to disable on Home and S editions and then have the toggle only on Pro and Enterprise Editions

I recall this being a security nightmare.

I will by honest my concern is and always will be where this intersects corporate security because you see it all the time, all it takes is a single sloppy employee and boom the users pay the price and I am a bit sick of paying, in too many cases a monthly subscription, to be on the losing end of that fight between two parties I have zero control over.

Definitely a red flag the supreme court needs to get involved in this because if Recall steals debit/credit card information and social security Microsoft is facing massive class action lawsuits.

I have a thesis about the origin of recall :) One day, the developers were sitting in a meeting and talking about how to better monitor the user. One of them said: We could take a screenshot every 5 seconds and send it to our servers! Bill heard that and said: Uhh, that's good, but if it gets out, we're screwed. They scrapped the plan and just implemented it for the users. :) That could be how recall came about. :D Thanks for the video!

We are not the target when we talk about privacy issues, it's grandma who has this turned on, because she things it helps her memory. Normies don't understand what they do to themselves. Recall needs to be ripped out of the OS, or not, we need to push Linux further, that's the way to go.