1
00:00:00,160 --> 00:00:08,160
This time last year, Microsoft rushed Windows recall into public testing,

2
00:00:04,880 --> 00:00:11,440
allowing AI PCs, whatever those are, to

3
00:00:08,160 --> 00:00:14,000
record, catalog, and even revisit all

4
00:00:11,440 --> 00:00:17,840
user interactions. You know, in case you forgot how to open up your browser

5
00:00:15,440 --> 00:00:22,960
history or scroll up in a chat window. And to say that that rollout went poorly

6
00:00:20,400 --> 00:00:26,320
would be a gross understatement. I really don't know what they were

7
00:00:23,920 --> 00:00:32,719
expecting, though. I mean, days prior, CEO Satin Nadella called for Microsoft

8
00:00:28,720 --> 00:00:34,960
to prioritize security above all else.

9
00:00:32,719 --> 00:00:39,040
And then they immediately start pushing this app that not only records

10
00:00:37,280 --> 00:00:44,800
everything that appears on the screen of your computer, but also utilizes the AI

11
00:00:42,399 --> 00:00:50,000
capabilities of said computer to turn everything it sees into an easily

12
00:00:46,879 --> 00:00:52,079
searchable database. Now, Microsoft

13
00:00:50,000 --> 00:00:56,879
claim was that all of that's fine and that recall is totally secure.

14
00:00:54,399 --> 00:01:00,000
Unfortunately, that held up for about as long as it took for someone to download

15
00:00:58,320 --> 00:01:04,239
the preview and then track down the folder that it was writing to, at which

16
00:01:02,079 --> 00:01:10,560
point the entire internet lost its collective mind over how absolutely not

17
00:01:07,520 --> 00:01:13,119
secure it actually was. Now, it was

18
00:01:10,560 --> 00:01:17,119
about that time that we wrote this video, tearing the whole thing apart.

19
00:01:15,119 --> 00:01:20,880
But then, as we were set to film it, Microsoft announced that they would

20
00:01:18,560 --> 00:01:26,799
postpone recall in response to the community's concerns. And here we are a

21
00:01:23,520 --> 00:01:28,560
year later and recall's back, baby. But

22
00:01:26,799 --> 00:01:33,119
have all the problems really been addressed? I mean, was it even that bad

23
00:01:30,799 --> 00:01:39,119
before it got delayed? Am I ever going to segue to our sponsor, Delete Me? Add

24
00:01:36,240 --> 00:01:43,439
another layer to your digital privacy cake with Delete Me's data removal

25
00:01:41,360 --> 00:01:50,960
services. Learn how they can help keep your information secure at

26
00:01:45,960 --> 00:01:50,960
jointdeme.com/ltt20 and get 20% off to

27
00:01:57,799 --> 00:02:06,520
boot. Before we go any further, what is recall again? And what was everyone so

28
00:02:02,799 --> 00:02:09,599
upset about last time? I can't seem to

29
00:02:06,520 --> 00:02:11,360
recall records everything that appears

30
00:02:09,599 --> 00:02:16,239
on the screen of your computer. Oh, that's it. Windows Recall takes

31
00:02:13,760 --> 00:02:20,400
screenshots, they call them snapshots, of whatever it is that you're doing on

32
00:02:17,680 --> 00:02:24,800
your PC every few seconds and then feeds them through AI assisted optical text

33
00:02:22,400 --> 00:02:30,400
recognition and image analysis, then stores it all in a local database for

34
00:02:27,040 --> 00:02:32,160
your convenience. And they only need 10%

35
00:02:30,400 --> 00:02:36,560
of your hard drive space to do it. Outstanding. The idea then is that you

36
00:02:34,560 --> 00:02:39,920
can fire up recall and ask it things like, "Hey, what was that Korean

37
00:02:38,640 --> 00:02:43,920
restaurant that Alice mentioned the other day?" And then without you needing

38
00:02:41,760 --> 00:02:48,640
to remember whether it was an email, a team's message, or a random calendar

39
00:02:46,080 --> 00:02:52,959
invite, Recall will crap out a snapshot that has the result for you. You can

40
00:02:50,480 --> 00:02:57,360
even copy and paste text and images from within those saved snapshots to easily

41
00:02:55,200 --> 00:03:03,680
search or share them, which I have to admit does sound kind of nifty. And

42
00:03:00,800 --> 00:03:07,840
supposedly it is a lot more secure now. But I am not going to take Microsoft's

43
00:03:05,920 --> 00:03:14,239
word for it. Not when I can compare them both side by side. You see, this machine

