Microsoft Recall can still take a screenshot of your sensitive information

Earlier this year, Microsoft Recall, a “photo memory” feature to automatically take screenshots for Windows 11 Copilot+ PCs, was delayed due to widespread security flaws. Now that he’s backTo some extent, some users found that it is still not the most secure feature, especially if you want to view your bank account or credit information online.

The recall first reached a handful of testers last month, but since December 6, that’s been the case Available to everyone Using a Copilot+ PC in Windows Insider Beta. Advantage Appeared for the first time in MayBut security Researchers found it Very easy To access AI text records of captured images. The new version of Recall encrypts all those logs and gives access to the feature behind Windows Hello login. The system should also automatically detect and stop imaging any “sensitive information,” such as banking information.

However, Avram Belch at Tom’s Hardware I mentioned The filters don’t filter as much as they should. Sensitive Information Filter settings should prevent the AI ​​from taking a screenshot of any website or document with a credit card number. However, Tom’s Hardware found that it would still take a screenshot of the Notepad document containing that information. It will also take a screenshot of the fake loan application in PDF format. He even photocopied a fake page created by Piltch, including a line to enter credit card information.

This does not mean that the filter is not working. Piltch said it would refuse to take screenshots on two payment sites it tested. In it November 22 blog postMicrosoft said You can select specific websites that Recall will not take a screenshot of. “If you find sensitive information that needs to be filtered according to context, language or geography, please let us know through the Feedback Hub,” the company added.

Gizmodo reached out to Microsoft for comment, but we did not immediately receive a response. In this case, Microsoft has to take into account all possibilities. If AI recognizes some commerce sites, it may not recognize every instance where you enter your credit card information. All screenshots should remain locked behind Windows Hello secure login, but the feature remains a potential vector for a bad actor to access sensitive information.

The recall remains an optional feature, and is turned off by default when uploaded to a PC in the Insider Channel. It’s still a beta product, so issues are bound to arise. Microsoft was forced to notify users on November 22 Blog post The feature will not save any screenshots if you install version 26120.2415 after downloading the Windows beta.

I’ve been using it on the side, but it’s the kind of feature you need to use for a long time before you can gauge its value. You need to create a large number of screenshots and then let your memory erode enough to make them worthwhile. Obviously, it is also still a beta version. None of the Copilot+ PCs shipped with the AI ​​models on board, requiring you to download them once you’ve signed up for Insider Edition. like Edge He points out that it’s strange to know that your work, conversations, and online lifestyle are constantly being recorded. What may be more shocking than all the issues that still need to be resolved is that Microsoft planned to release Recall half a year early without all that extra fine-tuning.