When Microsoft tried to launch Recall, an AI-powered Windows feature that screenshots most of what you do on your PC, it was labeled a “disaster” for cybersecurity and a “privacy nightmare.” After the backlash and a year-long delay to redesign and secure Recall, it’s once again facing security and privacy concerns. Cybersecurity expert Alexander Hagenah […]
Recall is one of the reasons I switched to Linux. It’s been fine. (Pop!_os). Plays all the video games I care to, runs a web browser.
The database is stored encrypted on disk, but the userspace program that authenticates to access it allows any running program to hook into it, and once the user authenticates, any ride-along program has full access forever.
Don’t even need a local priv escalation, just need to be able to run code as the user, and you can exfiltrate everything. Microslop have closed this as ‘not a bug, intended behaviour’.
Only safe solution appears to be disabling Recall entirely. Which I’ve done by installing Arch btw.
