PSA, it looks like KB5037850 was taken out of rotation in Windows Updates... so trying to recreate an Azure ARM64 VM to bring Windows 11 24H2 26100.560 up to 26100.712 likely won't come through. I'm not sure why this was removed, perhaps Microsoft not wanting folks to play with it any more 😂 twitter.com/_JohnHammond/status/1799350383506313671

MOM IM ON TV

People are applauding that Recall is off by default??? What the hell??? How about NOT INSTALLING that misfeature that nobody but the NSA wanted, thank you very much?

“Thank you, thank you, thank you Microsoft.” -hackers, government, cops, FBI, CCP, Google, Apple, Facebook, kidnappers, etc.

Recall is a classic example of just because you could, doesn't mean you should.

Windows Recall is (still) a Security Nightmare

But dude, this tool is so useful! When you get hacked, not only can a hacker access everything on your computer, but see everything you've done in the past!

Use AI to extract text from an image but still can't copy a windows error popup to find what the error code is.. priorities guys come on

Still is. That garbage should have never made it into the OS.

Time for another antitrust case… Microsoft has no right to put malware companies out of business by bundling it with windows 😂

"She Chose The Wrong T-Shirt" ... yep you really demonstrated it John

Crazy how microsoft added its own post exploitation screenlogging module into its OS so I don't have to write my own anymore 💀💀💀

This feature needs to have a giant hack reported in the news before Microsoft gives a crap.

As a Linux user, some distros are trying to implement AI. Please for the love of god learn from Windows failure and never clone that company's decision

So, in order to do corporate espionage all you need to do is place your man as system admin in an organisation and run a search. Like, what sort of toxic glue has Microsoft been eating on their pizza sauce?

Just gonna point out password managers are now going to get compromised due to Microshaft.

The people who support this feature have the same level of brain-rot to support kernel-level anticheat.

Even turned off i do not want this feature in my windows installation. I'll be switching to linux.

If there was a government crackdown on one certain thing they could say “let us see your computer” and go through recall to see if you participated in said “problem” its so authoritarian for absolutely no reason

Windows is now assumed malicious.

Bill Gates be looking at everyone's homework folder soon

201* keylogger is a malware 2024 keylogger is a windows feature

I don't want to be able to turn this feature off. I don't want this feature even shipped on the Windows install. If it's not possible to remove completely I'm jumping ship 🤓

"She Chose The Wrong T-Shirt" She surely did

Or, my fave. All those screenshots of what you were doing constitute gigabytes upon gigabytes of data, which, if sent up the pipe in their native form, would be an unmistakable and unsustainable traffic flow. But now we have Recall, and advertisers, Microsoft and the government can now just access Recall through a back door! Recall can do all the heavy lifting there locally, using the user's very own hardware! "Hey, Recall, does John have any music that he might not have paid for?" "Hey, Recall, does John have any photos or video that your algorithm might classify as 'prurient'?" "Hey, Recall, did John have any double-plus-ungood communication with any unpeople today?" and instead of wads of screenshots, now "Recall API, the Undisclosed Back Door" can now offer a brief, concise opinion of whether John needs to be considered for a nice knock at his door by the Feds or the local gendarmes.

Literal spyware OS, should be banned from sale.

Oh so recall will BE there, ready to use but not enabled. Here's what's wrong with that and it should be obvious. OPT-IN should be "I install it and run it" not "it's all there waiting to be used but you don't have to use it." Imagine a "self repo feature" in your car or truck that you paid for in cash. My car or truck NEVER needs to be repossessed because it's 100% mine and always has been. I don't want that feature but it's BUILT IN and you can't tell them to REMOVE IT. We live in a world where mistakes are common and normal. I don't need to go any deeper than that. Someone orders a self-repossession on a car or truck and get some entry data wrong and BOOM, my car or truck is no longer in my possession or under my control. Forget about all of the other "But, but, but" anti-commentary, my rights have been violated and I have been harmed because of something that never ever needed to be there in the first place. "I'm sorry your car or life has been damaged... it was just a mistake." A mistake happens when you didn't reasonably know that it could happen. If you REASONABLY KNOW it COULD happen, it's no longer simply an honest mistake -- it is placing people at RISK with intention of private benefit. This is EXACTLY what Microsoft's recall is. This is EXACTLY what Adobe's terms of service is.

They requiring auth is better than nothing but this features means that every windows install in the feature is now 1 or 2 bugs away of being a keylogger for every windows user. And no matter how good I think MS developers are, everyone makes mistakes and with a single zero-day attack someone can potentially silently enable this and collect everything. No need to write a hidden logger. Even though the added security is better than the previous, it's still a nightmare.

