You completely ignore the fact that it's a prime target for literally any virus. They don't even have to do any keylogging anymore since everything already was taken care of, only the sqlite db file has to be transfered.

I know all too well how it feels to be a scatterbrain, but this is both a security AND privacy nightmare. It's only a matter of time Microsoft attempts to use data from it (or the feature itself) for monetization as well.

All in all… please don't get too comfy.

@Natanox I mean, yeah

The inclusion of screenshots makes it a great target but it's not like it's difficult to pull someone's super sensitive and relevant data as-is

Dump the Chrome folder from my LocalAppData and either decrypt stuff with DPAPI on the spot or just jack my SAM keys and boom, so much interesting data

I do plan to look into how Recall stores (and protects) all its memories because right now everything online is speculation

@Natanox In case you find the thread again I'd be interested in reading it

Admittedly I don't spend much time on Mastodon so it could've flown under my radar