A recent assessment of the Windows 11 Recall feature by Tom’s Hardware reveals significant privacy concerns. The Recall feature is designed to capture and store screenshots of user activities, with supposed privacy filters to protect sensitive information. These filters are intended to prevent the recording of sensitive data such as credit card numbers, social security numbers, and other personal information. Despite these intentions, the feature appears to fall short of its privacy promises.
Microsoft Recall works by taking a screenshot of your active screen every few seconds. This image of your desktop is then stored locally on your machine so that you can look back at them if you need to remember something. Per Microsoft, this information is not shared with Microsoft or third parties, or even other Windows users on the same machine.
The Recall feature was reintroduced to Windows Insiders after being withdrawn earlier due to security issues. The updated version encrypts captured screenshots and includes a default setting to filter sensitive information. This setting aims to avoid recording screens displaying sensitive financial or personal information. However, during testing by Tom’s Hardware, these filters only functioned properly in limited scenarios, such as on a couple of e-commerce sites, leaving significant vulnerabilities in information protection.
Testing conducted by Tom’s Hardware involved entering sensitive data in various applications and scenarios. In several instances, the Recall feature captured screenshots that included sensitive information despite the privacy filter being enabled. For example, entering credit card details and random login credentials in a Windows Notepad document did not trigger the filter. Similarly, filling out a loan application form in a PDF document in Microsoft Edge resulted in the capture of sensitive data, including social security numbers and dates of birth.
Even if the sensitive information filters for Microsoft Recall were working, we would still recommend disabling this feature indefinitely. The current sensitive information filters should prevent saving of credit card numbers, passwords, social security numbers, and more. That said, this feature only works for the primary web browsers ( Edge, Firefox, Chome, Opera ), and only if the web browsers are the current active window being displayed. That means any browser windows in the background, or any other applications with sensitive information showing won’t be filtered. More than just the active window, we would also be worried that the app would store potentially sensitive images of emails, pdf’s, internet searches, and more.
Given the potential risks associated with the Recall feature, we recommend disabling it to protect your personal information. For more details on Microsoft Recall, check out Microsoft’s website here.
Tom’s Hardware’s writeup on testing this new feature can be found here.
