Microsoft’s new Recall feature, designed to create searchable timeline of PC activities, shows significant privacy vulnerabilities despite its promised security measures. According to testing by Avram Piltch from Tom’s Hardware, the feature’s “Filter sensitive information” setting failed to block the capture of credit card numbers and social security information in several common scenarios. While Recall successfully blocked sensitive data on some e-commerce websites, it captured credit card details entered in Notepad, PDF forms, and custom web pages.
Microsoft responded by highlighting their commitment to improving the filtering functionality through user feedback. The feature, available only on Copilot+ PCs, now encrypts captured screenshots and requires Windows Hello authentication, but researchers found that access is still possible using a simple PIN code through remote desktop applications.