Our editorial team is comprised of skilled technology experts and developers. To ensure that our research is easy to understand in simple and plain English, we may use AI-assisted tools for grammatical refinement and structural smoothness. However, every technical insight, test, and experience displayed has been fully completed and verified by our human team. All content remains the original property of Droid Expose. See more in our Privacy Policy.
Microsoft is once again facing questions over the safety of its “Recall” feature, a controversial Windows 11 tool designed to take constant screenshots of a user’s computer activity. Despite a year of redesigns and a focus on encryption, cybersecurity experts are warning that the feature may still be vulnerable to sophisticated data theft.
According to a report by The Verge, researcher Alexander Hagenah has developed a tool called “TotalRecall Reloaded” that demonstrates a potential flaw in how Microsoft protects this sensitive data.
Table of Contents
The Return of Recall
The Recall feature was originally delayed in 2024 after critics labeled it a “privacy nightmare” because it stored snapshots of everything a user did—including emails, passwords, and bank details—in plain text.
To fix this, Microsoft introduced a secure vault system. The new version requires users to authenticate their identity using Windows Hello (facial recognition or fingerprints) before any data can be accessed, confirmed by the Microsoft. The company claims this system prevents malware from riding along with a user to steal information.
The New Security Concern
However, Hagenah’s research suggests that while the storage “vault” is secure, the way the data is delivered to the user is not. His “TotalRecall Reloaded” tool can reportedly run silently in the background of a PC. When a user voluntarily unlocks their computer using Windows Hello, the tool “hitchhikes” on that session to extract the decrypted data.
The vault is real, but the trust boundary ends too early, Hagenah told reporters. He claims the tool can force a user to authenticate and then capture everything Recall has ever recorded without needing administrator privileges.
Microsoft’s Response
Microsoft has officially denied that this represents a security breach. David Weston, Microsoft’s Vice President of Security, stated that the patterns shown by the researcher are consistent with how the system is intended to work. The system includes timeouts and anti-hammering protections that limit how much data a malicious query could actually take.
For now, the Recall feature remains optional. Windows 11 users must specifically “opt-in” to use it, and Microsoft emphasizes that users can turn it off or delete their history at any time if they are concerned about their privacy.