When Microsoft introduced Recall for Windows 11, data privacy and protection experts were horrified. Why? Because Recall continuously takes screenshots of your screen and saves them on your computer, even if those screenshots contain sensitive data like passwords and credit card details. Back then, Recall was still in testing, and the backlash was enough to get Microsoft to postpone its release.
Microsoft has since developed Recall even further and implemented several promised security and privacy features, but some remain unconvinced. We’ve tested Recall ourselves and still don’t trust it, and we aren’t the only ones. The Register carried out a test and found that it can “still capture credit cards and passwords, a treasure trove for crooks.”
In short, Microsoft promises the opposite, but Recall can continue to record passwords and credit card data under the right conditions. Microsoft integrated a filter to recognize the input or display of sensitive data and prevent screenshots in those cases, but The Register was able to get around that filter.
Mark Hachman / Foundry
Their test also found that Recall also took screenshots of account balances currently visible on the screen. Only the login details for the bank account were avoided by Recall. The Register writes: “So an attacker would know which bank I use and how much money I have, both details that could help them, but not my credentials or account number.”
Recall recorded credit card details in one case, but didn’t in another. Recall reliably recognized the input of passwords and didn’t record them, but it did create screenshots of a file containing passwords. Recall obviously doesn’t always recognize when passwords are displayed on the screen and can therefore possibly record them.
Also, when logging in to PayPal, Recall captured the login screen with the user name but not the password.
Microsoft’s Recall safeguards can still fail
The conclusion here is that, despite Microsoft’s improvements and additions, Windows Recall still has problems reliably recognizing sensitive data and refraining from recording it. According to The Register, Recall’s filtering of sensitive information is “good, but not good enough.”
It should be noted, however, that Windows Recall stores its screenshots in encrypted form, so it isn’t exactly easy for strangers to view them. Still, if you want to avoid the potential for sensitive data leaks, you should disable Windows Recall and skip the risks altogether.
Login to add comment
Other posts in this group
It ain’t easy to find a deal on a gaming monitor, particularly if you
Time and again, dangerous security vulnerabilities are discovered in
Microsoft has shared a video in which David Weston, who holds the tit
With new AI systems comes new AI vulnerabilities, and a big one was j
Stuck on a boss? Don’t know how to “perfect parry?” Microsoft is addi
Still hanging on to the old Hulu app? If so, it’s probably time to sa
