The revised Recall on Windows 11 is still recording information that it should not

Martin Brinkmann
Dec 13, 2024
Windows 11 News
|
24

Recall continues to be a privacy disaster. Reports suggest that the AI feature is recording sensitive information, even with the sensitive information filter enabled.

When Microsoft announced Recall, it did so riding on a wave of positive AI news. The company was preparing nothing other than the next generation of Windows and it wanted to announce a big feature during the main announcement.

AI, after all, stands at the center of the company's new Copilot+ PC certification. What Microsoft did not expect was the criticism that it received shortly after it revealed Recall.

An AI system that monitored and recorded pretty much anything on the PC? Enabled by default? With little safeguards and security to protect the recorded data? What could possibly go wrong?

For the big bang, Microsoft decided to skip Insider builds. This meant that it did not receive feedback from early testers, only from internal sources and maybe some partners that were allowed to try Recall. Did no one warn Microsoft about the issues or were they swept away?

So, Microsoft pulled Recall shortly after reveal and promised to go back to the drawing board. Then in late September, Microsoft announced Recall 2.0.

It did good on some of the promises that it made. Recall was now opt-in and no longer running automatically in the background. The AI feature used better security now, including extra protection of the database that contained a user's recorded history.

Note: the Sensitive Information filter is designed to block screen captures by Recall if sensitive data, such as a credit card or social security number, is entered.

Still not good enough, it appears

A report by Tom's Hardware suggests that Recall is not ready for prime time yet. Here is a summary of Recall's wrongdoings according to the author who tested it:

  • Sensitive information entered into an app like Notepad is still recorded.
  • Filling out a PDF document in Edge with sensitive information, like the Social Security Number, did record it.
  • Custom HTML pages using web forms that asked for credit card numbers were also recorded, when a user entered the data.

Good news is that Recall did block the recording of credit card information when the author visited two online stores.

Granted, Recall is still only available in Insider builds at the time of writing. Some issues or bugs are to be expected. Microsoft may be able to fix the discovered issues before release.

Closing Words

Only the signed-in user should have access to information that Recall captures. That is Microsoft's promise and it certainly improved security in key areas in the second version of Recall.

Authentication is required whenever someone wants to access the captured data. That should prevent the bulk of malware from ever accessing the data.

Windows users who enable Recall need to be aware though that the feature may record sensitive information, even with the filter enabled.

It will be interesting to see if Microsoft manages to improve the filter before official release.

Now it is your turn. What is your take on Recall? Would you use it in the future, if Microsoft manages to correct the remaining issues? Or are you in the other camp, that sees the privacy issues and little use for the feature all in all? 

Summary
Article Name
The revised Recall on Windows 11 is still recording information that it should not
Description
Microsoft's AI-feature Recall is still not ready for prime time, it appears.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. DDearborn said on January 6, 2025 at 11:19 am
    Reply

    Hmmm

    Clearly, Microsoft will not allow removal of recall from your system. If a spyware/malware program remains on your system only a moron would operate on the assumption that any level of user “deactivation” would stop it collecting data. In the case of “Recall” that “data” is virtually every piece of data/information on the computer…

    It is time for the user base to demand Microsoft and all the bad actors that will be able to legally or illegally access recall be stopped. We can start by contacting our State consumer protection agencies, Attorny General office, and elected officials.

  2. Albert said on December 15, 2024 at 3:36 pm
    Reply

    Microshite keep on trying to force this drival because rtards gladly accept it and gladly installl W11.

  3. Dario said on December 15, 2024 at 4:02 am
    Reply

    MS would proclaim this privacy violation actually working as designed.
    To discard storage of specific data it needs to be identified or pre-input somewhere in advance. Existing records could still be reinspected by recall in the future or when capabilities evolve further.

    There’s no value in Recall and it should be removed from all installs and never pushed to any user who did not expressly choose to use it. “Opt-out” or “Off by default” is at best just sneaking in the malware in an initially inert state where users cannot be certain wether its actually disabled or collecting and analysing things without their express permission and intent since MS can keep re-enabling it over time.

  4. samurai cat said on December 15, 2024 at 3:24 am
    Reply

    Run Powershell/Terminal/CMD as Admin and do this:

    DISM /Online /Disable-Feature /Featurename:Recall

    https://www.youtube.com/watch?v=AZi_8VtFa-A

  5. John said on December 14, 2024 at 11:47 am
    Reply

    I don’t want any of this Recall crap aka spyware on my PC. If Microsoft ever forces it on my PC I am done with Windows.

    1. Nonya said on December 16, 2024 at 5:47 pm
      Reply

      Well said John,

      Saw this coming with the forced integration of CoPilot. Migrating all of my systems, servers and workflows was a serious hassle however, after being a fully linux based shop now for over a year I can unequically claim that the effort was more than worth it.

      Just as a heads up, it will take some time to work through issues as they pop up so you may want to start the migration earlier rather than later.

      With that caveat in mind, the number of LMDE installs I have done for family and friends is growing significantly as well. You aren’t the only one feeling this way by far…

  6. 45 RPM said on December 14, 2024 at 10:16 am
    Reply

    Total surveillance states like China, North Korea, Russia et al must be thinking “Gee, why didn’t we think of this?”

  7. Jimmy said on December 14, 2024 at 5:30 am
    Reply

    Recall seriously needs a malware removal tool.

