Last October, Windows 11 received one of the most important updates in its history; and as expected, the protagonist was Artificial Intelligence, with a large number of functions designed to help us on our computer. But one of the most anticipated features was nowhere to be found: Recall, which is currently only available in preview.
At the time, Recall was announced as a revolution for Windows 11. The reminder is able to “remember” everything we have done on the computer, taking a screenshot from time to time and using AI to analyze the content and display the information we need. For example, Recall is able to recover the web page we forgot, the conversation we had or the document we need. The potential is enormous, but the risk to privacy may be greater.
In response to initial criticism, Microsoft announced several changes to Recall, which among other things minimize the amount of private data it can obtain; But just a few weeks after Recall's launch, it is already becoming clear that these measures were not enough and that Recall is obtaining private data despite Microsoft's promises.
This is what Avram Piltch says of Tom's materialwho found to his great surprise that Recall had captured personal data such as credit card number, usernames and password, and social security number. Perhaps most worrying is that the data was obtained even though it was confidential; for example, if they were entered into a form on a website that explicitly asks for a credit card number.
This indicates that Recall's AI ignores data context, raising questions about alleged steps Microsoft has taken to improve privacy. For example, Piltch created a fake website that asked for credit card number, CVC, and expiration date; despite the fact that the data has been correctly labeled, since this data can be used to make purchases with the card, Remember capturing them too.
All this data is particularly sensitive and, depending on the country, it can even be used to steal someone else's identityin addition to your money; The fact that Recall captures them is something serious, given that it should not do so, although in theory there is no danger for users yet.
Free Android
Microsoft guarantees that the recall data is saved encrypted in our computer's memory, and They are not sent to an external server. The only way to access this data and the callback feature is with Windows Hello; so we have to enter our password, or unlock the device with facial recognition or fingerprint. However, Microsoft might have a hard time convincing users that Recall is safe, if it already does the things it promised not to do.
At this time, Microsoft has not made a public statement regarding the release of this issue; but he directed reporters to a statement made at Recall's launch, which said it would continue to “improve the functionality” of detecting sensitive data and asked for help improving the product, asking users to previous version to communicate these types of errors.
