Microsoft's new Windows Recall feature, a feature that allows users to capture most of what they do on their PC, has raised security and privacy concerns. The company's redesign focused on creating a secure vault for Recall data with Windows Hello authentication and a secure environment through a Virtualization-based Security Enclave. However, Alexander Hagenah claims that the vault is real but the trust boundary between the two ends too early. He claims that TotalRecall Reloaded tool can silently run in the background and activate the Recall timeline to force a user into authenticating with a Windows Hello prompt, which Microsoft claims is meant to restrict this scenario. Despite these concerns, Microsoft insists there is no vulnerability and that the access patterns demonstrated are consistent with existing protections and existing controls. Hagenaha also criticizes Microsoft's timeout protections and suggests a further step further to meet its security goals for Recall.