Windows Recall is arguably Microsoft's most controversial feature thus far. The feature shipped as part of the massive Windows 11, version 24H2 update, exclusively to Copilot+ PCs alongside other key AI-powered features, including Click To Do and Image Generation.
However, the feature has been received with backlash due to privacy and security concerns, prompting Microsoft to "recall" the feature multiple times to fine-tune its experience. For context, Windows Recall takes snapshots of your screen every few seconds and uses on-device AI to analyze and triage that content.
Security experts have referred to the controversial Windows 11 AI-powered feature as a security failure and a hacker's paradise despite Microsoft's blatant attempt to address the highlighted security concerns, including making it an opt-in experience and making Windows Hello a requirement to access the feature.
Microsoft has seemingly addressed most of the highlighted security issues, releasing the feature in preview to Copilot+ PCs last month, and more recently, Intel and AMD Copilot+ PCs. Part of the elaborate security measures implemented to make the controversial AI feature more appealing to users, include a setting that filters sensitive information from its snapshots. The setting is designed to prevent the feature from taking snapshots of any app or website that features sensitive information, including credit card numbers, social security numbers, and other important financial credentials.
More critical security concerns abound for Windows Recall
However, a new report by Tom's Hardware's Avram Plitch, highlights the security setting could be counterproductive. Windows Recall captured sensitive financial information, including a credit card number and a random username and password while he was using Windows Notepad. Despite enabling the setting, the feature captured the sensitive information, even with obvious wording such as “Capital One Visa” adjacent to the numbers.
Plitch admitted that the sensitive credentials used in the scenario were made up but he replicated similar results when he decided to use his credit card. He decided to kick things a notch higher by creating an HTML page with a web form asking for credit card number details, including the credit card type, number, expiration date, and the credit card's security code (CVC).
Plitch hoped the obvious wording would trigger Windows Recall censors, prompting it to block or halt the process while he was still on the page. However, Windows Recall took a snapshot of the security-sensitive page, including his intricate financial details.
Windows Recall refused to take snapshots of the credit card fields when Plitch was on Oimoroni and Adafruit's payment pages. To this end, Plitch's testing proves that while Microsoft's Windows Recall feature potentially identifies real-world commerce sites, allowing it to filter sensitive credentials from its snapshots, in his specific scenario it failed to identify and filter sensitive information.
It's also super important to remember that Windows Recall is still in beta, and only available via Microsoft's Windows 11 preview program. As such, bugs like this are expected, and Microsoft wants feedback from testers to improve the product before it rolls out to the public.
Our own Senior Editor, Zac Bowden has been using Windows Recall since the preview first dropped, and in his findings, he was unable to get Windows Recall to capture any financial credit card information even when typed into Notepad as Plitch did. So this issue is likely down to the current preview nature of Recall and will hopefully be ironed out before Recall begins rolling out officially.
When requesting for a comment from Microsoft about his findings, the user was redirected to a blog post highlighting how Windows Recall filters and censors sensitive financial credentials from its snapshots. In it, Microsoft suggests that during the preview period, the company is expecting there to be scenarios where Recall doesn't correctly filter out sensitive information:
"We’ll continue to improve this functionality, and if you find sensitive information that should be filtered out, for your context, language, or geography, please let us know through Feedback Hub."