Microsoft’s Recall feature is in more hot water.
Though a Windows Insider blog post, says Recall has been updated to “detect sensitive information like credit card details, passwords, and personal identification numbers” and not capture that information, a report fromTom’s Hardware, shows that the feature has continued to capture credit card numbers, social security numbers, and passwords.
A brief look at Microsoft Recall’s rocky beginnings
Even before Recall launched in June, Microsoft announced quite a few changes due to security concerns with Recall being able to securely capture basically everything you do on your device.
Prior to its official launch, Microsoft disabled Recall by default, so users need to opt in if they want to use the tool. Then, Microsoft created a condition for Recall to require Windows Hello to be active in order to function.
Ultimately, despite these security changes made prior to release, Recall ended up being delayed past its original June 18 launch. Instead, it was released to participants in the Windows Insider Program for Copilot+ PCs, and it was still met with quite a few privacy concerns.
In tests run by Tom’s Hardware, Recall failed to protect private information in a loan application PDF in Microsoft Edge, a Windows Notepad Window, and a custom HTML page with a web form that specifically wrote out, “enter your credit card number below.”
At the time of writing, Microsoft hasn’t issued any updates to Recall or addressed the issues brought up by Tom’s Hardware. When Tom’s Hardware reached out to Microsoft for a comment on these major security concerns, the company simply pointed to the blog post excerpt on Privacy.
Part of the excerpt reads, “We’ll continue to improve this functionality, and if you find sensitive information that should be filtered out, for your context, language, or geography, please let us know through Feedback Hub.”
Whether you think compromising your credit card numbers, social security numbers, or other extremely sensitive info, is just a little kink to be ironed out is up to you, but to me, it sounds like a major security flaw.
I’m not saying Recall isn’t useful, or even that it lacks the ability to eventually be a tool that properly filters out sensitive information from all sources, but in today’s world, where hackers are smarter and more resourceful than ever, why risk it?