The screenshots are stored locally for six hours, then deleted – but the extracted text can stay for a long time.
OpenAI released a feature, after which security specialists again had unpleasant associations with Microsoft Recall. We are talking about the Chronicle function, which was released in the format of a research preview in the Codex application for macOS. The function can capture images from the screen, extract the context from them and transmit the data to the agent so that Codex better understands what the user is busy without a constant re-explaination.
The OpenAI documentation says that Chronicle complements Codex memory with screen information. When the user sends a request, the stored data helps the system to take into account the recent work. A similar idea of Microsoft introduced back in 2024 together with the Assembly for Windows. Recall took the pictures of the desktop every few seconds and saved them on the disk so that Copilot received more context.
The response to the Recall was very tough. The function was called a nightmare for privacy, a bait for lawsuits and a kind of keylogger. After a few months, Microsoft had to change the product under pressure from criticism. Later, the Brave browser added protection from the images from the Assembly, and the checks showed that the system stored images with bank card numbers and passwords, although Microsoft promised filters for sensitive data.
The similarity with Recall was noticed immediately after the appearance of the Chronicle documentation. Security researcher Michael Taggart wrote that OpenAI actually made a version of the Recall for macOS.
Chronicle has one important difference: OpenAI doesn’t include the default function. Chronicle only works at the request of the user and is still available only in the Codex application for macOS. But even in the description of OpenAI lists serious disadvantages. The company warns that Chronicle quickly consumes Codex limits, increases the risk of introducing malicious instructions through the contents of the screen and stores memory on the device without encryption.
The problem is not limited to the images themselves. OpenAI writes that the screenshots lie locally for about six hours, after which they are deleted. But the text extracted from the images by recognizing can last longer in memory. Such memory is text Markdown files that remain available in the following sessions until the user deletes them manually.
The description of the process leaves important questions unanswered. OpenAI states that screenshots are temporarily stored on the device, then processed on the company’s servers to create memory, and then the memory is stored again locally. According to the documentation, the transmitted images are not used to train models and are not stored, except when storage requires law. But it is not clear from the text whether OpenAI retains the text obtained after recognition on its servers, and whether it can already store such data at the legal requirement.
Even after removing the pictures, the risks do not disappear anywhere. Text memory is stored in the catalog $CODEX_HOME/memories_extensions/chronicle/ and stay there until manual removal. Moreover, the user can later re-send captured content to OpenAI if Codex will rely on stored memory on new requests.
OpenAI separately recognizes that both directories, with screen and memory images, may contain sensitive information. The company advises not to share content with others and remember that access to such files can be obtained by other programs on the computer.
As a result, Chronicle looks like a convenient way to give Codex more working context, but the convenience fee comes out too noticeable. The more active the function monitors the screen, the higher the risk of leakage of personal data, the preservation of unnecessary information and the emergence of new channels of attack.
OpenAI released a feature, after which security specialists again had unpleasant associations with Microsoft Recall. We are talking about the Chronicle function, which was released in the format of a research preview in the Codex application for macOS. The function can capture images from the screen, extract the context from them and transmit the data to the agent so that Codex better understands what the user is busy without a constant re-explaination.
The OpenAI documentation says that Chronicle complements Codex memory with screen information. When the user sends a request, the stored data helps the system to take into account the recent work. A similar idea of Microsoft introduced back in 2024 together with the Assembly for Windows. Recall took the pictures of the desktop every few seconds and saved them on the disk so that Copilot received more context.
The response to the Recall was very tough. The function was called a nightmare for privacy, a bait for lawsuits and a kind of keylogger. After a few months, Microsoft had to change the product under pressure from criticism. Later, the Brave browser added protection from the images from the Assembly, and the checks showed that the system stored images with bank card numbers and passwords, although Microsoft promised filters for sensitive data.
The similarity with Recall was noticed immediately after the appearance of the Chronicle documentation. Security researcher Michael Taggart wrote that OpenAI actually made a version of the Recall for macOS.
Chronicle has one important difference: OpenAI doesn’t include the default function. Chronicle only works at the request of the user and is still available only in the Codex application for macOS. But even in the description of OpenAI lists serious disadvantages. The company warns that Chronicle quickly consumes Codex limits, increases the risk of introducing malicious instructions through the contents of the screen and stores memory on the device without encryption.
The problem is not limited to the images themselves. OpenAI writes that the screenshots lie locally for about six hours, after which they are deleted. But the text extracted from the images by recognizing can last longer in memory. Such memory is text Markdown files that remain available in the following sessions until the user deletes them manually.
The description of the process leaves important questions unanswered. OpenAI states that screenshots are temporarily stored on the device, then processed on the company’s servers to create memory, and then the memory is stored again locally. According to the documentation, the transmitted images are not used to train models and are not stored, except when storage requires law. But it is not clear from the text whether OpenAI retains the text obtained after recognition on its servers, and whether it can already store such data at the legal requirement.
Even after removing the pictures, the risks do not disappear anywhere. Text memory is stored in the catalog $CODEX_HOME/memories_extensions/chronicle/ and stay there until manual removal. Moreover, the user can later re-send captured content to OpenAI if Codex will rely on stored memory on new requests.
OpenAI separately recognizes that both directories, with screen and memory images, may contain sensitive information. The company advises not to share content with others and remember that access to such files can be obtained by other programs on the computer.
As a result, Chronicle looks like a convenient way to give Codex more working context, but the convenience fee comes out too noticeable. The more active the function monitors the screen, the higher the risk of leakage of personal data, the preservation of unnecessary information and the emergence of new channels of attack.
