Microsofts Recall feature appears to capture sensitive information, test shows

Microsoft Copilot + PC logo

One of the most unpopular new Windows features is doing a lot to earn that reputation.

Microsoft Recall, which is an AI-driven tool that constantly screenshots your PC activity to build a searchable database of everything you’ve ever done, apparently can’t always filter out sensitive information like credit card and Social Security numbers. This is according to real-life testing done by Tom’s Hardware, which found that this information (whether it was dummy text or real) would occasionally still get captured by Recall screenshots, which could theoretically then be viewed by someone else.

The security risks here are numerous and obvious. There is a filter for cutting out sensitive information from Recall screenshots that is on by default (imagine if it wasn’t), but per Tom’s Hardware, it only works some of the time. On obvious e-commerce websites, credit card numbers generally get filtered out. But in other places, like PDF forms, the filter doesn’t catch them.

Recall has easily been the most talked-about and controversial part of Microsoft’s recent push into artificial intelligence. It’s been called a “disaster” by security experts, and underwent a delay earlier this year, ultimately being released for testing in October.

If you do a lot of shopping online, maybe think about turning Recall off.