Microsoft’s Recall feature, a tool designed to create a searchable timeline of users’ computer activity, has come back in the Windows Insider builds.
Initially removed in June due to security and privacy concerns, the updated version includes encryption for captured screenshots and a default setting to filter sensitive information. However, recent tests reveal significant gaps in the promised protections, raising questions about its efficacy and safety.
Mixed Results in Filtering Sensitive Information
Recall is designed to take periodic screenshots of all user activity, organizing them into a searchable timeline that can be accessed using natural language queries. Whether you’re browsing websites, filling out forms, or working in productivity apps, Recall records it all. This “digital memory” is aimed at making workflows seamless by letting users revisit past activity with ease, but it also means creating an unprecedented repository of personal information.
For now, Microsoft has made Recall an opt-in feature, but its prominence in Windows Insider builds suggests the company may envision making it a core feature of the operating system. By prompting users to enable Recall immediately after updates, Microsoft is signaling its intent to embed this tool into the daily Windows experience.
Privacy Risks: A Trojan Horse for Surveillance?
The core issue with Recall is its potential to turn personal computers into surveillance devices. By recording every interaction a user has with their PC, the tool inherently creates a highly detailed log of their digital life. Even with Microsoft’s assurances of encryption and sensitive data filtering, recent tests show that Recall’s protections are far from perfect.
Recall’s supposed safeguards—such as blocking the capture of credit card details or Social Security numbers—have proven inconsistent.
As tested by Tom’s Hardware, Recall’s “Filter sensitive information” feature is intended to block the capture of screens displaying personal or financial data, such as credit card numbers or Social Security numbers.
In controlled tests, the feature successfully blocked screenshots on some e-commerce sites like Pimoroni and Adafruit during payment processes. However, in several other scenarios, including manual entry of sensitive data in Notepad and filling out forms in Microsoft Edge, the tool failed to prevent the capture of private information.
Custom-built web pages explicitly labeled for credit card input also bypassed Recall’s filters, allowing sensitive details to be recorded. This inconsistency highlights the difficulty of creating an AI filter that reliably detects and blocks all sensitive data.
Microsoft’s Response
Microsoft acknowledged the gaps in its blog post, stating:
“We’ve updated Recall to detect sensitive information like credit card details, passwords, and personal identification numbers. When detected, Recall won’t save or store those snapshots. We’ll continue to improve this functionality…”
While the company encourages user feedback to improve the filter, the current shortcomings demonstrate that the tool may not yet provide the level of security users expect.
How Recall Works
The Recall feature is exclusive to Copilot+ PCs and aims to serve as a digital memory aid, capturing screenshots of all user activity, organizing them in a timeline, and making them searchable using AI-powered natural language processing. Users can, for instance, search for a webpage related to a specific item they were browsing, and Recall will display the corresponding screenshot.
