The recall remains a privacy disaster. Reports suggest that the AI feature is recording sensitive information even when the sensitive information filter is enabled.
When Microsoft announced the recall, it did so riding a wave of positive AI news. The company was preparing nothing more than the next generation of Windows and wanted to announce a major feature during the keynote.
After all, AI is at the heart of the company’s new Copilot+ PC certification. What Microsoft did not expect was the criticism it received shortly after the recall was disclosed.
An AI system that monitors and records almost everything on a PC? Enabled by default? With little to no safeguards and security to protect recorded data? What could possibly go wrong?
For the big bang, Microsoft decided to skip the Insider build. This meant that it did not receive feedback from early testers, only from internal sources and perhaps some partners who were allowed to try out the recall. Did no one warn Microsoft about the issues or did they go away?
Therefore, Microsoft withdrew the recall soon after the disclosure and promised to go back to the drawing board. Then in late September, Microsoft announced Recall 2.0.
It made good on some of its promises. Recall was now opt-in and no longer running automatically in the background. The AI feature now uses improved security, including additional protection of the database that contains the user’s recorded history.
Comment: The Sensitive Information filter is designed to block screen capture by Recall if sensitive data, such as a credit card or social security number, has been entered.
Looks like it’s still not good enough
A report from Tom’s Hardware suggestion of That recall isn’t ready for prime time yet. Here’s a summary of Recall’s missteps according to the author who tested it:
- Sensitive information entered into apps like Notepad is still recorded.
- By filling out a PDF document in Edge with sensitive information like Social Security numbers, it was recorded.
- Custom HTML pages that used a web form asking for a credit card number were also recorded when a user entered data.
The good news is that the recall blocked the recording of credit card information when the author visited two online stores.
Granted, at the time of writing the recall is still only available in Insider builds. Some problems or bugs are expected. Microsoft may be able to fix issues discovered before release.
concluding words
Only signed-in users should have access to the information collected by Recall. This is Microsoft’s promise and it has certainly improved security in key areas in the second version of the recall.
Authentication is required whenever someone wants to access the captured data. This will prevent a large number of malware from ever accessing the data.
Windows users who enable Recall need to be aware that this feature may record sensitive information even when the filter is enabled.
It will be interesting to see if Microsoft is able to improve the filters before the official release.
Now it’s your turn. What is your opinion on the recall? If Microsoft succeeds in fixing the remaining issues, will you use it in the future? Or are you in the other camp, which sees privacy issues and low usage of this feature?
Thanks for reading..
