Microsoft's Recall AI keeps capturing sensitive data that it shouldn't

By Jean Leon

Microsoft's Recall AI keeps capturing sensitive data that it shouldn't

Windows Recall is one of the most controversial features of the AI age. It's striking that Microsoft, which has invested billions in ChatGPT maker OpenAI was so careless from the start. The tool was a privacy nightmare, which caused a delay in its rollout. Now, Microsoft is resuming its implementation after a few tweaks, but AI-powered Recall is still capturing sensitive data when it shouldn't.

Recall's launch was somewhat bumpy due to several factors that threatened user privacy and security. If you're not aware, once enabled, the feature constantly takes screenshots while you're using your PC. This allows you to ask it questions about things you saw during your session. For example, you can ask Recall where you saw a pair of blue shoes, and Recall will search through the screenshots to find the website where you saw the item.

However, the lack of encryption in Recall's screenshots posed a threat to privacy. There were also no tools to prevent third parties with access to your laptop or PC from obtaining the screenshots. As a result of the controversy, Microsoft delayed the feature and worked on key tweaks related to the security of your data. For example, the company enabled encryption on screenshots and integrated tools for the PC to identify you before invoking Recall, preventing third parties from accessing the captured data.

Another problem with Microsoft's Recall was that it captured sensitive data, including credit cards and social security numbers, without blurring or hiding it. To address this, the company enabled a default option for the service to not capture confidential information. However, it seems that the problem still exists in the most recent version of the feature.

Avram Piltch of Tom's Hardware did some experiments to test how safe the feature is now. He focused primarily on Recall's ability to identify sensitive data and hide it. The results were not particularly encouraging, as Recall only correctly identifies this type of data on actual payment platforms. The experiment proved that the AI-powered service doesn't capture sensitive data when entering in-store payment platforms.

However, in its current state, Recall's tech seems unable to identify sensitive information based on context. In other words, Recall will capture credit card numbers entered into a Notepad window or a PDF file, for instance. Piltch even tried to "make things easier" for Recall by including explicit references to the data being private in nature. For example, he typed "Capital One Visa" before the credit card numbers in a Notepad window. However, the AI feature still captured such data without hesitation.

Piltch tried to be even more explicit in another test. He created an HTML page with a form that explicitly said, "Enter your credit card number below." However, Recall continued capturing sensitive data in those cases. It appears that the feature does not detect the nature of the data by context but instead checks whether you are entering a payment platform. Only in those cases will Recall block the screenshots.

However, it appears that Microsoft plans to improve data filtering over time. "We'll continue to improve this functionality, and if you find sensitive information that should be filtered out, for your context, language, or geography, please let us know through Feedback Hub," reads a section of Microsoft's blog. "We've also provided an option in Settings that we encourage you to enable that will anonymously share the apps and sites you prefer to be excluded from Recall to help us improve the product," adds the firm.

Fortunately, Microsoft has made it much more difficult for third parties to access Recall data. If you want to use it, it will be mandatory to set up Windows Hello for biometric verification. This means that your PC checks if it's really you before allowing you to invoke screenshots.

That said, Piltch remembers that Windows Hello also allows access with a PIN. So, a third party could still gain access to your data if they obtain your private PIN somehow. This could happen to you in other contexts, such as if someone steals your phone, so it is up to you to protect your credentials or passwords.

Plus, something good that hasn't changed since the beginning is that the processing of screenshots is purely on-device. The screenshot encryption is an additional shield in case someone manages to bypass the previous security measures.

Still, many would surely feel safer if Recall was actually able to block the capture of sensitive data from anywhere, not just payment platforms. It's not an easy task, of course, but it was Microsoft who decided to develop a feature that "watches" you constantly while you use it. So, it should also be ready to accept the security and privacy demands of users.

Previous articleNext article

POPULAR CATEGORY

corporate

10118

tech

11387

entertainment

12418

research

5636

misc

13152

wellness

9999

athletics

13133