44
00:03:11,599 --> 00:03:18,080
is running new recall. You don't need anything super special to use it, just a

45
00:03:16,000 --> 00:03:21,920
co-pilot plus ready PC that meets the secured core standard. Also, a couple of

46
00:03:20,319 --> 00:03:26,800
other things that any such machine would likely have. But that wasn't always the

47
00:03:24,239 --> 00:03:31,680
case. See, the original Windows recall was only officially available on laptops

48
00:03:29,200 --> 00:03:37,040
with Snapdragon X Elite and X Plus processors, which unfortunately we

49
00:03:34,159 --> 00:03:40,720
didn't have access to at the time. But thanks to a legend by the name of

50
00:03:38,720 --> 00:03:46,239
Albaore, we were able to get it up and running on this old HP Elite Folio,

51
00:03:43,440 --> 00:03:51,519
which conveniently has been powered down with its radios off going I can't hear

52
00:03:49,280 --> 00:03:57,680
you Windows update since before Microsoft delayed the launch, allowing

53
00:03:53,519 --> 00:03:59,680
us to compare old recall to new recall.

54
00:03:57,680 --> 00:04:05,280
Let's see exactly what's different. Well, for starters, recall is now hopped

55
00:04:02,400 --> 00:04:11,200
in instead of being on by default. That is a very big improvement. But with that

56
00:04:08,799 --> 00:04:14,879
said, Microsoft has a long, proud history of using dark patterns to trick

57
00:04:13,519 --> 00:04:18,400
you into changing default system settings or even just changing them on

58
00:04:16,799 --> 00:04:23,280
their own. So, I'm going to believe that this is permanent when I see it. Uh,

59
00:04:20,639 --> 00:04:28,400
what else has changed? Well, Microsoft now says that recall is secure with the

60
00:04:25,600 --> 00:04:32,560
data encrypted, protected by Bit Locker, and requiring Windows Hello

61
00:04:30,759 --> 00:04:35,759
authentication. Of course, they said it was secure a year ago, too, though. So,

62
00:04:34,560 --> 00:04:41,440
uh, let's make our way through this helpful FAQ from 2024 and compare what

63
00:04:38,960 --> 00:04:45,919
they said then and how it behaves on both of our machines. Let's see here.

64
00:04:43,520 --> 00:04:51,199
Recall snapshots are kept on the local hard disk. Okay, that was true before.

65
00:04:49,040 --> 00:04:57,040
In fact, they're right here in this core AI platform folder under the user's

66
00:04:53,440 --> 00:04:59,919
local app data. And okay, uh, yep, that

67
00:04:57,040 --> 00:05:05,680
looks like it's still true. How about data is protected using disk encryption

68
00:05:02,400 --> 00:05:09,280
and Bit Locker? Well, that was at least

69
00:05:05,680 --> 00:05:12,240
partly true back in 2024, but was also

70
00:05:09,280 --> 00:05:17,120
pretty misleading. See, Bit Locker would protect your data, including your recall

71
00:05:14,320 --> 00:05:20,800
snapshots if somebody stole your device. But if you were logged in and you just

72
00:05:18,880 --> 00:05:25,440
stepped away for a moment, then those snapshots would be protected only by

73
00:05:23,039 --> 00:05:30,680
Windows permissions. And I don't know this for sure, but I think most elite

74
00:05:28,320 --> 00:05:35,520
hack source are pretty good at clicking continue. All right, let's see what else

75
00:05:33,039 --> 00:05:39,840
we got here. Uh, we've got show file extensions on, by the way. So, I'm going

76
00:05:37,600 --> 00:05:44,880
to go out on a limb and guess that this DB file here is the database. And if we

77
00:05:42,720 --> 00:05:48,720
look at the file header in a hex editor, it looks like it's just a SQLite

78
00:05:46,960 --> 00:05:51,400
database. So, we can use any of the dozens of free tools out there to

79
00:05:50,080 --> 00:05:56,280
interact with that. And there it is. Look at all Look at all

80
00:05:54,960 --> 00:06:02,000
that plain text. Oh my god. I read about this back

81
00:06:00,080 --> 00:06:08,400
then, but I didn't actually look at it for myself. It's just plain text. Yeah,

82
00:06:05,440 --> 00:06:12,560
that's wild. And if I stretch my detective skills just a little bit

83
00:06:10,240 --> 00:06:19,120
further, I would guess that that image store folder is full of

84
00:06:15,479 --> 00:06:22,720
images. Oh, no. They're not images.

