Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Since it was announced back in MayMicrosoft’s Copilot PC Recall feature has had a problematic introduction. The AI search tool, which works by taking screenshots of your activities, was pulled for publication at one point. Then after Microsoft explained its security featuresfinally it was presented as a preview at the end of November.
Now Recall may be facing another setback. Tom’s Hardware website performed a real-world test on the Recall feature and found that even with the sensitive information filter turned on, Recall was still taking screenshots of writer Avram Pilch’s credit card and Social Security numbers.
Piltch wrote: “When I typed a credit card number and a random username/password into a Windows Notepad window, Recall captured it, despite the fact that I had text like ‘Capital One Visa’ right next to the numbers.”
Piltch had the same experience with a social security number in a PDF loan application using Microsoft Edge. The site posted screenshots using fictitious numbers, but Pilch said the same thing happened when he used a real credit card number. While Recall skipped over some websites that contained that kind of information, Piltch said, it failed the test of not capturing it completely.
This feature has a “Filter sensitive information” setting, which the writer says is enabled in his recall testing. Despite the backlash when the product was introduced, Microsoft continued to tout the usefulness of Recall, which is supposed to help Windows users quickly find everything users have seen on their PC with the help of artificial intelligence and a series of screenshots. Microsoft has responded to critics who have suggested the software has inherent security and privacy problems.
An email from CNET to Microsoft about the test was not immediately returned, but Tom’s Hardware posted a statement from Microsoft in response to the article. “We’ve updated Recall to expose sensitive information such as credit card information, passwords and personal identification numbers,” a company spokesperson said. “Once detected, the recall will not preserve or save those recordings.”
“We will continue to improve this functionality, and if you find sensitive information that should be filtered for your context, language or geography, please let us know via the Feedback Hub,” the company added. “We’ve also provided an option in Settings that we recommend you enable that will anonymously share the apps and sites you want excluded from the recall to help us improve the product.”
