Microsoft’s Recall feature for Windows 11 continues to raise alarm bells among security professionals, even after the company introduced privacy-focused upgrades in response to widespread criticism. Recall, which captures snapshots of your computer screen throughout the day to help users retrace their digital steps, has come under fire again following new test results showing it still collects sensitive information under certain conditions.
According to a detailed report by The Register, Recall’s supposed ability to detect and avoid recording private data like credit card numbers, passwords, and banking details is inconsistent. In controlled tests, the feature captured screenshots showing full credit card details in one instance, while it failed to do so in another. It also took screenshots of bank account balances that were clearly visible on the screen, although it avoided storing login credentials.
The most concerning revelation is that Recall also documented passwords when they were presented in files, despite recognizing and avoiding them during actual password input. This suggests that Recall’s detection algorithms are situationally effective, but not universally reliable. The Register concluded that attackers could still gain useful intelligence—such as the user’s bank name and financial status—even if credentials are excluded.
While Microsoft emphasizes that screenshots are stored locally and encrypted to prevent unauthorized access, the issue isn’t just one of storage security. It’s about whether sensitive material is being recorded in the first place. Critics argue that the risk lies in the sheer existence of these records and the possibility of them being exploited if the device is ever breached. Until Microsoft can demonstrate that Recall consistently respects privacy boundaries, many experts advise disabling the feature entirely.