85
00:06:19,120 --> 00:06:25,560
They're unknown files. I can't surely do

86
00:06:22,720 --> 00:06:28,960
anything about this. Open with hex

87
00:06:30,039 --> 00:06:37,680
editor. And would you look at that? JF,

88
00:06:33,840 --> 00:06:37,680
which means Oh my

89
00:06:38,759 --> 00:06:44,919
god. Boop. Watch this. I accidentally

90
00:06:41,840 --> 00:06:48,160
figured this out. If I click and

91
00:06:44,919 --> 00:06:49,880
drag, it previews it. Now all I need to

92
00:06:48,160 --> 00:06:57,440
do is open it. And wow, I hacked

93
00:06:53,639 --> 00:06:59,440
it. Oh man, that's a yikes. So that's

94
00:06:57,440 --> 00:07:06,560
it. That's what Jordan was doing on his computer at some time. All the metadata

95
00:07:02,479 --> 00:07:08,880
is just in there. Okay. Time stamp 2023

96
00:07:06,560 --> 00:07:13,599
uh December 4th because this computer is set to 2024. So that's Yeah, that

97
00:07:11,599 --> 00:07:20,000
probably is when we were looking at it. Pathetic. Let's look at the new one.

98
00:07:16,160 --> 00:07:22,240
this database file right there. AES

99
00:07:20,000 --> 00:07:28,000
encrypted. Also, where we had plain text before, now we have not so plain text.

100
00:07:25,680 --> 00:07:31,759
Scrambledy scrambled. That's what we want to see. Okay. What about the image

101
00:07:29,840 --> 00:07:36,319
store folder though? It's empty. It's a different folder now. A sim store. Okay.

102
00:07:34,000 --> 00:07:39,639
All right. Cleverly hid them. Yeah. This probably a JPEG. Let's try the same

103
00:07:38,560 --> 00:07:44,520
trick. Okay. No thumbnail preview. And if we

104
00:07:43,280 --> 00:07:50,000
try to open it, no dice.

105
00:07:47,000 --> 00:07:52,319
Okay, everything seems to be actually

106
00:07:50,000 --> 00:07:56,400
encrypted this time. So, I got to give Microsoft a point on our scoreboard for

107
00:07:54,720 --> 00:08:00,800
fixing that. But then I've also got to take a point away for lying about it in

108
00:07:58,479 --> 00:08:06,319
the first place. So then, okay, old recall minus one point, new recall zero

109
00:08:04,879 --> 00:08:11,360
points. Let's have a look at our next claim here. Microsoft won't view your

110
00:08:08,879 --> 00:08:14,720
recall data or make it available for targeted

111
00:08:12,680 --> 00:08:19,360
advertisements. Skeptic of me wants to add yet to the end of that statement,

112
00:08:17,280 --> 00:08:22,960
but I would say that it was probably true when they were first testing and is

113
00:08:21,360 --> 00:08:26,960
probably still true at the time we're filming this. Though once again, I feel

114
00:08:25,120 --> 00:08:31,759
it's a matter of time before they quietly change this and then hope that

115
00:08:29,360 --> 00:08:36,880
no one will notice. As for this next one, this is where things get

116
00:08:33,399 --> 00:08:38,640
objectively really bad. Snapshots are

117
00:08:36,880 --> 00:08:42,719
only available to the person whose profile was used to sign into the

118
00:08:40,560 --> 00:08:47,760
device. If two people share a device, they will not be able to access each

119
00:08:44,640 --> 00:08:50,880
other's snapshots. Okay, when we tested

120
00:08:47,760 --> 00:08:53,360
this back in 2024, that was a straightup

121
00:08:50,880 --> 00:08:58,000
lie and potentially a really dangerous one. By simply creating an administrator

122
00:08:56,000 --> 00:09:02,160
account on the same machine, I could easily navigate to any other user's app

123
00:09:00,080 --> 00:09:07,680
data folder and then check out anything that they had ever done on the computer.

124
00:09:05,200 --> 00:09:12,959
Now, I hate to even have to bring up such horrible scenarios, but guys,

125
00:09:10,000 --> 00:09:17,600
imagine this in the case of a journalist in an oppressive regime whose device was

126
00:09:15,120 --> 00:09:22,480
seized by force or for a victim of domestic abuse who was trying to find

127
00:09:19,600 --> 00:09:27,040
help online. As recall was implemented in 2024, a bad actor could have seen

128
00:09:25,360 --> 00:09:31,800
everything their victim had done on the computer, and that was enabled by

129
00:09:29,440 --> 00:09:38,160
default. Fortunately, that seems to have changed

130
00:09:34,720 --> 00:09:39,519
now. Okay, stop recording OBS. You'll

131
00:09:38,160 --> 00:09:46,240
have to take my word for it. I'm signing out. I'm signing in as other user. Core

132
00:09:42,160 --> 00:09:51,519
AI platform UKP continue. Okay, so all

133
00:09:46,240 --> 00:09:51,519
this still works. But because it's all

134
00:09:51,720 --> 00:09:57,360
encrypted, we can't view it. So, with

135
00:09:55,200 --> 00:10:01,920
the shift to optin, the addition of Windows Hello authentication, and things

136
00:09:59,680 --> 00:10:06,080
seemingly actually being encrypted this time, it is a little less horrifying.

