Skip to main content

A new test shows Microsoft Recall’s continued security problems

Recall screenshot.
Microsoft

Microsoft is currently previewing its latest version of Recall to Windows Insiders on Snapdragon-, Intel-, and AMD-based Copilot+ PCs — and the topic on most users’ minds is security. The company updated its security and privacy architecture for the feature in September, but, according to tests run by Tom’s Hardware, it still might not be good enough.

The new version of Recall includes a sensitive information filter that’s supposed to detect when there’s information like credit card numbers and Social Security numbers on the screen. If it detects them, it will avoid taking a screenshot. When Tom’s Hardware put this filter to the test, however, it failed in a number of situations.

Recommended Videos

It seems that right now at least, Recall is best at detecting standard checkout pages where people input their payment details — and as for everything else, it’s not very good. Recall captured card numbers and passwords typed into a Notepad window, Social Security information on a PDF loan application, and payment info typed into a simple HTML page.

Microsoft recall capturing credit card info.
Tom's Hardware

Granted, these tests were designed to push the limits — but the filter probably ought to work in more than a single situation. Microsoft made sure not to promise any particular results, however. Its blog post on the updated architecture simply says the sensitive content filtering “helps reduce” the number of passwords, national ID numbers, and credit card numbers being stored in Recall.

In response to the Tom’s Hardware tests, the company pointed out that it plans to “improve this functionality” and encourages people to send examples to the Feedback Hub. Because the discourse around Recall is all about security, there really is no room for mistakes.

If you’re going to make a feature that screenshots everything everyone does on their PCs, you’ve got to make it airtight. We’ll see in the coming weeks if Recall’s encryption and everything going on under the hood is as secure as Microsoft claims it is. Hopefully, the company can get things sorted before its time for the larger rollout.

Willow Roberts
Willow Roberts has been a Computing Writer at Digital Trends for a year and has been writing for about a decade. She has a…
Microsoft is fixing my biggest problem with Windows 11 on handhelds
Asus ROG Ally with the Windows lock screen.

We're finally starting to make some progress on the handheld experience of Windows 11. Although Windows 11 handhelds like the ROG Ally X are some of the best handheld gaming PCs you can buy, that's despite their use of Windows, not because of it. Now, the latest Windows 11 Insider preview (build 22631.4387) adds a feature that should make navigating the OS much easier on a handheld -- a keyboard built for gamepads.

Windows has included an onscreen keyboard for years, and updates over the last couple of years have even made it usable with touch inputs. On a handheld, however, there are two problems with the keyboard. You can't invoke it naturally -- you have to bind Windows + Ctrl + O to a hotkey -- and you can't use your controller to navigate it. With the new update, Microsoft is fixing that last point, at the very least.

Read more
Microsoft is finally making Copilot+ laptops useful for AI
Microsoft Surface Pro 11 front view in tablet mode.

Microsoft's Copilot+ PC initiative has been a smash hit, with many of them landing among the best laptops, but not for the AI hardware inside. Now, finally, Microsoft is putting the neural processing unit (NPU) inside Copilot+ PCs to good use. Starting today and going throughout the next two months, Microsoft will begin rolling out the 24H2 update for all Windows 11 PCs, and in the process, unlock several features for Copilot+ PCs, including the highly controversial Recall.

Recall is definitely the star of the show here, which will start showing up on Copilot+ laptops with a Snapdragon X chipset throughout October. Last week, Microsoft laid the groundwork for the release of Recall, detailing the security architecture of the feature and addressing some major criticisms of it. Now, for example, Recall is turned off instead of on by default. Microsoft is also allowing users to filter websites and giving users more control over their snapshots, including deleting them all.

Read more
Microsoft outlines Recall security: ‘The user is always in control’
Recall promotional image.

Microsoft just released an update regarding the security and privacy protection in Recall. The blog post outlines the measures Microsoft is taking to prevent a data privacy disaster, including security architecture and technical controls. A lot of the features highlight that Recall is optional, and that's despite the fact that Microsoft recently confirmed that it cannot be uninstalled.

Microsoft's post is lengthy and covers just about every aspect of the security challenges that its new AI assistant has to face. One of the key design principles is that "the user is always in control." Users will be given the choice of whether they want to opt in and use Recall when setting up their new Copilot+ PC.

Read more