So basically a keylogger that takes snapshots

Recalling recall sounds like the best option. If they care about security, they would be reducing the attack surface, not broadening it 🤦🏻‍♂️

Large corporations own the government, so they are the government. This is big brother.

The fact that it's a sqllite database really hints at the fact 1. they are prepared for your recall information to be easily sent to serverside databases If it was meant to be local just why use a database and not just store it in a encrypted file. 2. They didn't really put to much effort into the actual development of recall since anyone with a few years of backend experience can probably setup sql database hook up a ocr make a function call to the windows screenshot api so the only hard part would be creating the ui. Yet they pretend it's this revolutionary technology to mask the obvious spyware.

Haven't used Windows for the past 8 years😅. Stay away from Microsoft folks, run.

Who in their right mind gave Recall the Green light for development given the obvious privacy and security issues of the entire concept.

Microsoft will always "Recall" this moment.

Remember everything is open source if you reverse engineer it

*IS Malware will simply enable the recall feature so they don’t need to code an AI keylogger/screen grabber themselves. I know that’s what I’d be doing at least if I was a malware dev.

M$ keeps adding BS to their OS...

it makes me uncomfortable that windows will ship with all of the DLLs there to do extremely advanced infosec allowing a hacker to ship an extremely small payload and potentially utilize those functions to do some of these features without the encryption features and the UI

theres no way. When you opened the image folder i thought "surely you cant just rename the file" and then you did just that. amazing.

You literally picked the only four videos I watched about Recall. Hilarious. I’ll never use recall because I’m on Linux but it’s juicy drama

NSA, CIA, FBI are pissed that their wish to have this developed and “sold to” the world as good, has fallen on its face, and SO OBVIOUS

thats crazy. New malware doesnt need to bring its own info stealer, we have recall for that now. Which will not be detected by Antivirus, because its from microsoft itself.

I'm still reluctant to have this available for company computers but that's just me 😅

i wonder, who in this entire world with 8 billion people thought this feature is good?

Let's cut through the B.S. Post covid, many people are now working from home. Employers want tools to monitor their staff remotely. That's who this is for. It's not so Microsoft can spy on you, it's so your boss can, and that keeps your company firmly on the Windows ecosystem. This feature will be enabled by your organization and will not be something you can opt-out of or disable without admin credentials. But the end users would flip their shit if Microsoft said that, so they're trying to dress it up as a productivity feature for the user. They want you to think it will make your life easier so you accept it. Querying a SQL database across a network is trivial, and unlike most collected telemetry data, there won't be specific IP addresses and domains you can just block to prevent it being sent. It's going to be locked down to your specific organization. So what you need to do now is write a script that injects data into Recall to make it look like you're working, lol. The arms race is on, Lazy bastards unite! We can spoof this data.

I'm sure this is obvious to everybody here, but Recall was developed for Mid to Large corporation to track employees. this does not belong on the modern desktop. Recall is some CEO's dream. This should only be available to large companies with intranets and no real access to the web for employees.

I would like to see changes to virtual desktop clients so they refuse to start if recall is turned on. Potentially logging company owned data on a non-corporate owned device is just a leak waiting to happen. If you want to work from home, you have to disable recall first.

The Most sophisticated spyware I've ever seen.

I remember, years ago fantasizing about being able to capture screen shots and keylogs with time stamps. Never knew Microsoft was already on it 😀

Thanks for that John. Interesting to know 😊

"She Chose The Wrong T-Shirt" thanks John!

I have not even watched the full video but im glad there is a shoutout to Fireship! Thanks for that John!

I would have loved this as a productivity tool if it only managed screenshots I manually took.

I remember when I went back to school online to study Medical Administration and I was required to study a tremendous number of problematic medical conditions, which no one could have easily discerned from a search history between personal searches and those for school. Then meeting people online with various issues I had to familiarize myself with repeated the entire experience where the subsequent search results became weighted and distorted, accordingly.

Ram Eating haCker Assistant LoL

Great video! Thank you. I'll have to check out more on recall.

Man you are the best security research explainer on KZbin💚💚

you just demonstrated the whole point at the very beginning, where the screenshot shows "she chose the wrong T-shirt"

Just when am done with an insight, another one 🙌❤💯🙏.

someone needs to compare time machine to this, it definitely doesn't take screenshots, but would be interesting to compare

see if you can use a veracrypt container to move that folder to it and making a junction. on boot i guess you'd have to delay the recall startup until the container is mounted. doable?

Yay, Mutahar collaboration with John will be fun

As far as I can recall, you didn't make a video about this.

This is like pegasus, but you’re actually aware it’s on your pc

I have that too, it's called Print Screen.