137
00:10:04,560 --> 00:10:11,200
But I still don't think Microsoft has gone far enough to educate users on the

138
00:10:08,080 --> 00:10:13,680
dangers of this feature. See, people do

139
00:10:11,200 --> 00:10:17,839
still share accounts in 2025, and I guarantee you that most of your normie

140
00:10:15,920 --> 00:10:23,519
friends are not going to pay attention to all the little icons that are down in

141
00:10:20,240 --> 00:10:25,519
their system tray. So saying, "Oh yeah,

142
00:10:23,519 --> 00:10:31,040
that little blue squiggle, that means you're getting surveiled, that doesn't

143
00:10:27,680 --> 00:10:33,360
really cut it for me." Also, the old FAQ

144
00:10:31,040 --> 00:10:38,240
claimed that recall couldn't be accessed by other applications or services. But

145
00:10:36,399 --> 00:10:43,760
while it is possible that other Microsoft apps didn't access this stuff

146
00:10:40,640 --> 00:10:45,680
back in 24, within days of the preview

147
00:10:43,760 --> 00:10:51,200
launch, there were multiple tools that could extract recall data both locally

148
00:10:47,920 --> 00:10:53,920
and remotely. So that particular claim

149
00:10:51,200 --> 00:10:58,800
feels at the very least like a lie by omission. Take a look at Total Recall,

150
00:10:56,480 --> 00:11:03,519
for example. The media called this a hacker tool, but what it really is is a

151
00:11:01,440 --> 00:11:07,920
few dozen lines of Python that an AI assistant could probably crap out for

152
00:11:04,959 --> 00:11:11,839
you in about 30 seconds. Total Recall copied the images and the database

153
00:11:09,839 --> 00:11:15,200
folder, made a handy little report of all your window titles, and if you

154
00:11:13,760 --> 00:11:20,640
scrolled through it, led to the discovery of yet another lie from our

155
00:11:17,839 --> 00:11:25,519
pals at Microsoft. Microsoft claimed back then that recall didn't record

156
00:11:23,200 --> 00:11:29,120
incognito Windows in most common browsers, Edge, Firefox, Opera, and

157
00:11:27,839 --> 00:11:34,640
Google Chrome. plain as day. Here's a window title from

158
00:11:31,800 --> 00:11:39,440
farc.com, which we only visited in a brief incognito session. Anyway, back to

159
00:11:37,839 --> 00:11:42,880
other apps being blocked from recall data, at least on the new one, because

160
00:11:41,200 --> 00:11:49,279
they're encrypted. Something like Total Recall couldn't be just randomly created

161
00:11:45,440 --> 00:11:51,120
by a third party. But it's also clear

162
00:11:49,279 --> 00:11:55,680
that Microsoft isn't even pretending that their own apps can't access the

163
00:11:53,360 --> 00:12:00,800
data anymore. On our new machine, the new click to-do co-pilot feature

164
00:11:58,240 --> 00:12:07,519
requires recall to be enabled and is by all appearances a other app or service.

165
00:12:04,680 --> 00:12:12,200
So lie then and I guess it's gone from the FAQ now. So no longer a lie, but

166
00:12:10,639 --> 00:12:17,600
certainly a change. Anywh who, the 2025 flavor of

167
00:12:15,360 --> 00:12:21,360
recall adds a toggle that will filter sensitive information automatically,

168
00:12:19,360 --> 00:12:27,440
which seems to be enabled by default, which is something. But it relies on the

169
00:12:24,959 --> 00:12:31,760
AI recognizing that any information that you have on screen is sensitive. And I

170
00:12:30,240 --> 00:12:37,200
really don't know if I would trust this guy to determine if my on-screen data is

171
00:12:33,680 --> 00:12:39,760
sensitive or not. At least not yet. So,

172
00:12:37,200 --> 00:12:43,839
what's the bottom line here? Well, I got to give Microsoft some credit. They

