Windows 11's Recall feature isn't supposed to screenshot your credit card details - but it does

Recall's sensitive information safeguard reportedly fails in some instances, which won't calm those worried about privacy - although it is still in testing.

Windows 11's Recall feature isn't supposed to screenshot your credit card details - but it does
Comment IconFacebook IconX IconReddit Icon
Tech Reporter
Published
2 minutes & 30 seconds read time
TL;DR: Windows 11's Recall feature, an AI search tool, recently went live in testing, but it's struggling with privacy settings, failing to filter sensitive information like credit card details and passwords. Sometimes it works, sometimes it doesn't - but more often the latter, which isn't going to impress those who are already worried about the security aspects of the feature.

Windows 11's Recall feature is back in play - in testing, and it just expanded to include AMD and Intel x86 Copilot+ PCs - but the controversial functionality has run into yet more trouble.

Recall's Timeline of snapshots (Image Credit: Microsoft)

Recall's Timeline of snapshots (Image Credit: Microsoft)

As you're doubtless aware, Recall is a supercharged AI search that uses regularly taken screenshots to find stuff on your PC. Those so-called 'snapshots' are not supposed to include any screen that has sensitive information on it, such as credit card details as an obvious example.

Tom's Hardware has been testing Recall in this respect, though, and found out that the results are hardly ideal in terms of maintaining cast-iron privacy for your more sensitive data.

Recall's 'filter sensitive information' setting (turned on by default) failed to prevent the feature from taking a screenshot of a credit card number in Notepad, despite Tom's putting 'Capital One Visa' clearly next to the number. It similarly failed to avoid screen-grabbing a username plus password written in a text file.

When Tom's constructed a web page and form that clearly stated it wanted a credit card number (and other details, such as the CVC), this was screenshotted too.

Another test of a PDF in Microsoft Edge, a loan application, ended up with Recall taking a snapshot of personal details that included a social security number and date of birth.

It wasn't all failures, though, as the filter did perform correctly with details entered on two shopping websites, not taking snapshots of these. So, it seems in clear enough instances where an e-commerce site can be identified, the safeguards work, but in more informal scenarios, they don't.

To be fair, Recall is still in testing, so the functionality going awry isn't exactly a surprise. But this is such a crucial element of Recall privacy-wise, that it's going to again cast clouds of doubt over the feature which is destined for Windows 11 on Copilot+ PCs.

As Tom's points out, Microsoft said when introducing Recall into testing:

"We'll continue to improve this functionality, and if you find sensitive information that should be filtered out, for your context, language, or geography, please let us know through Feedback Hub."

We can expect it to be improved down the line, in short, and some failures are part and parcel of the testing experience.

It's also true that Recall data is now properly secured and encrypted - kept on your PC locally, and not sent anywhere, Microsoft has always maintained - but there are potential weak spots.

Security concerns

Tom's further notes that it's possible to access the Recall timeline on a PC if you know the user's PIN for the feature's required Windows Hello login - and that you don't necessarily need physical access to the Copilot+ laptop in question (remote access to the PC via TeamViewer can be leveraged).

All in all, it sounds like Microsoft still has some ground to cover security-wise. Sadly, we don't have a huge amount of confidence that everything will be shipshape and fully watertight anytime soon, particularly given the shoddy state that Recall was originally revealed in (and nearly launched, before it was pulled after security experts around the globe expressed their serious misgivings).

Photo of the Microsoft Surface Laptop (2024) Windows 11 Copilot+ PC, 16GB, 512GB SSD
Best Deals: Microsoft Surface Laptop (2024) Windows 11 Copilot+ PC, 16GB, 512GB SSD
Country flag Today 7 days ago 30 days ago
$959.58 USD $894.99 USD
Buy
$1699.99 CAD $1499.99 CAD
Buy
$959.58 USD $894.99 USD
Buy
$959.58 USD $894.99 USD
Buy
* Prices last scanned on 1/23/2025 at 3:49 pm CST - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission from any sales.

Tech Reporter

Email IconX IconLinkedIn Icon

Darren has written for numerous magazines and websites in the technology world for almost 30 years, including TechRadar, PC Gamer, Eurogamer, Computeractive, and many more. He worked on his first magazine (PC Home) long before Google and most of the rest of the web existed. In his spare time, he can be found gaming, going to the gym, and writing books (his debut novel – ‘I Know What You Did Last Supper’ – was published by Hachette UK in 2013).

Darren's Computer

Related Topics

Newsletter Subscription