I switched to linux just a few days ago.

This brings back memories of the security disasters that were "active desktop" and "Every Windows 2000 server gets IIS installed and enabled by default"

Windows Recall is absolutely still a security nightmare and it still affects you even if you don't use Windows. Be careful what you share and who you share it with now.

someone needs to make a meme of an A.I. bot surfing john's hair wave, cause that is a good looking swell right there

Could this be why Bitlocker is being pushed for Win11?

Any version of Recall is a security issue. Such a feature will always be exploited by bad actors.

Assuming that this will restart itself after any updates like everything else MS does, I would first turn on Recall and then turn it off immediately, just to create the files it uses. Then I keep those files as my standard and every five minutes I would run a scheduled task that replaces that appdata directory with my template files. That way recall won't fail, just has useless data all the time. Maybe deleting files every five minutes would work, but that might make recall blow up in an unexpected way. There are all sorts of triggers and comparisons I could put in the scheduled tasks to see if Recall got turned back on and force that to be turned off by Registry or whatever.

I have a thesis about the origin of recall :) One day, the developers were sitting in a meeting and talking about how to better monitor the user. One of them said: We could take a screenshot every 5 seconds and send it to our servers! Bill heard that and said: Uhh, that's good, but if it gets out, we're screwed. They scrapped the plan and just implemented it for the users. :) That could be how recall came about. :D Thanks for the video!

"I don't recall searching for music and found this video..." 2:24

How much does this compliment video cost? How many times Microsoft turned on metadata collection by OS updates even if they were turned off? Innumerable

For the record, you *can* package that python script into an .exe relatively easily so it can run without the interpreter installed.

🎶 For the memory of a lifetime… recall, recall, recall 🎶

i cant imagine why i would want this as a user.

Nadella about prioritization: "Security first!" LOL

What kind of resource utilization is seen by this? I'm asking because if you hash or generally encrypt the data that is captured and put into the database with something that takes a long time to parse unless you have a secret key or something it could greatly diminish the value the data has to threat actors. I'm happy with what has happened so far but, being a bit naive still from a security standpoint, I'm curious if there is anything more that could be done. I was actually considering switching to linux or back to windows 10, even though I run x86, just because I saw how serious a privacy and security risk it was as soon as I heard about it and feared it'd be released on my platform whether I liked it or not. The main reason I haven't switched is because most of the things I use my computer for have either only been developed for windows or simply run better or have a less convoluted setup on windows (admittedly most of this is games with KL-AC or similar such as destiny 2).

It's a perfect feature for employers to look how their employees perform :| ... in one word = concerning

I recall windows being a nightmare a long time ago, still happily using linux

I recall this being a security nightmare.

Might move to linux after win10 dies, which Linux version should I use that is user friendly and compatible with AMD/Ryzen stuff?

I will by honest my concern is and always will be where this intersects corporate security because you see it all the time, all it takes is a single sloppy employee and boom the users pay the price and I am a bit sick of paying, in too many cases a monthly subscription, to be on the losing end of that fight between two parties I have zero control over.

If recall is uploading screenshots it has a service doing that so why not stop that service or block the IP address that it connects to?

I was just wondering how Microsoft came to the conclusion that users wanted this tool?

If there was a need for this, if people wanted a feature like this, people/ companies would have already made software for it. IMO I don’t believe the whole “it’s an opt-in feature”. “You can choose who sees what”. To me it looks like baby steps to more and more access and control over your computer.

Moving to Linux when Windows 10 EOL 🗣️📢🔥

So. Everything else aside, let's assume that those coordinates are clicks or even window layouts on a screen over time. Super useful information for malware hackers. Pop UNC, move to that person's common coordinates based on analysis. Bang job done.

Microsoft already opened a Pandora box. Even if Recall is dropped altogether, hackers now know it's possible to write this kind of application, and there will be copycats. Maybe part of a rootkit.

What was Microsoft thinking! John, thanks as always for flagging this and showcasing from both sides of the coin / fench.

Aren't software that save keystrokes or images of your screen usually considered as malware?

This is a great example of why you should never introduce an attack vector unless it's really worth it and you make sure it's very, very secure.

So this is simply in a folder that you share with Microsoft via One-drive... ?!

Idk why the files are not lock behind encryption. Like how hard is it to make what it already is, a executable with encryption added in? This would at least prevent anyone from just being able to open the files and easily view it.

Oh my god, does that mean, my search history is also recorded?

I wonder if you can just bring the dbs and imagestore on to your own computer and just view them with Recall, itself. Like, open up someone else's Recall session.

I just installed LINUX this past weekend. GOODBYE Microsoft.