Under pressure from privacy advocates, Microsoft agrees to filter passwords and credit card info from Windows Recall ‘snapshots.’ Here’s how it works.

What you need to know

  • Microsoft has announced an important new capability being added to Windows Recall.
  • When the feature launches in preview next month, it will include the ability to automatically censor sensitive information from snapshots.
  • Sensitive information that will be filtered include passwords, credit card information, and national IDs.

As a seasoned researcher with a knack for digital privacy matters, I find Microsoft’s latest update to Windows Recall not only intriguing but also reassuring. Having had my fair share of experiences with data breaches and privacy concerns, I appreciate the proactive steps taken by tech giants like Microsoft to ensure user security.


Microsoft recently announced several updates for Windows, specifically tailored for Copilot+ systems, aiming to enhance security. One of these updates includes a novel feature that will automatically blur sensitive data such as passwords, personal identification numbers, and credit card details within images captured by the Recall application.

As an observer, I’ve noticed a change: this new function ensures that Recall won’t be able to gather crucial private data, even from applications and webpages you haven’t explicitly excluded through the privacy settings. By default, a filtering mechanism is activated, shielding sensitive details like passwords and credit card information. However, users have the option to disable this feature if they wish Recall to accumulate such data.

As an observer, I note that the system called Recall is equipped to handle the censorship of confidential data directly on the device itself, without requiring any cloud interaction for this purpose. Microsoft reveals they are employing Purview, a robust collection of business-oriented solutions, to accomplish this. Here, Recall utilizes Purview to screen out typical formatting patterns associated with sensitive information.

Microsoft has introduced new methods for storing Recall’s data on your computer. The data is now encrypted, making it challenging for unauthorized parties, including Microsoft, to access or view the information that Recall collects. This data storage is secured in a VBS Enclave, which is designed with robust protections to prevent third-parties from gaining access to it.

The unique feature of Windows Recall continues to be limited to devices running the Copilot+ PC software. To operate effectively, these devices must possess a Neural Processing Unit (NPU) capable of 40 or more Tera Operations Per Second (TOPS), and require both a Trusted Platform Module (TPM) and Windows Hello for functionality. Microsoft plans to introduce Recall to public preview through the Windows Insiders program in October, specifically on Arm-based Copilot+ PCs. Following this, Intel- and AMD-based Copilot+ PCs will receive the update in November.

Read More

2024-09-27 20:08