GitHub - xaitax/TotalRecall: This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.
github.com
This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots. - xaitax/TotalRecall

this rootless Python script rips Windows Recall’s screenshots and SQLite database of OCRed text and allows you to search them.

  • xavier666@lemm.eeEnglish
    881·
    26 days ago

    Please go through the FAQ section of the git project. It’s an eye-opener.

    Q. Does this enable mass data breaches of website?

    A. Yes. The next time you see a major data breach where customer data is clearly visible in the breach, you’re going to presume company who processes the data are at fault, right? But if people have used a Windows device with Recall to access the service/app/whatever, hackers can see everything and assemble data dumps without the company who runs the service even being aware. The data is already consistently structured in the Recall database for attackers. So prepare for AI powered super breaches. Currently credential marketplaces exist where you can buy stolen passwords — soon, you will be able to buy stolen customer data from insurance companies etc as the entire code to do this has been preinstalled and enabled on Windows by Microsoft.

    • exanime@lemmy.todayEnglish
      11·
      25 days ago

      It’s worst than that (as bad as this is)…

      Today getting some data on a user is bad as smart hackers can put together the context … However any guessing the hacker has to do may alert the user before the hacked data can successfully be exploited

      Now, a hacker would know exactly where each password goes and worse, they’d could learn the entire workflow of internal systems to successfully imitate a trained user…

      This means the hacker could use the stolen bank data and legitimately issue credit cards to anyone they want (for example)

      It’s no longer “we’ll expose some data”, now it’s “we can use this data to infiltrate your systems and wreak havoc in whatever way we want”

    • Pieisawesome@lemmy.worldEnglish
      51·
      25 days ago

      I doubt that. It’s preinstalled and enabled for personal users.

      Even if it is enabled by default on pro/enterprise, there will probably be a group policy to disable it.

      • HelloHotel@lemm.eeEnglish
        61·
        25 days ago

        It feels like this was intended for buisnesses to monitor for phrases on your screen like “coolmath games unblocked free”

        or to extract and upload a summary of what happened every second of every day to the server defined in the group policy.

        • hayes_@sh.itjust.worksEnglish
          6·
          25 days ago

          At the same time, I think I would actually use this tool if it were available on a corporate machine.

          I already assume my employer is recording everything I do. So, I have zero expectation of privacy.

          I regularly have like 30 different tabs and text documents open that meant something to me a couple days ago, but I’ve since lost the context. Being able to ask my computer “why was this important?” or “how did I find this?” would be super useful.

        • KairuByte@lemmy.dbzer0.comEnglish
          2·
          21 days ago

          I doubt it. There are plenty of tools that already do this if that was what they wanted, they’d just model it after those. Storing it locally isn’t how such tools usually work, they get shipped off to a remote server for ingestion.