Does Microsoft Recall store your sensitive information?

How Microsoft's takedown could expose your personal screenshots

Security concerns surround the Recall feature Microsoft, designed to take screenshots on PC with Windows 11 Copilot+. Despite improvements and delays in fixing the security issue, Faces still has issues storing sensitive information like credit cards and Social Security numbers. Related challenges Despite improvements, protecting and leaking sensitive data remains a concern.

The feature, which automatically captures screenshots of your activity as part of “Photographic memories” was delayed earlier this year due to security concerns. However, since it was released to Windows Insider Beta users in December 2023, some users have raised concerns about its effectiveness in leaking sensitive content.

Let's analyze what is happening:

Security issues at the beginning: When Recall came out, security experts quickly realized that it was all too easy to access AI-generated screenshot logs. This raised alarms about privacy, especially regarding sensitive details like bank account information or passwords.

Encryption and Windows Hello improvements: Microsoft has stepped up its efforts to address these concerns. They're adding encryption to logs so you can only log in via Windows Hello, which uses facial recognition, or a PIN. This is intended to make it more secure by controlling who can see screenshots of documents and other sensitive information. Microsoft says the system will automatically block screenshots of sensitive websites, and users can choose to block specific websites themselves.

Avram Pilch Hardware notes that the filter isn't as strong as you might expect. For example, it won't block a Notepad file containing credit card information, a fake loan application PDF, or a screenshot of a test page containing credit card information. Still, it did manage to block screenshots on some payment sites, just as Microsoft intended.

User input: Microsoft is asking users to share their experiences via the Feedback Hub if they see sensitive information being captured incorrectly. They have also made it possible for users to choose specific websites that Recall will not capture.

The Copilot+ recovery feature on Windows 11 PCs is still in beta, meaning it's not fully ready for everyone yet. It's turned off by default for users testing the Insider channel, so you'll need to opt in if you want to use it. Here are some important things to know about it right now:

Activation and testing: Backup is not enabled. User must opt-in to unlock it. It is still in beta, so don't be surprised if it doesn't work well or has some limitations.

Issues with build 26120.2415: Microsoft has warned that if you installed build 26120.2415 after getting the Windows beta, Recall will not save any screenshots. This shows that the feature is not completely stable at the moment and may be affected by specific updates or versions.

Use Recall effectively: Recall takes a while to really help you. You need to collect a lot of screenshots so the system can generate useful information for you. The idea is that over time, if you forget something, Recall can download these screenshots to help your memory. It comes equipped with AI model settings. Users need to download these after signing up for Insider builds, which can be a bit overwhelming for those trying it out.

Privacy Concerns: There is a lot of concern, as mentioned by The Verge, about how this feature records your work, chats, and online activities in the background. Many users may not fully understand what is being recorded, raising concerns about privacy.
Early release plans: Interestingly, Microsoft is planning to release Recall early and there may not be a major update to improve it right out of the gate. This suggests that it will need to be rushed without fixing major security and performance issues, which is causing the delay and shift we are seeing now.