Windows Re-launch Allegedly Continues to Gather Passwords and Social Security Numbers According to Reports Regarding Microsoft's Recall of Its Operating System
In the current year, Microsoft returned Recall, its AI app designed for Copilot+ PCs, to Windows Insiders in a preview mode. However, the app has faced criticism over potential security issues, with independent testing revealing significant gaps in its ability to prevent sensitive data capture.
Recall is designed to work specifically with laptops that use Qualcomm's Snapdragon processors. The app includes a "Filter sensitive information" feature that is enabled by default and is supposed to prevent capturing sensitive data such as passwords and credit card numbers. However, testing by The Register shows that this filter often fails to block sensitive information, capturing passwords, Social Security numbers, and credit card details in many cases despite Microsoft's claims of security improvements.
Microsoft claims that Recall stores snapshots locally on Copilot+ PCs, encrypts data using BitLocker and TPM-protected keys, and isolates snapshots per user profile to maintain privacy. IT administrators can control various security settings, including disabling Recall's snapshot capture or filtering specific applications and websites. Despite these technical safeguards, the practical test results reported by The Register reveal significant gaps in Recall's ability to prevent sensitive data capture and suggest vulnerabilities if someone gains access to the device.
Recall has had a rocky release history, with multiple instances of being pulled and re-released. In December 2024, Recall was caught capturing credit card numbers, and in November, Microsoft teams were working to improve the functionality of the security filter in the Recall app.
If you're concerned about Windows Recall potentially capturing sensitive personal and financial data, you can avoid this feature entirely by not getting a Copilot+ PC. Alternatively, by choosing a laptop powered by an Intel or AMD chip for your next upgrade, you won't have to worry about the potential security implications of the Recall feature.
In summary, while Recall implements strong encryption and administrative controls to secure data locally, independent testing confirms that its key filter intended to protect sensitive information remains unreliable in many real-world scenarios. Therefore, Recall's security filter is not fully effective at preventing the capture of sensitive data despite Microsoft's claims.
Meanwhile, let's take a look at some affordable laptop options that don't come with the Recall app. The Lenovo IdeaPad Flex 5i ChromeBook Plus is available for $479.99, while the Lenovo Yoga Slim 7x (Gen 9) is available for $939.99. For those looking for premium options, the Dell XPS 13 is available for $1,399.99, and the Apple 13" MacBook Air M4 (2025) is available for $799, with the Apple 15" MacBook Air M4 (2025) priced at $998. For gamers, the Asus ROG Zephyrus G14 (2024) is available for $1,849.
Microsoft may decide to shelve Windows Recall for good due to its lukewarm initial reception and the security and privacy issues it has faced. Until then, it's essential to be aware of the potential risks associated with the app and take appropriate measures to protect your sensitive data.
The Recall AI app, designed for data-and-cloud-computing, implementing technology to gather snapshots on Copilot+ PCs, has been criticized for its inability to prevent sensitive data capture, such as passwords and credit card numbers, despite Microsoft's claims of security improvements. These vulnerabilities persist, even with Microsoft's local data storage encryption and administrative controls via BitLocker, TPM-protected keys, and user-profile isolation.
To minimize potential risks associated with the Recall app, you can consider avoiding Copilot+ PCs or laptops powered by Qualcomm's Snapdragon processors, opting instead for laptops using Intel or AMD chips, as they do not come with the Recall app by default.
