When Microsoft Recall for Windows 11 was introduced, many individuals were understandably concerned about this feature that captures screenshots of all your activities, allowing you to “retrace your steps.”
It is not surprising: it appears to be a significant security disaster in the making, although Microsoft has assured its users that the screenshots are saved locally and are inaccessible to anyone outside the system.
Since that time, the company has been diligently enhancing Recall’s security; however, issues persist, as reported by The Register. Its editor, Avram Piltch, performed several tests and discovered that the application can still capture credit card information and passwords, despite Microsoft implementing a filter intended to prevent the recording of sensitive data.
The findings of the investigation are as follows: the filter is effective when terms such as “credit card” or “pay” are present on the screen, but it fails to function when there are no indicators that the information is sensitive.
”It may be unreasonable to expect the software to recognize a credit card number without the presence of words like ‘credit card’ or ‘pay’ nearby, but not all shopping forms are identical.”
The same applies to passwords: Recall did not capture the screenshot of Google Chrome’s password manager interface but was unable to resist capturing a list of usernames and passwords in a text document. “Perhaps we should not anticipate Recall to recognize that a text file contains passwords – and, no, you should not store your passwords in a text file – but many individuals likely maintain lists of their passwords without the word ‘password’ indicated alongside them.”
Related News: New AI Voice Model unveiled by Xiaomi to Boost Auto, Home Tech
The same applies to passwords: Recall did not capture the screenshot of Google Chrome’s password manager interface but was unable to resist capturing a list of usernames and passwords in a text document. “Perhaps we should not anticipate Recall to recognize that a text file contains passwords – and, no, you should not store your passwords in a text file – but many individuals likely maintain lists of their passwords without the word ‘password’ indicated alongside them.”
”In another case, I had a photo of my passport displayed on the screen, and Recall correctly avoided it. However, when that photo was partially covered by another window, Recall took the screenshot.”
