Don't trust Windows 11's Recall feature? A new report will only harden your resolve to never use the AI-powered search

• Windows 11's Recall feature has just been put through its paces
• It did better than when it was first released in preview, but still made slips with its sensitive info filter
• In some scenarios, this filter simply isn't keeping vital data - like credit card numbers - out of Recall's screenshots

Windows 11's Recall feature is under scrutiny again with a new report claiming that, in certain situations, the functionality is capturing sensitive information as part of its daily duties (for those with Copilot+ PCs who've turned it on).

As a quick refresher, Recall is the AI-powered natural language search that's in-depth and works off regularly taken screenshots of the activity on the host PC. While it's undoubtedly powerful, it has been dogged with privacy and security concerns since it was first revealed (and the launch was a shambles, you may well recall - ahem).

And some concerns remain, as a report from The Register makes clear - at least in certain scenarios with the screenshots that Recall takes, which could be a 'potential treasure trove for thieves' as the author, Avram Piltch, puts it.

Piltch ran tests on Recall with a Lenovo Yoga Slim 7x (which is a Copilot+ laptop), finding that while the feature did manage to exclude sensitive financial details - like credit card numbers - from many of the screen grabs taken, it didn't do so all the time.

Some of Recall's failures, which are reported here, include the feature taking a screenshot of a fake web page (created by the author for testing purposes) with a credit card entry form, when certain text (like 'checkout page' and 'enter payment info') was removed. Recall did successfully exclude the site from its screen-grabbing activity when those labels were present, but without them, Recall no longer recognized that the card details were sensitive info, so it still took grabs.

As Piltch points out, not all online shopping checkout forms look the same, and so doubt creeps in as to whether, with some websites, Recall might not be blocking out said card details.

Recall also had security points deducted by Piltch for screen-grabbing a text file full of (made-up) usernames and passwords. If the word 'password' was present in the document somewhere, Recall wouldn't take a screenshot - but if that wasn't explicitly mentioned, it would happily take a grab of the sensitive contents. (And no, you absolutely shouldn't keep a list of your passwords in a text file, but some people do, sadly).

Piltch further noted that when looking at his online bank account, Recall took screenshots of pages where his balance appeared, and a list of deposits made. That could be valuable information for a malicious party that got hold of this Recall info, but the feature did block out the account number (and ABA routing), thankfully.

When it came to PayPal usage, Recall took a screenshot of the login portal, which revealed the username, but not the password. Also, the feature didn't take grabs of the account page (showing recent activity and transactions), which was good, but letting the username slip still isn't great.

Recall also recognized a photo of a passport and avoided screenshotting that. However, when another window on the desktop partially obscured some of the photo, it did take a grab, evidently failing to recognize it as a passport in that case (even though sensitive details were still visible).

Analysis: Better - but still not good enough

The faults outlined here are mainly about Recall failing to recognize sensitive details when they aren't clearly flagged with a label (like 'payment info') or are only partially visible (as in the case of the passport).

How hard should we be on Recall for this? Well, if I used Recall myself (disclaimer: I don't, and in fact I can't, because I haven't got a Copilot+ PC), I'd be disappointed at the feature stumbling on the credit card numbers and passport in particular.

I think Recall should be sophisticated enough to pick up and recognize that grouping of card numbers (16-digit long credit card number, date, CVC) to block this out. Ditto for a partial passport photo, I feel Recall should still have been able to deal with it being somewhat obscured, in order to be judged as doing a good job in terms of its sensitive info filter.

On the other hand, some scenarios - a file full of passwords - aren't such a big slip in my books (those words could be anything really, and there's not such an obvious pattern there).

Still, there is enough slipping through the filter here to be worrying. Recall, however, is still in preview officially, and Microsoft itself admits that sensitive info can be missed (and that if this happens, you should feed this back to the company, as part of testing Recall).

So, the long and short of it is, Recall is still being tested. It's getting better - Piltch actually ran similar tests for Tom's Hardware when Recall first debuted for public consumption (in preview), and the feature's sensitive data filter performed far worse, but it still has wrinkles as we clearly see here. That's not good enough for me, and so even if I did have a Copilot+ PC, I wouldn't be using it.

Furthermore, I do worry whether Recall will ever be fully honed in terms of blocking out sensitive data completely, or guaranteed not to be subject to bugs where such slips might happen. (Windows 11 is well-known for never having any bugs, of course 😉). And so I can't see myself ever using the feature, frankly, because I'm also not convinced that I need this AI-assisted search anyway.

You don't need to turn on Recall, of course - in fact it's off by default with a Copilot+ PC.

Also, it's worth making it clear that an attacker would need to access your PC to get at these screenshots, which is far from an easy task. However, Piltch points out that an in-person attack (by someone who knows, or guesses, your Windows Hello PIN) is possible, and remote access isn't completely off the table, either.

That's not particularly comforting when you consider that a filter designed to maintain your security fully in such an eventuality isn't firing on all cylinders.

You might also like...

• Microsoft finally plays its trump AI card, Recall, in Windows 11 – but for me, it’s completely overshadowed by another new ability for Copilot+ PCs
• Windows 11 is getting more AI shortcuts, but is Microsoft in danger of cluttering up the OS with AI creep?
• Can’t upgrade to Windows 11? This Linux project wants to save your old PC from the scrapheap when Windows 10 support ends