In June, Microsoft disabled the function of logging user activity when calling in test builds of Windows due to discovered problems with the security of personal data, but recently returned it, giving users the opportunity to disable the recording of sensitive data. As it turns out, in practice such a filter still does not guarantee the exclusion of important user data from the saved activity history.
According to the developers, the filter should exclude the collection of information from applications or websites that work with data from user bank cards or personal document numbers, which can be used by hackers to cause material damage to their owner. Representatives of the Tom's Hardware resource found that in practice this filter does not always work.
First, when you try to save the password and login data for various systems in a plain text document using Notepad, the corresponding information is recorded by the Microsoft Recall function. The presence of words with bank card designations in this document does not alert the filter in any way. Similarly, filling in personal information via a PDF file in Microsoft Edge also does not go unnoticed by Microsoft Recall, although the filter is active. Finally, it turns out that a specially created HTML page with fields for entering bank card data also passes through the filter. However, on the web pages of real online stores in the browser, sensitive information is filtered out and bank card data is not included in the saved history.
Microsoft, in response to the comments of the author of the experiments, only advised to follow the recommendations on the corporate blog, which encourage users to contact the company with comments on the operation of the Microsoft Recall function via the feedback form. The corporation also promised to continue improving this feature to improve privacy protection.