Microsoft Recall caught capturing credit card and Social Security numbers despite reassurances it won't

The Windows Rec
(Image credit: Tom's Guide/Microsoft)

Since its announcement in June, Microsoft's Windows Recall feature has been controversial and bumpy for a few months. It faced immediate backlash over security concerns when it was revealed. The concern was mainly around the fact that Recall takes screenshots of your entire PC so that you can find information later if desired.

The AI tool for Copilot + Pilots was recalled so Microsoft could tweak the program and work on the security issues. Since then, it's been delayed several times, and only recently became available for Windows Insiders, Microsoft's version of beta testers for early adopters.

According to Microsoft, the updated version of Recall still captures screenshots, but those screenshots are now supposed to be encrypted and have a "Filter sensitive information" setting enabled by default. This filter is meant to stop Recall from capturing apps or websites that show sensitive personal information like credit card numbers and Social Security numbers.

Unfortunately, this filter does not seem to be working. Our colleague, Avram Piltch, at Tom's Hardware, tested the revamped Recall and reported that the filter only worked a couple of times, "leaving a gaping hole in the protection it promises."

Piltch tested the filter by entering a credit card, random user and password into a Windows Notepad screen. Recall captured that information despite text denoting the number as a Visa card.

He also filled out a loan application PDF in Microsoft Edge, where a Social Security number was filled in alongside his name and date of birth. Recall captured that as well.

Pilch performed some other tests, but Recall seemed to filter out sensitive information only on a pair of e-commerce sites, Pimoronia and Adafruit.

In response to a query about the filter, Microsoft spokespeople sent him a blog post containing a Privacy section that reads:

"We’ve updated Recall to detect sensitive information like credit card details, passwords, and personal identification numbers. When detected, Recall won’t save or store those snapshots. We’ll continue to improve this functionality, and if you find sensitive information that should be filtered out for your context, language, or geography, please let us know through Feedback Hub. We’ve also provided an option in Settings that we encourage you to enable that will anonymously share the apps and sites you prefer to be excluded from Recall to help us improve the product."

What does Recall actually do?

Since few people have been able to try out Recall, here's a brief rundown of what the feature is supposed to do for you.

Microsoft pitches the tool to help you find things better by searching your PC for anything you've seen on it using natural language.

To do this, Recall takes "snapshots" of your screen at regular intervals, which are stored locally on your computer and analyzed and indexed by AI.

The obvious concern here is that this digital record of everything on your PC and things you've done on your PC can potentially be accessed by bad actors. When Recall first appeared in the spring, it didn't even have encryption on the snapshots, and the database was stored as plain text. Those things have changed in the past few months.

Microsoft has also made Recall opt-in, which was previously an opt-out option.

The new Recall does have the mentioned filter and appears to encrypt data. Login also requires biometric data and passwords. And information can only be viewed in the Recall app.

That said, a determined bad actor with access to your password or PIN could bypass the biometric checks. And you can view the Recall app via TeamViewer, which allows for popular remote access.

For now, if the filter isn't working, it means your data is being captured and that a series of missteps could make that information available to a bad actor.

More from Tom's Guide

Category
Arrow
Arrow
Back to Gaming Laptops
Brand
Arrow
Processor
Arrow
RAM
Arrow
Storage Size
Arrow
Screen Size
Arrow
Colour
Arrow
Condition
Arrow
Price
Arrow
Any Price
Showing 10 of 28 deals
Filters
Arrow
Show more
TOPICS
Scott Younker
West Coast Reporter

Scott Younker is the West Coast Reporter at Tom’s Guide. He covers all the lastest tech news. He’s been involved in tech since 2011 at various outlets and is on an ongoing hunt to build the easiest to use home media system. When not writing about the latest devices, you are more than welcome to discuss board games or disc golf with him. 

Read more
Windows 11
I review laptops for a living — here's my honest thoughts on Windows Recall
The Windows Rec
How to enable Windows Recall — it's now possible to try the controversial Copilot feature
Windows 11 logo on a laptop screen
I reviewed Windows 11, and these are the 5 new features I'm most excited about for 2025
A laptop on a windowsill in the middle of a Windows update
Microsoft is ending support for Windows 10 soon — 5 ways to make sure your PC is secure
laptop anger
Latest Windows 11 update reportedly breaking major parts of the operating system
Microsoft Edge open on a laptop with the browser's app listing page open on a smartphone in front of it
Microsoft Edge will soon protect you from these scary scams that even Chrome can't
Latest in Windows Operating Systems
Microsoft Office is finally as it should have been on iPad
Microsoft tests free Word, PowerPoint and Excel apps for Windows — expect a lot of ads
laptop anger
Latest Windows 11 update reportedly breaking major parts of the operating system
Windows 10 logo
Windows 10 end of life set for this year — everything you need to know to get ready
Windows 11 logo on a laptop screen
I reviewed Windows 11, and these are the 5 new features I'm most excited about for 2025
A Windows 11 laptop, demonstrating how to run Android apps on Windows 11
How to remove the Windows 11 news and weather widget
Man typing on Windows 11 laptop
Microsoft confirms major Windows 11 and Windows 10 audio bug is cutting sound on PCs
Latest in News
HomePod with display concept render
Apple HomePod with display now rumored for late 2025 launch
The Apple Watch Series 10 on display at the device's launch in September 2024
Apple Watch sales plummet 19% as smartwatch market declines for first time
Google's Project Astra working on prototype smartglasses in an advertisement
Google just acquired this eye tracking company — hinting at the return of Google glasses
iPhone 17 Air render
iPhone 17 Air could be just 5.5mm thick — but 9.5mm when you throw in the camera bump
Sterling K. Brown in Paradise
Hulu top 10 shows — here's the 3 worth watching right now
iPhone 16
Hoping for a new iPhone 16 color? Here's why that's looking unlikely