Microsoft has officially launched its Recall AI snapshot tool, but it still appears to be capturing sensitive information, leading one expert to say “there are [privacy] landmines everywhere.”

Microsoft Recall is the company’s AI-powered tool that takes snapshots of virtually everything the user does, converts them to text, and saves them to a database that can be searched with natural expressions. Unfortunately, there are a number of potential security and privacy implications with such a tool.

Cybersecurity expert Kevin B꧟eaumont has previously been crit🦩ical of Recall, saying Microsoft is “going to deliberately set cybersecurity back a decade & endanger customers.” Beaumont’s criticism was among the avalanche of criticism that caused Microsoft to delay Recall by roughly a year, all in an effort to address the concerns.

Beaumont has taken , praising Microsoft for 𒊎addressing many of the issues that were apparent in the early builds.

Following my post and coverage online, it was announced Recall would become opt-in.. then it wouldn’t be available on Copilot+ PC at launch, then it was delayed for Windows Insider ꦫtesting, then it was delayed again.

It was, frankly, a pretty baffling and rare self own from Microsoft. It reminded me a lot of the Xbox One E3 launch, where Microsoft execs were misaligned with what customers wanted, and fumbled the messaging in what ꦰthey were offering.

Beaumont goes on to praise Microsoft for making the feature opt-in, vs is initial opt-out, as꧒ well as for encrypting the database that stores the sna𓃲pshot data. Recall now tries to filter out sensitive data, turning off snapshotting when sensitive data is onscreen.

Unfortunately, Recall’s efforts to filter sensitive data is not always as reliable as Microsoft and users might like.

The feature to filter sensitive data doesn’t appear 💛to work reliably, acr⭕oss multiple devices from testing.

For example, I updated my credit card in Microsof𝕴t’s own account interface, and Recall recorded it.

In this snapshot I’d typed an invalid credit card💎 number, but it also captured the valid card number. It indexed both, and both were findable under “credit card” in Recall search. It captured and indexed the CVV, too.

It’s unclear why Recall saved this — poss♏ibly because I use Vivaldi as a web browser? Either way — I’d assumed it wasn’t saving this as sensitive information filter was on… but it just didn’t work reliably for me. In some cases, great. In other cases, I was surprised by what it captured. You basically need to be careful to review what Recall is recording, 🍬which is difficult when it records everything you do. The best advice I can give is pause Recall before shopping online to ensure it isn’t recording, then reenable it afterwards.

It’s clear Microsoft has made significant progress in making Recall more secure, and somewhat more private. Ultimately, however, Beaumont makes the case that Recall is poorly positioned for what it does, and would be far better off serving as an accessibility tool, such as for those with Mild Cognitive Impairment.

I also think — to be perfectly honest — Microsoft’s positioning of Recall is wrong for customers. As it currently stands, I don’t think gamers will want to enable Recall. I don’t think the average home user will want to enable Recall. I think many businesses will have large barriers around PII and legal discovery — enabling users to have a photographic memory on their PC of every command they’ve typed into SSH sessions, all the PII they acces🐼sed without realising it was being recorded, and everything else they’ve done opens up a whole new class of risk, and will drive concern about suppliers using Recall.

My take would be Microsoft should reinvest in empathy. Recall is a great accessibility feature for people with conditions like Mild Cognitive Impairment (MCI). Recall should be the kind of feature people want to enable, with clear us꧒e cases and risks explained.

Given that Recall is now opt-in, it remains to be seen i🌼f customers will enable it. As Beaumont points out, Recall is oddly positioned and unlikely to appeal to much of its target aud༒ience but, ultimately, only time will tell.