Posted: 5 June 2024. At: 8:53 AM. This was 4 weeks ago. Post ID: 19692
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.

TotalRecall – a ‘privacy nightmare’?

  1. Location of the Recall database files
  2. Disable Windows Recall

Location of the Recall database files

This is a nice Python tool, that can extract data from the Windows Recall database in the %USERPROFILE%\AppData\Local\CoreAIPlatform.00\UKP{GUID} folder. This is the first tool to use the data stored in the SQLite database. This is a means to extract your data and see what it is storing about you.

Images are stored in the .\ImageStore\ subdirectory. The database is named ukg.db.

An old computer running IBM DOS. Before Microsoft bought it.
An old computer running IBM DOS. Before Microsoft bought it.

Download this script.

(jcartwright@2403-4800-25af-b00--2) 192.168.1.5 Recall  $ git clone https://github.com/xaitax/TotalRecall.git
Cloning into 'TotalRecall'...
remote: Enumerating objects: 8, done.
remote: Counting objects: 100% (8/8), done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 8 (delta 0), reused 8 (delta 0), pack-reused 0
Receiving objects: 100% (8/8), 9.71 KiB | 9.71 MiB/s, done.

Then run the script by itself to find the database and open it.

(jcartwright@2403-4800-25af-b00--2) 192.168.1.5 TotalRecall  $ python3 totalrecall.py 

___________     __         .__ __________                     .__  .__   
\__    ___/____/  |______  |  |\______   \ ____   ____ _____  |  | |  |  
  |    | /  _ \   __\__  \ |  | |       _// __ \_/ ___\\__  \ |  | |  |  
  |    |(  <_> )  |  / __ \|  |_|    |   \  ___/\  \___ / __ \|  |_|  |__
  |____| \____/|__| (____  /____/____|_  /\___  >\___  >____  /____/____/
                         \/            \/     \/     \/     \/           
v0.2 / Alexander Hagenah / @xaitax / [email protected]

I do not have access to Recall yet, thank god, but this is how you would access it. This is a very nice tool. I hope someone uploads a sample SQLite database from Recall so Linux users can try and access the data using Linux tools. How long until they try and force a tool like Recall for Linux? That would be quite a show and the Twitter threads would be gold.

So, it is easy to extract the data using Python. Windows Recall does not encrypt the database and is accessible to any malware that wants the data, or anyone who can access your PC with a USB drive. They can copy the database and trawl through it later at their leisure. Microsoft is a security nightmare in the making.

Disable Windows Recall

How to disable Windows Recall on a machine using the Registry Editor as Admin.

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsCopilot]
"TurnOffWindowsCopilot"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsAI]
"DisableAIDataAnalysis"=dword:00000001

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.