Recall continues to be a privacy disaster. Reports suggest that the AI feature is recording sensitive information, even with the sensitive information filter enabled.

When Microsoft announced Recall, it did so riding on a wave of positive AI news. The company was preparing nothing other than the next generation of Windows and it wanted to announce a big feature during the main announcement.

AI, after all, stands at the center of the company's new Copilot+ PC certification. What Microsoft did not expect was the criticism that it received shortly after it revealed Recall.

An AI system that monitored and recorded pretty much anything on the PC? Enabled by default? With little safeguards and security to protect the recorded data? What could possibly go wrong?

For the big bang, Microsoft decided to skip Insider builds. This meant that it did not receive feedback from early testers, only from internal sources and maybe some partners that were allowed to try Recall. Did no one warn Microsoft about the issues or were they swept away?

So, Microsoft pulled Recall shortly after reveal and promised to go back to the drawing board. Then in late September, Microsoft announced Recall 2.0.

It did good on some of the promises that it made. Recall was now opt-in and no longer running automatically in the background. The AI feature used better security now, including extra protection of the database that contained a user's recorded history.

Note: the Sensitive Information filter is designed to block screen captures by Recall if sensitive data, such as a credit card or social security number, is entered.

Still not good enough, it appears

A report by Tom's Hardware suggests that Recall is not ready for prime time yet. Here is a summary of Recall's wrongdoings according to the author who tested it:

• Sensitive information entered into an app like Notepad is still recorded.
• Filling out a PDF document in Edge with sensitive information, like the Social Security Number, did record it.
• Custom HTML pages using web forms that asked for credit card numbers were also recorded, when a user entered the data.

Good news is that Recall did block the recording of credit card information when the author visited two online stores.

Granted, Recall is still only available in Insider builds at the time of writing. Some issues or bugs are to be expected. Microsoft may be able to fix the discovered issues before release.

Closing Words

Only the signed-in user should have access to information that Recall captures. That is Microsoft's promise and it certainly improved security in key areas in the second version of Recall.

Authentication is required whenever someone wants to access the captured data. That should prevent the bulk of malware from ever accessing the data.

Windows users who enable Recall need to be aware though that the feature may record sensitive information, even with the filter enabled.

It will be interesting to see if Microsoft manages to improve the filter before official release.

Now it is your turn. What is your take on Recall? Would you use it in the future, if Microsoft manages to correct the remaining issues? Or are you in the other camp, that sees the privacy issues and little use for the feature all in all?