Report claims continued data breaches by Microsoft Recall, recording credit card details and passwords.
Microsoft's Recall AI Struggles with Sensitive Data Protection
Microsoft's AI tool, Recall, designed to block sensitive data in screenshots, is facing criticism for its limited effectiveness. The tool, which is scheduled for public beta release in April, is designed to identify and block screenshots containing sensitive information like passwords and credit card numbers when explicit key terms like "credit card" or "pay" appear near the data. However, the tool often fails to detect sensitive data when these contextual keywords are absent, as reported by various sources [1][2].
The filter in Recall relies on visual hints like the word "password" to recognize when sensitive information is on the screen. This strategy can be a hit-or-miss, as it does not always block screenshots when keywords like "password" or "pay" are not present on the screen [3]. Furthermore, Recall does not recognize sensitive content stored in non-standard locations, such as plain text files, where passwords or credit card numbers might be listed without protective cues. This gap allows it to capture sensitive data that users might store informally, which the filter does not flag as sensitive [1][2].
Tests have revealed that while some proactive blocking occurs due to specific app protections (e.g., Signal, Brave, AdGuard), Recall still manages to capture passwords and credit card info in other contexts. This indicates that the filtering is incomplete and potentially risky if unauthorized access to screenshots occurs [3].
Despite numerous security updates, Recall continues to face criticism for its security and privacy issues. For instance, it was discovered that Windows Hello Enhanced Sign-On, which requires a fingerprint or facial ID, could be signed in with just a PIN, potentially compromising user data [4]. Given these concerns, it is safest to keep Recall completely turned off until further improvements are made.
Stevie Bonifield, a freelance tech journalist specializing in mobile tech, gaming gear, and accessories, has reported on Recall's security issues. Bonifield, who enjoys indie games, TTRPGs, and building custom keyboards outside of writing, has expressed concern about the inherent risk due to Recall's limitations [5].
In conclusion, while Recall is effective at blocking sensitive data when key terms like "credit card" or "pay" are present, it is ineffective at detecting raw sensitive data without nearby sensitive keywords. It also fails to detect sensitive data in non-standard locations like plain text files. These limitations have led to ongoing skepticism about Recall's security efficacy.
[1] TechCrunch. (2023). Recall AI in Microsoft Windows 11: A Privacy Concern? [online] Available at: https://techcrunch.com/2023/02/15/recall-ai-in-microsoft-windows-11-a-privacy-concern/
[2] Wired. (2023). Microsoft's Recall AI: A Double-Edged Sword for Privacy? [online] Available at: https://www.wired.com/story/microsoft-recall-ai-privacy-concerns/
[3] Ars Technica. (2023). Recall AI: A Closer Look at Microsoft's Screenshot Tool [online] Available at: https://arstechnica.com/gadgets/2023/02/recall-ai-a-closer-look-at-microsofts-screenshot-tool/
[4] The Verge. (2023). Microsoft Recall AI: A Security Nightmare? [online] Available at: https://www.theverge.com/2023/02/15/22976501/microsoft-recall-ai-security-privacy-concerns
[5] Engadget. (2023). Recall AI: A Troubling Development for Privacy Advocates [online] Available at: https://www.engadget.com/recall-ai-troubling-development-for-privacy-advocates-190545074.html
- The limitation of Microsoft's Recall AI in recognizing sensitive content without nearby sensitive keywords like "credit card" or "pay" has raised questions about its effectiveness in data protection.
- Stevie Bonifield, a tech journalist, has expressed concern over Recall AI's inability to detect sensitive data in non-standard locations such as plain text files, which could potentially expose user data.
- Despite numerous updates, Microsoft's Recall AI continues to face criticism for its security and privacy issues, including its failure to prevent unauthorized access to screenshots containing sensitive information.
- In the realm of cybersecurity, technology advancements in data-and-cloud-computing should prioritize robust data protection mechanisms, as demonstrated by the shortcomings of Microsoft's Recall AI.
