Microsoft’s Recall, pitched as an AI-powered memory aid for your computer, is still logging information many people would never knowingly hand over, including credit card numbers, private medical searches, and even stored passwords.
A recent test by The Register found that the app’s built-in “Filter sensitive information” setting, which is switched on by default, fails often enough to make the feature a serious privacy hazard.
Recall continuously takes snapshots of a user’s screen so they can search their past activity.
Microsoft bundled it exclusively with its Copilot+ PCs in 2024, then withdrew it after early security concerns. It was brought back later that year with promises of stronger safeguards and is now integrated into the setup routine for many new Windows devices.
In testing, some types of data were excluded, but the misses were alarming. Account balances appeared in captured banking pages even if full account numbers were hidden. Credit card details slipped through when form labels were removed. Passwords were sometimes filtered when explicitly labeled as such, yet plain lists of usernames and passwords in a text file were saved without restriction.
Even official ID documents were not consistently safe. A passport image was blocked when fully visible, but recorded when partially covered by another window. Variations in wording could also change the outcome. A Social Security number prefixed with “Soc:” was captured in full, while “My SS#:” triggered partial blocking.
After public criticism last year, Microsoft announced that Recall snapshots and their database would now be encrypted and stored inside a Virtualization‑based Security Enclave. Viewing them requires Windows Hello authentication. However, Windows Hello accepts PIN codes, making the archive accessible to anyone who knows or can guess that short number.
Remote access tools such as TeamViewer allowed testers to browse a Recall history from another computer simply by using the PIN. Security specialists point out that VBS enclaves have been bypassed before, meaning encryption is no guarantee over time without strict and consistent patching.
For people in vulnerable situations, the stakes are higher. Brave browser developers recently decided to block Recall entirely by marking every tab as private, so the feature will not capture them.
This move, according to Brave’s Peter Snyder, is meant to protect those who could be harmed if an abusive partner gained access to their device and saw evidence of visits to support or medical sites.