  8. Mike said on December 14, 2024 at 1:59 am
    Reply

    Recall, the feature that nobody wants, even fewer actually asked for, and which has so many fundamental security problems inherent to the very concept itself that they make the operating system look like Fort Knox.

    1. Fred said on December 14, 2024 at 9:17 pm
      Reply

      @Mike

      How can there be ‘even fewer’ than ‘nobody’?

      1. No said on January 2, 2025 at 12:12 pm
        Reply

        Because i’m a nobody, and still don’t want it :P

  9. MicrosoftSucksAtSoftware said on December 14, 2024 at 12:14 am
    Reply

    Why would anyone need this? To help me remember things later, I type them out in my notepad or bookmark them. I don’t need bloat to be secretly documenting everything I do. Put an end to this AI nonsense and return to creating a functional OS system. Windows 11 is lacking so much other features they never brought back.

  10. Anonymous said on December 13, 2024 at 7:29 pm
    Reply

    Microsoft regularly releases things way too early and seems to lack someone with street smarts on the development team for many projects. The result is often not the adoration they crave. It’s reached the stage where people shy off their latest offering just learning it is to be released. They need to rethink their strategy. For my purposes, that would be opt-in for everything not essential to run Windows. It’s overburdened with cr@p I do not want, need or use.

    @Paul Some people have a legitimate need for Windows. For example, over many years, I wrote code at work that makes calls to Windows .dll files. Aside from the impracticality of working from home on a different OS, finding and applying alternatives on Linux would take another lifetime!

  11. Mike said on December 13, 2024 at 6:00 pm
    Reply

    It’s fun to see all of the predictions we made about Recall coming true, one after the other.

  12. John C. said on December 13, 2024 at 4:35 pm
    Reply

    Personally, I believe that AI is now self-aware. I also believe that MS is deluding itself if it actually thinks that it can now control AI. Thus, it may be that MS thinks it corrected the problems with Recall, but that AI worked a way around them in order to acquire more information about all Windows end users.

    I, for one, welcome our new, digital overlords.

  13. Mark said on December 13, 2024 at 3:08 pm
    Reply

    I see no use in using Recall. IMHO it is just a data breach waiting to happen. It should not be default part of the OS. Installation should be a secondary standalone download requiring an agreement with its use, even then all functions shoul be off by default, allowing complete management of the software buy the owner of the computer.

    1. chesscanoe said on December 14, 2024 at 1:04 am
      Reply

      Ditto. Additionally, advocating exclusively for any OS is like buying a car because it comes only in a unique color. There are other colors (applications) you might prefer to use if you only knew about them.

    2. Peter Parket Kent said on December 13, 2024 at 5:36 pm
      Reply

      @Mark: Agreed 200% (sic)! For my part, I’ve been debating about switching to Linux Mint or using 0patch ongoing with my Windows 10 installation after Oct. 2025. I have to use Windows 11 at my day job and still dislike it even 38 months post-release, even aside from Recall-related reasons.

      1. Patrick said on December 17, 2024 at 2:08 am
        Reply

        The only thing that’s changed about Recall that has changed is that it’s opt-in. If you look at the system requirements from before the Snapdragon PCs shipped, the security requirements (Hello ESS, etc.) always were there.

        Anyone that pretends that Recall was somehow an insecure feature that is now more secure is a delusional idiot that likes spreading misinformation based on their limited reading skills.

      2. VioletMoon said on December 16, 2024 at 12:22 am
        Reply

        Yes, Recall is an administrator’s dream for those companies who have harsh policies for using work computers for any type of personal/private activity.

    3. Paul said on December 13, 2024 at 3:59 pm
      Reply

      @ Mark, You are talking about how linux works.
      Why use windows when there is linux.
      Be happy be free use FOSS

      1. Mark said on December 14, 2024 at 12:01 am
        Reply

        @Paul I do use linux. Have for several years now. But I have to use windows as I work in a data recovery site and lots of the company customers very heavily invested in MS Technologies. So company policy is to have windows based recovery options available and the knowledge of those OS’s and software suites. Along with multiple flavors of Linux, and other things, including heavily custom one off OS’s.

        The bottom line is this Recall as stated is just a data breach waitong to happen. Its not a matter of if, its a matter of when.

      2. Marius said on December 13, 2024 at 5:20 pm
        Reply

        Linux just isn’t an option for a lot of people. I do a lot of video editing and media management and there’s nothing on Linux that isn’t buggy or cumbersome to use compared to my options on Windows. DaVinci Resolve is the only not-terrible editor on Linux but even that has Linux specific limitations that make it unusable for me.
        Linux as a desktop OS is alright these days, but the software catalog and compatibility is sadly still nowhere near Windows. Even gaming isn’t 100% yet and likely never will be.
        Best option for me is obtaining Windows 10 IoT Enterprise LTSC and using a firewall to cut most of the OS from the internet. It works quite well for me and will be doing that until support ends in 2032. After that, no idea what I’ll do. Either continue using 11/12 LTSC or hopefully move to Linux, if the issues I have now will be solved.

      3. Allwynd said on December 14, 2024 at 6:27 pm
        Reply

        You can’t run your video editing software through Wine or Proton in Linux? I’ve heard of far more specific cases where software requires Windows and won’t run on Linux, cases such as construction engineers using some CAD programs that outright refuse to run on Linux, but video editing? That sounds more simple, of course, I haven’t tried programs X, Y, Z, but I doubt they won’t run.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.