Microsoft had to recall the Recall AI feature on Copilot+ Windows PCs earlier this year. In theory, Recall was supposed to be a great AI trick to quickly resurface information from your past activities on a computer. In practice, it turned out to be a privacy and security nightmare.
Researchers proved that Recall data could be easily accessed by a malicious actor who gains access to a computer. Also, the saved screenshots could contain sensitive information, and Recall was enabled by default on those Windows builds.
Microsoft heard the complaints and pulled the feature to rework its security. As testers have found, Recall now encrypts the screenshots, making it impossible to extract information from the database. However, Recall will still take screenshots of sensitive data, including social security numbers, logins (including passwords), and credit card data.
Even with protections in place, Recall mostly failed to recognize that sensitive data was entered on the screen in Tom’s Hardware’s tests.
Tech. Entertainment. Science. Your inbox.
Sign up for the most interesting tech & entertainment news out there.
By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.
The feature has a “filter sensitive information” setting that everyone should enable right if you use Recall. The good news is that Recall is an opt-in service now, meaning it won’t be automatically enabled once you get the latest Windows update.
The test showed various scenarios that many computer users will reconize where Recall shouldn’t take screenshots of the content shown on the display. But Recall captured the information anyway.
For example, Recall recorded a Windows Notepad window where the user entered a credit card number and a random username and password combination, even though the user typed “Capital One Visa” next to the number to trigger the protections. Recall also captured fake social security numbers, names, and date of birth details entered into a PDF loan application. The feature had no idea those were all fake; it just screenshotted the information. It also captured the page when a genuine credit card number was introduced.
The tester then created a web form with fields that said, “Enter your credit card number below.” The form asked for the credit card type, number, CVC, and expiration date. Again, Recall failed to trigger the protections and recorded images containing the data.
The only time Recall worked correctly was when the user entered payment information into the forms of two online stores.
That’s certainly not good enough and a big reason to worry. I’m a longtime Mac user, so I won’t deal with Recall anytime soon. Or if I do, I’ll only do it for testing purposes. But I can’t see why one should leave it enabled.
The report notes that Recall’s databases are indeed encrypted. Also, you need to authenticate with Microsoft Hello (fingerprint, face, or PIN) to access your screenshots. But a malicious actor with remote access to your computer could get into the history the AI uses once they obtain that PIN. You might think it won’t happen to you, but I wouldn’t take that risk, no matter how amazing this Copilot feature might be.
Because yes, I won’t lie, having the AI remember what websites you visited can be an amazing tool if done right. The feature would have to have strong security and privacy features, and Microsoft is not getting it right.
When asked about Recall’s feature that’s supposed to identify sensitive data, the company offered Tom’s Hardware a quote from its Recall blog post that tackles privacy matters:
We’ve updated Recall to detect sensitive information like credit card details, passwords, and personal identification numbers. When detected, Recall won’t save or store those snapshots. We’ll continue to improve this functionality, and if you find sensitive information that should be filtered out for your context, language, or geography, please let us know through Feedback Hub. We’ve also provided an option in Settings that we encourage you to enable that will anonymously share the apps and sites you prefer to be excluded from Recall to help us improve the product. And you can also choose to exclude specific apps and websites through the Recall settings page which we talk about below.
That means Recall will get better over time, but you’ll have to wait. Until that happens, it might capture sensitive data while you use your computer, as these tests have shown. You’ll have to decide for yourself whether the risk is worth it.
You can try Recall by installing the newest Windows Insider Build. Read more about it in Microsoft’s blog at this link.
