Microsoft Recall launched in 2024 as an AI-powered screenshot tool for Copilot+ PCs. The feature captures everything users do on their computers for later searching.
A security researcher quickly found serious vulnerabilities in the original version, where the database stored sensitive information in plain text. Microsoft had to pull Recall from the preview builds of Windows after that.
The company reintroduced Recall a few months down the line with assurances of better security measures, including encryption, virtualization-based security enclaves, and mandatory Windows Hello authentication for access.
However, recent testing by The Register has revealed deeply troubling findings.
Microsoft Recall is Bad News
Passwords exposed on the left, Social Security Number exposed on the right. (Source: The Register)
During testing, it was found out that Recall still captures sensitive data even when filters are enabled. Credit card numbers, passwords, and Social Security details were all recorded in plain view.
Despite Microsoft’s assurances, banking information remains vulnerable. Recall screenshots included bank homepages and account balances while correctly blocking routing and account numbers.
Similarly, password protection proved inconsistent across scenarios. Chrome’s password manager remained protected, and Recall skipped files explicitly labeled with "username" or "password". Plain text files that listed credentials without those words were captured instead.
Social Security numbers (SSNs) received partial filtering at best. The system blocked digits when prefixed with "My SS#" but captured everything when labeled "Soc:".
Remote access makes the situation worse. Using TeamViewer, the tester was able to view the complete Recall history from another computer with only a Windows Hello PIN; biometric authentication was bypassed entirely.
And guess what? Microsoft promotes Recall as if it were a fully stable feature that needs no second look, while the feature itself is still creepy and Orwellian at its best.
I still think this feature has no place on a computer. But that is how it goes with Big Tech. They shove these kinds of offerings down people’s throats whether they want them or not.
🎗️
Here's why you should opt for It's FOSS Plus Membership:
- Even the biggest players in the Linux world don't care about desktop Linux users. We do. - We don't put informational content behind paywall. Your support keeps it open for everyone. Think of it like 'pay it forward'. - Don't like ads? With the Plus membership, you get an ad-free reading experience. - When millions of AI-generated content is being published daily, you read and learn from real human Linux users. - It costs just $2 a month, less than the cost of your favorite burger.
Become a Plus Member today and join over 300 people in supporting our work.
