Microsoft Recall screenshots your credit card – even if you tell it not to

Microsoft’s much-debated AI-powered activity history feature, Recall, is back in the spotlight for all the wrong reasons. First announced in June 2024 for Copilot+ PCs, Recall promises users a “photographic memory” of their digital activities. After multiple delays, it was released as a preview last week. Reports from early testers suggest that Recall has significant blind spots, particularly with its touted sensitive information filter.

A Promising Feature with Troubling Privacy Concerns

Recall’s purpose is to make your PC activity searchable. It does so by capturing and indexing periodic snapshots of your screen for easy retrieval. While it may sound like the perfect feature for productivity enthusiasts, once you think about it, you’ll realise what it could mean for your privacy.

Microsoft has already addressed these issues on its support page for Recall. Recall uses local-only data processing, is encrypted, and comes with a sensitive information filter. Enabled by default, this filter omits personal data like credit card details and social security numbers from being processed by Recall. 

Early Testing Highlights Major Flaws in Sensitive Information Filtering

Tom’s Hardware tested Recall extensively and concluded that despite all the assurances, the sensitive information filter is far from perfect. While it blocked sensitive fields on two e-commerce sites, it failed to do so on all other sites. 

The filter’s failure is a privacy nightmare. While encryption helps secure snapshots, the presence of a centralised activity log on your computer creates a potential treasure trove for hackers.  

Recall is still in preview, and Microsoft has urged testers to report unfiltered content through the Feedback Hub. At the same time, they have reiterated that all data is processed locally and never shared with third parties. Moreover, users have granular control over Recall’s behaviour. You can pause snapshot saving, manually delete specific entries, or even opt out entirely. 

It’s clear that Microsoft sees Recall as a flagship feature of its Copilot+ PC experience. It has the potential to completely revamp digital workflows. However, its current implementation leaves much to be desired in terms of privacy and security. Until Microsoft resolves these issues, it would probably be a good idea for the end-user to wait.

Leave a Comment