The controversial Microsoft Windows Recall AI app continues to raise eyebrows regarding its security capabilities, as highlighted by recent testing conducted by the UK technology site, The Register. This innovative application, designed to take screenshots of user activities on PCs for later retrieval, claims to have built-in safeguards to prevent the capture of sensitive information such as credit card numbers and passwords. However, findings from The Register’s team suggest that these protective measures may not be as robust as advertised.
Testing Results Raise Concerns
Initially launched with the Copilot+ PCs in the summer of 2024, Recall was swiftly retracted due to serious security concerns, including instances of it capturing sensitive data. After a brief hiatus, it returned to Windows Insiders in April of this year, still in preview mode. Microsoft maintains that the app is secure, thanks to a default feature known as “Filter sensitive information,” which is designed to prevent the capture of confidential data.
Avram Piltch from The Register tested Recall on a Lenovo Yoga Slim 7x Copilot Plus PC, entering various types of personal information. While he acknowledged that the filter successfully excluded some financial data, a number of alarming lapses were also noted. For instance, Recall managed to capture screenshots of his bank’s homepage, revealing balances and deposits, although it did refrain from recording account and routing numbers.
Piltch’s experiments extended to manipulating the language used in forms and documents. He discovered that while the filter blocked certain phrases, it failed to recognize variations. For example, when he wrote “My SS#,” it was filtered out, but changing it to “Soc. #” resulted in the information being captured. In a particularly concerning test, a document containing passwords was entirely recorded, highlighting a significant risk for users who may store sensitive information in unsecured formats.
Despite these findings, it is important to note that Recall remains in preview mode, a status it has held since October 2024. A blog post from November indicated that Microsoft is actively working to enhance the functionality of the security filter. However, the app’s promotion during the Windows onboarding process raises questions about the leniency afforded to its current state.
Users do have the option to block specific applications or websites from being captured by navigating to Settings, then Privacy & Security, and finally Recall & snapshots. While this feature allows for some customization, blocking essential tools like web browsers may diminish Recall’s overall utility, particularly for those operating outside of Microsoft’s ecosystem.
For individuals concerned about the potential risks associated with Windows Recall capturing sensitive personal and financial data, a straightforward solution exists: opting out of Copilot+ PCs altogether. Recall is specifically designed for laptops utilizing Qualcomm’s Snapdragon processors, so choosing a device powered by Intel or AMD chips can effectively mitigate these security concerns.
Ultimately, given the app’s lukewarm reception and ongoing security challenges, Microsoft may consider discontinuing Windows Recall in the future, leaving users to ponder the implications of integrating such technology into their daily computing experiences.
