Since its announcement in June, Microsoft's Windows Recall feature has been controversial and has caused a stir for months. When it was revealed, it faced immediate backlash due to security concerns. The concern was primarily that Recall takes screenshots of entire PCs, so that information could be found later if necessary.

The Copilot + Pilot AI tool was recalled by Microsoft to adjust the program and address security issues. Since then, it has been delayed several times and only recently became available to Windows Insiders (Microsoft's beta tester version for early adopters).

According to Microsoft, the updated version of Recall still captures screenshots, but these screenshots are encrypted and have the “filter sensitive information” setting enabled by default. This filter is intended to prevent Recall from capturing apps and websites that display sensitive personal information such as credit card numbers or social security numbers.

Unfortunately, this filter does not appear to be working. Our colleague Avram Piltch of Tom's Hardware tested the improved Recall and reported that the filter only worked a couple of times.

Piltch tested the filter by entering a credit card, random user and password into a Windows Notepad screen; Recall captured that information despite the text indicating that the number was a Visa card.

He also entered a PDF of a loan application in Microsoft Edge and entered his Social Security number along with his name and date of birth. Recall captured that as well.

Pilch conducted several other tests, but it appears that recall was only able to filter sensitive information on two e-commerce sites, Pimoronia and Adafruit.

In response to this filtering inquiry, a Microsoft spokesperson sent him a blog post that included the following privacy section:

“To detect sensitive information like credit card details, passwords, and personal identification numbers Recall has been updated. If detected, Recall will not save or store these snapshots. We will continue to improve this feature. If you find sensitive information that should be filtered for your situation, language, or region, please let us know through the Feedback Hub. Also, to help us improve the product, we have provided an option in the settings to anonymously share apps and sites you would like to exclude from Recall, so please enable it”

.

Since few have been able to try Recall, here is a brief description of what this feature is supposed to do for you.

Microsoft advertises it as a tool that helps you find things better by using natural language to search what you see on your PC.

To do this, Recall takes “snapshots” of your screen at regular intervals, which are stored locally on your computer, analyzed and indexed by AI.

The obvious concern here is that this digital record of everything on your PC and what you do on your PC could be accessed by malicious actors. when Recall first came out in the spring, there was not even encryption of the snapshots and the database was stored as plain text. Things have changed in the past few months.

Microsoft has also made Recall opt-in, whereas previously it was an opt-out option.

The new Recall has the aforementioned filters and appears to encrypt data. Biometric data and passwords are also required for login. Also, information can only be viewed in the Recall app.

Nevertheless, a determined malicious person with access to passwords and PINs could bypass the biometric checks. They can then view the Recall app via TeamViewer, which allows general remote access.

For now, the fact that the filter is not working means that your data is being captured and a series of mishaps could make that information available to malicious actors.