Microsoft’s Recall, pitched as an AI-powered memory aid for your computer, is still logging information many people would never knowingly hand over, including credit card numbers, private medical searches, and even stored passwords.
A recent test by The Register found that the app’s built-in “Filter sensitive information” setting, which is switched on by default, fails often enough to make the feature a serious privacy hazard.
Recall continuously takes snapshots of a user’s screen so they can search their past activity.
Microsoft bundled it exclusively with its Copilot+ PCs in 2024, then withdrew it after early security concerns. It was brought back later that year with promises of stronger safeguards and is now integrated into the setup routine for many new Windows devices.
In testing, some types of data were excluded, but the misses were alarming. Account balances appeared in captured banking pages even if full account numbers were hidden. Credit card details slipped through when form labels were removed. Passwords were sometimes filtered when explicitly labeled as such, yet plain lists of usernames and passwords in a text file were saved without restriction.
