the Acer Swift 14 AI Copilot Plus PC.

Credit: Hadlee Simons / Android Authority
  • A cybersecurity researcher has published a short Python script that showcases potential privacy lapses in Windows’ upcoming Recall feature.
  • The script can scan for sensitive terms in Recall’s database, including passwords.
  • The controversial AI feature is set to ship later this month as the first Snapdragon X-powered computers go on sale.

With just 171 lines of code, a Python script has exposed several security and privacy risks plaguing Recall, the controversial AI feature coming to Windows 11. Destined to roll out alongside the first Copilot Plus PCs later this month, Recall captures screenshots every five seconds and arranges them in a visual timeline. Microsoft CEO Satya Nadella likened the feature to “photographic memory” for Windows PCs.

Ahead of Recall’s launch, however, a lone developer has published a Python script that automatically extracts sensitive information from the feature’s database. Cheekily named TotalRecall, the tool “copies the databases and screenshots and then parses the database for potentially interesting artifacts”.