Microsoft is currently previewing its latest version of Recall to Windows Insiders on Snapdragon-, Intel-, and AMD-based Copilot+ PCs — and the topic on most users’ minds is security. The company updated its security and privacy architecture for the feature in September, but, according to tests run by Tom’s Hardware, it still might not be good enough.
The new version of Recall includes a sensitive information filter that’s supposed to detect when there’s information like credit card numbers and Social Security numbers on the screen. If it detects them, it will avoid taking a screenshot. When Tom’s Hardware put this filter to the test, however, it failed in a number of situations.
It seems that right now at least, Recall is best at detecting standard checkout pages where people input their payment details — and as for everything else, it’s not very good. Recall captured card numbers and passwords typed into a Notepad window, Social Security information on a PDF loan application, and payment info typed into a simple HTML page.
Granted, these tests were designed to push the limits — but the filter probably ought to work in more than a single situation. Microsoft made sure not to promise any particular results, however. Its blog post on the updated architecture simply says the sensitive content filtering “helps reduce” the number of passwords, national ID numbers, and credit card numbers being stored in Recall.
In response to the Tom’s Hardware tests, the company pointed out that it plans to “improve this functionality” and encourages people to send examples to the Feedback Hub. Because the discourse around Recall is all about security, there really is no room for mistakes.
If you’re going to make a feature that screenshots everything everyone does on their PCs, you’ve got to make it airtight. We’ll see in the coming weeks if Recall’s encryption and everything going on under the hood is as secure as Microsoft claims it is. Hopefully, the company can get things sorted before its time for the larger rollout.
