"Microsoft’s Recall feature recently made its way back to Windows Insiders after having been pulled from test builds back in June, due to security and privacy concerns. The new version of Recall encrypts the screens it captures and, by default, it has a “Filter sensitive information,” setting enabled, which is supposed to prevent it from recording any app or website that is showing credit card numbers, social security numbers, or other important financial / personal info. In my tests, however, this filter only worked in some situations (on two e-commerce sites), leaving a gaping hole in the protection it promises.

When I entered a credit card number and a random username / password into a Windows Notepad window, Recall captured it, despite the fact that I had text such as “Capital One Visa” right next to the numbers. Similarly, when I filled out a loan application PDF in Microsoft Edge, entering a social security number, name and DOB, Recall captured that. Note that all info in these screenshots is made up, but I also tested with an actual credit card number of mine and the results were the same."

#Microsoft #MicrosoftRecall #DataProtection #Privacy

https://www.tomshardware.com/software/windows/microsoft-recall-screenshots-credit-cards-and-social-security-numbers-even-with-the-sensitive-information-filter-enabled

  • lobut@lemmy.ca
    link
    fedilink
    arrow-up
    18
    ·
    6 days ago

    I don’t see how you can build this feature without it being a security nightmare.

    • marcos@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      6 days ago

      You encrypt everything with a hardware-specific key that only the computer owner has access to. (Possibly on a removable token.)

      That is, if it is a single user computer. This is not the kind of functionality you can make a widespread installation. Any blind widespread installation of something like this is an attack, and will physically harm people.