The new Windows “Recall” feature, which is designed to create screenshots of your computer and your activity “for increased productivity”, has been found to store sensitive information such as credit card numbers and social security numbers – even when the feature to filter sensitive data is enabled.
According to a report by Tom’s Hardware, tests have revealed several flaws in Recall’s filtering capabilities and showed that Recall was able to capture information from Windows Notepad and PDF forms in Microsoft Edge, including credit card details and social security numbers, despite the feature to block sensitive information being enabled. So you don’t necessarily have to be working in the cloud, but ordinary offline activity is just as vulnerable. This creates a serious security risk for users who expect their private data to be protected.
The feature worked correctly in some cases, such as when it blocked screenshots from payment pages on e-commerce sites like Pimoroni and Adafruit. In contrast, Recall was able to take screenshots of a custom HTML page created by Tom’s Hardware that contained a credit card form and card details, clearly showing flaws in how the filter identifies sensitive data.
Microsoft itself claims that Recall is designed to automatically detect and filter sensitive information, such as credit card details, passwords and social security numbers. The company says it is working on improving the performance of the feature and ensuring that users’ privacy is protected.
Risking to be costly
These flaws in Recall’s filtering feature have led to harsh criticism and raise questions about the reliability of Microsoft’s security measures. Users who rely on Recall to document workflows may inadvertently expose sensitive data, which risks being very costly.
Experts therefore recommend that users be very careful about what data they handle while Recall is active – or better yet, stop using Windows altogether and switch to Linux-based solutions instead.
Microsoft has not yet clarified when an update to Recall can be expected, but the discovered security flaws underline the importance of security tools undergoing rigorous testing before being used in practical applications.
Linux – a privacy-focused alternative
For those who have grown tired of Microsoft and their products, there are further reasons to look towards Linux, which is highly relevant in times of privacy breaches, data collection and more, and which in most cases can fully replace Microsoft Windows. Teuton Systems, a Swedish-based technology company specializing in security and privacy focused products and services, offers personal computers with Linux pre-installed, completely free of “cloud connections” and surveillance software.
All included software is open source and selected with your security in mind. In addition, you have access to support and Linux-savvy customer service.