Microsoft is currently previewing its Recall feature for Windows Insiders on Snapdragon, Intel, and AMD-powered Copilot+ PCs. A key concern for users is the security of this screen capture tool. While Microsoft updated Recall’s security and privacy architecture in September, recent tests by Tom’s Hardware suggest the sensitive information filter still needs improvement.
Recall’s new filter aims to identify and avoid capturing sensitive data like credit card and Social Security numbers. However, Tom’s Hardware found the filter effective primarily on standard checkout pages. It failed to block sensitive information in several other scenarios.
The tests revealed Recall captured card numbers and passwords entered into a Notepad document, Social Security information from a PDF loan application, and payment details on a basic HTML page.
Microsoft recall capturing credit card info.Tom’s Hardware showing Microsoft Recall capturing credit card information despite the sensitive information filter
While the tests were designed to push the filter’s limits, it should ideally function in more than a single situation. Microsoft’s blog post on the updated architecture acknowledges the filter “helps reduce” the capture of sensitive data, but stops short of guaranteeing complete protection.
In response to the Tom’s Hardware tests, Microsoft indicated plans to “improve this functionality” and encourages users to submit feedback via the Feedback Hub. Given the security concerns surrounding Recall, there’s little margin for error.
A feature that captures everything on a user’s PC must be completely secure. The coming weeks will reveal whether Recall’s encryption and underlying architecture are as robust as Microsoft claims. Hopefully, these issues will be resolved before the wider rollout.
