Under pressure from privacy advocates, Microsoft agrees to filter passwords and credit card info from Windows Recall 'snapshots.' Here's how it works.
A glaring security oversight in the original Windows Recall has now been addressed.
What you need to know
- Microsoft has announced an important new capability being added to Windows Recall.
- When the feature launches in preview next month, it will include the ability to automatically censor sensitive information from snapshots.
- Sensitive information that will be filtered include passwords, credit card information, and national IDs.
Microsoft has today unveiled a number of changes it’s making to Windows Recall that are designed to ensure the experience is secure on Copilot+ PCs. Among those changes is a new capability that will automatically censor out passwords, national IDs, and credit card information from snapshots captured by the Recall app.
This new capability means Recall will no longer be able to capture vital sensitive data, even in apps and webpages that you haven’t manually filtered out via Recall’s privacy settings. This filtering feature is enabled by default, but the user can turn it off if they want Recall to collect sensitive data such as passwords and credit card information.
Recall will handle the censoring of sensitive data all on-device, meaning it doesn’t reach out to the cloud to do so. Microsoft says it’s using Purview to achieve this, an enterprise-grade set of solutions that allows apps and services to manage and filter data. Recall is using it here to filter out common formatting of sensitive information.
Microsoft has made significant changes to how Recall stores data locally on your PC. No longer is the data stored in an unencrypted state in an easily accessible directory. Now, Recall’s data is encrypted and stored in a VBS Enclave designed to make it very difficult for third-parties (and even Microsoft) to see the data collected by Recall.
Windows Recall remains an exclusive Copilot+ PC feature, requiring devices with an NPU of 40+ TOPS, along with a TPM and Windows Hello to function. Microsoft says the new Recall will enter public preview with Windows Insiders in October on Arm-based Copilot+ PCs, and will roll out to Intel- and AMD-based Copilot+ PCs in November.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.