Microsoft Recall is capturing screenshots of sensitive information like credit card and social security numbers

A

Alfonso Maruccia

Posts: 1,707   +500
Staff
WTF?! Microsoft recalled Recall because of privacy outrage, er, concerns. It promised to improve its AI-based Windows surveillance feature before release, providing privacy safeguards and a more secure experience. Now that it is here, users can assess how much Microsoft's promises are worth for themselves.

After multiple delays and afterthoughts, Microsoft is now bringing Recall to more systems and CPU architectures. The new feature takes screenshots of the desktop every few seconds, using the on-device large language model to scan, store, and process information. In theory, Recall should work as a fine-tuning machine for Copilot's GPT-4o AI model. However, the new technology is an absolute mess of privacy violations and security dangers.

Tom's Hardware tested the "improved" Recall feature and recommended that every Windows 11 user should disable the feature immediately. While Recall includes a filter designed to avoid capturing screenshots with sensitive information, it doesn't really work.

Despite activating the filter, Recall senselessly captured screens with credit card numbers, credentials, Social Security numbers, and other personal information. Recall saved everything it saw while using the Notepad text editor. The same thing happened while opening a PDF in the Edge browser and entering information in an HTML form asking for credit card details.

Recall's filter works as intended while visiting online web stores, taking screenshots only before or after the credit card form. The AI surveillance machine provides "full control" of the feature, meaning users can check which screenshots it saves and when.

However, the idea that Recall saves credit card details and other extremely sensitive information to feed AI model training tasks is frightening and unnecessary. At this point, every privacy-conscious customer should worry about what Microsoft has done to its traditionally user-centric Windows platform. There is no good reason for this to be an opt-out feature.

Tom's Hardware's Avram Piltch asked Microsoft about Recall's apparent inability to filter private information from its saved screenshots. The company reminded Piltch that Recall is a privacy-abiding feature, updated to detect sensitive information such as credit card details, passwords, and personal identification numbers. Microsoft developers are still improving the feature. It urges concerned users to help with the development by sharing their experience through the Feedback Hub.

Permalink to story:

Microsoft Recall is capturing screenshots of sensitive information like credit card and social security numbers

 
Thankfully as I understand it, this software carcinoma that nobody asked for, or wants, is currently only forced on 'Copilot+ PC's' so if you don't have this branding nonsense on your PC you're in luck. (for now...)

In other good news it looks like Valve is full steam (pun intended) ahead on implementing and fully supporting SteamOS desktop. So pretty much the final reason anybody needs to put up with the rancid-sh1t-stain that is Windows 11 on a home PC will go away.
 
  • Like
Reactions: Branch, Revolution 11, ComputerGuy55 and 10 others
yRaz said:
How could a company as large as MS think this was a good idea? How, after a significant period of public outcry of "we don't want this, its stupid", could they CONTINUE to think this is a good idea?
Click to expand...
Not all of them are smart.
I worked in a us tech company and I saw product management did stupid things.
Google messaging team did stupid things of breaking multi function Google Talk/Hangout to multiple 1 function app.
 
I actually would like this feature. Nothing is going to be private in the years to come. Just embrace it.
 
Don't worry... Microsoft promises to only sell your credit card details /bank account details /Social Security numbers etc. to their AUTHORISED data harvesters. You see? All that worry about nothing. Poor Microsoft -- everybody is trying to give them a bad name....You peasants are SO awful!!!
 
  • Like
Reactions: Branch, passwordistaco and Theinsanegamer
I mean seriously it took people that long to figure this out when the OS feature is surreptitiously taking screenshots of what is on your screen all the time? Meaning whatever is on your screen, will end up in Microsoft's warm embrace and "security". To some, they may think they have nothing to lose, until the day they figured that their bank account got hack and money gone because Microsoft got into some data breach and those information taken by Recall is part of the data that got leaked/ stolen. Then they will realize that this is not a good idea. Convenience always comes with a price. You want to find things quickly and easily in the case of Recall, means you need to forgo security.
 
  • Like
Reactions: Underdog
scoffer said:
Don't worry... Microsoft promises to only sell your credit card details /bank account details /Social Security numbers etc. to their AUTHORISED data harvesters. You see? All that worry about nothing. Poor Microsoft -- everybody is trying to give them a bad name....You peasants are SO awful!!!
Click to expand...
Microsoft and any reputable brands out there are "authorized" hackers. When they do anything to tap on your data, there are people out there that thinks it is a great idea. Anyone else hacking are all villains. This is so ironic.
 
