“There are things known and there are things unknown and in between are the doors of perception.” — Aldous Huxley
I’m Huxley Westemeier (26’) and welcome to “The Sift,” a weekly opinions column focused on the impacts and implications of new technologies.
______________________________________________________
If you bought a newer Windows laptop in the past year and assumed that Microsoft was keeping your data secure, congratulations: you and Microsoft’s own security team assumed the same thing.
Windows Recall is an AI-powered feature at the center of Microsoft’s newer line of “Copilot +” laptops, which include a dedicated Neural Processing Unit that runs AI locally without requiring a server or internet connection. Specifically, Recall is a feature that takes a screenshot of your computer every few seconds and uses on-device AI to let you retrieve anything that was previously on your screen. It works like this: if you forgot where you saved a draft for a Rubicon article (guilty), you could just describe it, and Recall could find it and show you the folder.
Sounds useful, right?
Recall was first announced back in May 2024, and experts immediately warned that the feature would become a security disaster. In fact, the original version of Recall stored every screenshot in an unencrypted database accessible to anyone who could access your computer. In June 2024, a Swiss cybersecurity researcher named Alexander Hagenah publicly released a tool called TotalRecall (named after a 1990 Arnold Schwarzenneger film) that could “pull all the information” from Recall automatically, according to WIRED. Naturally, Microsoft responded by pulling Recall, rebuilding it to store only encrypted information while requiring biometric authentication via Windows Hello. The redesigned version officially launched in April 2025.
However, Recall was far from fixed.
In March 2026, the same researcher, Hagenah, released TotalRecall Reloaded, showing that the rebuilt version had the same problem as the original. The Verge reported that the new tool could also pull your entire Recall archive (every single screenshot!) without any special access or administrator permissions, and all without breaking any of Microsoft’s fancy new encryption.
How does that work if the encryption is untouchable?
All of Recall’s data currently lives in an encrypted “vault,” if you will, that should only unlock when you scan your face or type your password into Windows Hello. That part isn’t problematic. However, after you authenticate your intent to see your vault, Windows hands the decrypted information to a background process called AIXHost.exe, which then displays the Recall information on your screen. AIXHost.exe lacks code integrity enforcement, meaning that any ordinary program running under your user account can inject itself into AIXHost.exe and read or modify everything flowing through it. According to Ars Technica, TotalRecall Reloaded simply sits quietly in the background, waits for you to open Recall normally, and simply reads everything coming out of the AIXHost.exe process.
Hagenah reported the issue to Microsoft on March 6, but Microsoft responded on April 3 by classifying the bug as “not a vulnerability.” Microsoft explained that the behavior aligns with the system’s intended design and thanked Hagenah for his investigation.
Here’s what I would like to emphasize: Microsoft can’t issue a fix because TotalRecall Reloaded isn’t forcing Windows to do anything it doesn’t already do. Any solution would require a drastic overhaul of the OS. Allowing background processes to read and inject themselves inside other processes is required for screen recording/anti-cheat software to function, and also allows cybersecurity researchers to detect malicious processes.
If you do purchase a Copilot + PC, you can easily turn it off within Settings (under Privacy & Security and Recall & Snapshots). Additionally, some apps like Signal and Brave have already added features that prevent Recall from taking screenshots of their apps. However, it is worrying that third-party apps are patching a built-in Windows feature. Additionally, the University of Pennsylvania recently banned Recall on every university-managed machine on campus, citing “substantial and unacceptable security” risks.
The biggest takeaway is that Microsoft weighs Recall’s value as an AI feature as more important than the security of your data, which I expect will be a troubling mentality as we gain more and more AI-powered features in the coming months.
Think on the bright side: at least when your data gets leaked, you can rest assured knowing that it will be perfectly indexed and very easy for the hackers to search.