Microsoft's Windows Recall Allegedly Stores Passwords and Social Security Numbers in Preview Mode

Microsoft's Windows Recall is an AI-powered app exclusive to Copilot+ PCs that automatically takes screenshots of user activity to enable later searching. The app was announced in summer 2024 but has faced repeated delays due to security concerns. Despite having a 'Filter sensitive information' feature enabled by default that is supposed to prevent capture of sensitive data like credit card numbers and passwords, testing by The Register found the filter fails in many cases. The testing was conducted on a Lenovo Yoga Slim 7x Copilot+ PC and revealed that while the filter successfully excluded some financial data and passwords, it captured bank home pages showing balances and deposits, failed to filter credit card information when certain contextual words were removed, and captured Social Security numbers when abbreviated differently. The app also captured screenshots of documents containing passwords when they weren't explicitly labeled as such. Microsoft has acknowledged this is a preview app and stated they are working to improve the filter functionality, but the app is being promoted during Windows setup on new PCs. The security concerns are compounded by the fact that Recall screenshots can be accessed by anyone with the user's PIN code, even remotely.