  • Like
Reactions: Dirtronix
Clearly this is not perfect and it needs some signaling from applications when sensitive information is displayed, like pdf forms and so on. But come on, storing credit card number and cvc, username and password in text documents is a big security problem and it is fully on the user, not on Microsoft. Of course, it provides another attack vector but ... you can store that info encrypted in a password manager, no need for plain text files on the desktop. It is ok to report this and make users aware of the issues, but blaming Microsoft for this is out of proportion.
 
Anything useless that runs in the background I just turn it off. My laptop already has battery issues, I don't need another thing draining the battery and increasing storage usage.
 
Puiu said:
Anything useless that runs in the background I just turn it off. My laptop already has battery issues, I don't need another thing draining the battery and increasing storage usage.
Click to expand...
The problem is how sure are you that feature is off? May be I am overthinking this, but the fact that at least 95% of the people have no clue what is running in the background in a convoluted software, means that you won't know if there are "ninja" processes that are still stealing (lack of a better word) from your system? Our assumption is that we can scrutinize what is showing the the task manager, but what if the software is programmed to deliberately not show that these tasks are running? I don't think from a programming perspective, this is something impossible. Anyway, I am halfway out of the Windows ecosystem and moving to Linux. Good riddance.
 
  • Like
Reactions: Branch, Underdog, Nonam3 and 1 other person
This is only stored locally yeah? Because then EU GDPR is broken I guess.

Users needs a choice. This is useless for most / all people I know.

Good for people with dementia I guess?
 
Watzupken said:
The problem is how sure are you that feature is off? May be I am overthinking this, but the fact that at least 95% of the people have no clue what is running in the background in a convoluted software, means that you won't know if there are "ninja" processes that are still stealing (lack of a better word) from your system? Our assumption is that we can scrutinize what is showing the the task manager, but what if the software is programmed to deliberately not show that these tasks are running? I don't think from a programming perspective, this is something impossible. Anyway, I am halfway out of the Windows ecosystem and moving to Linux. Good riddance.
Click to expand...

There is Visual studio database process (removed that exec long ago and can't recall name but it is background process that gathers telemetry IIRC) that doesn't show up in Win Task Manager it does show up in SysIntenrals Process Explorer. Just one example.

Not to count libraries...
 
IMO, this feature is only for the lazy. I would not use it. I don't GAS how much "Privacy" M$ is pretending to promise or how "easy" it makes online buying for me. Its another cog in the wheel of materialism that no one needs. Anyone, IMO, using it is asking for trouble.
 
  • Like
Reactions: Underdog
I don't think that anyone who frequents this website is surprised by this information.

What I find laughable, is that there was an article published here, May 5th, 2024, by Zo Ahmed https://www.techspot.com/news/102873-microsoft-now-security-first-everything-else-second-ndash.html

It even has a quote from Satya Nadella, to employee's, stating, "If you're faced with the tradeoff between security and another priority, your answer is clear: Do security," Nadella states bluntly. "In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems."

"Security First", and they come out with this absolutely ludicrous idea. They lie straight to our faces and then take no responsibility for the problems they [will] cause.
 
  • Like
Reactions: Branch and wiyosaya
ComputerGuy55 said:
I don't think that anyone who frequents this website is surprised by this information.

What I find laughable, is that there was an article published here, May 5th, 2024, by Zo Ahmed https://www.techspot.com/news/102873-microsoft-now-security-first-everything-else-second-ndash.html

It even has a quote from Satya Nadella, to employee's, stating, "If you're faced with the tradeoff between security and another priority, your answer is clear: Do security," Nadella states bluntly. "In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems."

"Security First", and they come out with this absolutely ludicrous idea. They lie straight to our faces and then take no responsibility for the problems they [will] cause.
Click to expand...
Any article that says Microsoft intends to place security first is full of misinformation, IMO.
 
  • Like
Reactions: ComputerGuy55
You must log in or register to reply here.

Similar threads

midian182
Windows Recall is finally nearing launch, Microsoft suggests
Replies
9
Views
138
Plutoisaplanet
Plutoisaplanet
midian182
Microsoft confirms Outlook Classic bug that causes CPU spikes while typing, offers workaround
Replies
3
Views
70
Au Contraire
A
Daniel Sims
Intel and AMD PCs are finally getting Copilot+ features, including Recall
Replies
7
Views
396
Felusy
F

Latest posts

Back