The issue of privacy surrounding Recall persists as a major concern. Recent findings reveal that the AI feature is collecting sensitive data, despite the activation of its sensitive information filter.
Microsoft initially launched Recall amidst a wave of positive developments in AI. The tech giant was preparing to showcase its latest Windows iteration and aimed to highlight a crucial feature during a major presentation.
AI is central to the company’s upcoming Copilot+ PC certification. However, Microsoft was caught off guard by the backlash that erupted following the Recall announcement.
An AI tool designed to track and log nearly everything on a PC, which is enabled by default and includes limited measures to protect recorded information, raises significant red flags. What could potentially go wrong?
During its initial launch, Microsoft chose not to utilize Insider builds, foregoing early feedback from testers and relying mainly on internal resources, as well as a handful of partners with access to Recall. Was there no one who could have warned Microsoft about possible issues, or were such worries disregarded?
As a result, Microsoft swiftly withdrew Recall after its introduction and pledged to reconsider the feature. By late September, the company launched Recall 2.0.
This revised version aimed to rectify some of the previous issues. Recall is now opt-in, no longer operates automatically in the background, and has introduced enhanced security measures, including improved protection for the database storing a user’s recorded history.
Note: The Sensitive Information filter is designed to prevent Recall from capturing screen content when sensitive data, such as credit card or Social Security numbers, is inputted.
Still Falling Short
A report from Tom’s Hardware indicates that Recall is not yet fully prepared for widespread use. Below are some of the tool’s limitations as noted by the testing author:
- Inputting sensitive data in applications like Notepad was still logged.
- Entering sensitive information, such as a Social Security Number, in a PDF form via Edge resulted in capture.
- Custom HTML pages with web forms requesting credit card numbers recorded users’ entries.
On a positive note, Recall successfully blocked the logging of credit card details during visits to two online shopping sites.
Currently, Recall is exclusive to Insider builds, and some issues or bugs are expected. Microsoft may address these problems prior to the official release.
Concluding Thoughts
Microsoft assures that only the signed-in user will have access to the data collected by Recall. The second iteration has significantly improved security across key areas.
Accessing the stored data necessitates authentication, which should offer protection against most malware threats.
Nevertheless, Windows users who enable Recall must stay alert, as the feature might still capture sensitive information even with the filter activated.
It will be intriguing to see if Microsoft can refine the filter before the official launch.
Image Source: rawf8 / Shutterstock