FUTURISM.COM
Microsoft's AI "Recall" Feature Caught Screenshotting Your Social Security Number
Nope. Don't like that.Peeping BotEven after a revamp, Microsoft's AI-powered "Recall" tool, which quietly takes snapshots of your screen every few seconds, is still capturing your sensitive information.As an investigation by Tom's Hardware found, the Windows feature routinely captured credit card numbers, social security numbers, and other financial and personal data that was onscreen even when the new "filter sensitive information" setting was enabled.Ideally, this filter, which is now on by default, is supposed to prevent snapshots from being taken when such information is being displayed. But there are clearly still some glitches."When I entered a credit card number and a random username / password into a Windows Notepad window, Recall captured it, despite the fact that I had text such as 'Capital One Visa' right next to the numbers," wrote Avram Piltch, Tom's editor-in-chief."Similarly, when I filled out a loan application PDF in Microsoft Edge, entering a social security number, name and DOB, Recall captured that." The issue persisted when Piltch used his real information.Talking ShopAccording to Tom's testing, Microsoft's new feature only worked reliably when credit card info was being entered into online stores (specifically Pimoroni and Adafruit). That's good but not nearly good enough."What my experiment proves is that it's pretty much impossible for Microsoft's AI filter to identify every situation where sensitive information is on screen and avoid capturing it," Piltch wrote."My examples were designed to test the filter, but they're not fringe cases. Real people do put sensitive personal information into PDF forms," he added. "They write things down or copy and paste them into text files and then key them into websites that don't look like typical shopping sites."Unpopular DemandRecall was initially announced in May, when the plan was for it to be debuted in the first crop of "Copilot+ PCs," Microsoft's new line of AI-laden Windows 11 laptops. In theory, Recall is a nice idea: if you forgot something you looked at earlier, you can open the app and look at a visual history of your computer usage.But its launch was quickly reversed amidst overwhelming backlash to what many saw as a massive privacy risk not to mention a potential surveillance tool being woven into their operating system (a gripe with which longtime Windows users are by now very familiar). These fears were deepened when security researchers discovered that the tool's screenshots were unencrypted and could easily be hacked.So instead, Microsoft decided that the AI feature would only be made available to those part of its Windows Insider Program, before pulling it entirely. In effect: Recall got recalled.Roughly half a year later, it's now available again for certain Insiders with a Copilot PC running the correct hardware. While the screenshots are encrypted this time, it seems that its privacy measures are deficient overall if it's still screenshotting your social security number.For Microsoft to reassure people with a "filter sensitive information" setting that clearly doesn't work, then, is downright irresponsible though of course, Recall is a work in progress.Share This Article
0 Comments 0 Shares 31 Views