Windows 11 Recall Continues to Collect Sensitive Data Despite Promises

Microsoft’s Recall Feature: A Bumpy Comeback

After a tumultuous initial rollout, Microsoft has dedicated the past six months to refining its Recall AI feature. Recently, this revamped functionality has been reintroduced to Windows Insiders for testing within the latest preview builds. Despite significant improvements addressing past criticisms, lingering concerns persist regarding its ability to manage sensitive data and other known issues, such as disregarding established website filters.

Testing Recall’s Capabilities

An article from Tom’s Hardware evaluated Recall’s efficacy in filtering out sensitive information, highlighting its mixed performance. While the feature demonstrated some success in recognizing and excluding confidential data—including credit card numbers and Social Security numbers— there were notable failures where it captured sensitive information without the necessary safeguards.

Case Studies: Sensitive Data Capture

Testing revealed significant flaws; for instance, Recall successfully recorded a credit card number from a Windows Notepad session and extracted complete loan application details within the Edge browser. A similar issue arose with an HTML page designed to collect credit card information, presenting fields for card numbers, CVCs, and expiration dates. Despite evident markers indicating sensitive content, Recall unfortunately did not activate its filtering protocols.

A Recall snapshot with sensitive information — Image Source: Tom’s Hardware

Positive Aspects of Recall

On a brighter note, Recall performed adequately when handling sensitive information gathered from e-commerce sites, effectively capturing details while omitting personal identifiers. However, this accomplishment does little to alleviate the broader concerns surrounding the feature’s reliability.

Key Considerations for Users

Before forming a judgment, it’s essential to note that Recall is still in its public preview phase. Microsoft has transparently acknowledged that filter effectiveness may not be fully realized at this stage:

Moreover, Windows 11 provides an additional layer of security by encrypting all snapshots, which can only be accessed after a user verifies their identity through Windows Hello. Microsoft assures users that snapshots remain on the device and that disabling Recall will result in immediate data deletion. Despite these assurances, the situation prompts Copilot+ PC owners to reconsider their enthusiasm for this feature.

The Road Ahead for Recall

With Recall now available for a broader range of devices, including those powered by AMD and Intel, it may still be prudent for many users to wait for further refinements before fully integrating the feature. This timeframe could help Microsoft regain user trust in the wake of prior controversies. As the tech giant works to address ongoing issues, many wonder if they can successfully restore confidence in Recall moving forward.

Source & Images