Since it was announced back in May, Microsoft's Copilot PC feature Recall has had a troubled rollout. The AI search tool, which works by taking screenshots of your activity, was pulled for release at one point. Then after Microsoft explained its security features, it was finally rolled out as a preview in late November.
Now Recall may be facing another setback. The website Tom's Hardware ran a real-world test on the Recall feature and found that even with a sensitive information filter enabled, Recall still captured screenshots of writer Avram Piltch's credit card and social security numbers.
Piltch wrote: "When I entered a credit card number and a random username / password into a Windows Notepad window, Recall captured it, despite the fact that I had text such as 'Capital One Visa' right next to the numbers."
Piltch had the same experience with a social security number in a PDF loan application using Microsoft Edge. The website posted screenshots using made-up numbers, but Piltch said that the same thing happened when he used a real credit-card number. Although Recall did skip some web pages containing that kind of information, Piltch said, it failed the test of not capturing it altogether.
The feature has a "Filter sensitive information" setting, which the writer says was enabled in his testing of Recall. Despite the backlash when the product was introduced, Microsoft has continued to tout the usefulness of Recall, which is meant to help Windows users find anything users have seen on their PC more quickly with the help of AI and a series of screenshots. Microsoft has answered back on critics who have suggested the software has inherent security and privacy problems.
An email from CNET to Microsoft about the test was not immediately returned, but Tom's Hardware posted a statement from Microsoft in response to the article. "We've updated Recall to detect sensitive information like credit card details, passwords, and personal identification numbers," a company spokesperson said. "When detected, Recall won't save or store those snapshots."
"We'll continue to improve this functionality, and if you find sensitive information that should be filtered out, for your context, language, or geography, please let us know through Feedback Hub," the company added. "We've also provided an option in Settings that we encourage you to enable that will anonymously share the apps and sites you prefer to be excluded from Recall to help us improve the product."
English (US) ·