173
00:12:42,160 --> 00:12:47,920
could have just powered forward and released recall in its primitive state,

174
00:12:45,680 --> 00:12:51,440
but instead they listened to the outrage of the tech community and are making

175
00:12:49,519 --> 00:12:57,200
what looks like a serious effort to address many of the issues with their

176
00:12:53,839 --> 00:12:59,760
original recall launch. But with that

177
00:12:57,200 --> 00:13:03,519
said, I still oppose the existence of this feature because of what it means

178
00:13:01,200 --> 00:13:08,639
for our collective privacy. Cuz here's the thing. Even if you don't turn on

179
00:13:06,079 --> 00:13:13,200
recall yourself, how do you know that everyone you're emailing or maybe

180
00:13:10,720 --> 00:13:18,560
messaging in Signal hasn't linked their PC that has recall turned on? Now,

181
00:13:15,920 --> 00:13:22,240
Signal has announced a new enabled by default setting to prevent screen

182
00:13:20,000 --> 00:13:26,320
capture of signal chats on Windows. But that doesn't cover you for any other

183
00:13:23,760 --> 00:13:31,680
chat, and it doesn't prevent someone from turning capture on in Signal if,

184
00:13:28,959 --> 00:13:36,800
say, Grandma likes to use recall to help her remember things. And I mean, yeah,

185
00:13:34,399 --> 00:13:40,399
that is pretty useful for her, but should baby pictures in a family

186
00:13:38,480 --> 00:13:44,800
WhatsApp really be slurped into a Microsoft managed database? And yeah, I

187
00:13:43,120 --> 00:13:49,279
know, I know, I know. It's stored locally and it's encrypted. But data is

188
00:13:47,360 --> 00:13:54,399
only local until it's been stolen and it's only encrypted until some quantum

189
00:13:51,440 --> 00:13:59,199
breaks that encryption. The very existence of recall makes Windows a

190
00:13:57,199 --> 00:14:03,920
less secure platform because in the very near future, all compatible Windows 11

191
00:14:02,160 --> 00:14:08,800
machines are going to have a built-in tool that gathers and catalogs an

192
00:14:06,800 --> 00:14:13,279
unprecedented wealth of information about Windows users and then stores it

193
00:14:11,040 --> 00:14:16,880
in a convenient place for attackers to target. So, if they're looking for some

194
00:14:15,279 --> 00:14:21,279
confidential information, the heavy lifting is done for them. What are we

195
00:14:19,760 --> 00:14:26,079
gonna have to do? Go back to writing letters? I mean, hey, at least we sell

196
00:14:23,440 --> 00:14:29,800
the Scribe Driver pen on ltstore.com. You can use that to write a letter,

197
00:14:28,079 --> 00:14:34,560
although then there's definitely a physical record of what you wrote. The

198
00:14:32,160 --> 00:14:39,279
point is, I think Andrew Cunningham said it best on ours Technica last year.

199
00:14:36,720 --> 00:14:44,800
Windows recall demands an extraordinary level of trust that Microsoft hasn't

200
00:14:42,040 --> 00:14:49,519
earned. What a great turn of phrase. And what a great opportunity to tell you

201
00:14:46,480 --> 00:14:51,519
about our sponsor, Delete Me. In a world

202
00:14:49,519 --> 00:14:55,120
where you need an email or phone number to sign in to just about everything,

203
00:14:53,519 --> 00:14:58,800
have you ever wondered who actually has access to your sensitive information?

204
00:14:56,959 --> 00:15:03,040
Delete Me is willing to bet that this list is longer than you might think or

205
00:15:00,880 --> 00:15:06,639
hope. And they're also here to help. Their data removal service will comb

206
00:15:04,800 --> 00:15:11,360
through an exhaustive list of data brokers who are looking to profit off

207
00:15:08,720 --> 00:15:15,519
your personal identifiers. Then they send regular removal requests on your

208
00:15:13,440 --> 00:15:19,440
behalf, providing you with quarterly reports of where your info may have been

209
00:15:17,680 --> 00:15:23,040
sitting around. And with their family plans, you and up to three other loved

210
00:15:21,279 --> 00:15:28,680
ones can receive their protection as well. So take the steps to keep your

211
00:15:25,120 --> 00:15:31,279
digital information secure. Visit

212
00:15:28,680 --> 00:15:35,519
jointdeme.com/ltt20 and use code ltt20 for 20% off their data removal plans

213
00:15:33,600 --> 00:15:42,240
today. If you guys enjoyed this video, maybe you'd like some mini rants about

214
00:15:37,839 --> 00:15:42,240
small problems that make tech big awful.