Technology Microsoft Recall caught capturing credit card and Social Security numbers despite reassurances it won't

[jamey910111]

Content source

https://www.tomsguide.com/computing/windows-operating-systems/microsoft-recall-caught-capturing-credit-card-and-social-security-numbers-despite-reassurances-it-wont

According to Microsoft, the updated version of Recall still captures screenshots, but those screenshots are now supposed to be encrypted and have a "Filter sensitive information" setting enabled by default. This filter is meant to stop Recall from capturing apps or websites that show sensitive personal information like credit card numbers and Social Security numbers.

The sensitive information filter doesn't appear to work

Unfortunately, this filter does not seem to be working. Our colleague, Avram Piltch, at Tom's Hardware, tested the revamped Recall and reported that the filter only worked a couple of times, "leaving a gaping hole in the protection it promises."

Microsoft Recall caught capturing credit card and Social Security numbers despite reassurances it won't

The sensitive information filter doesn't appear to work

www.tomsguide.com

 

[Marko :)]

Like we in Croatia say... ako prođe, prođe (lit. if it passes, it passes). Phrase you jokingly use when someone intentionally tries to scam you and unfortunate for him, you realize it.

I'm starting to think Microsoft works like this. I have no doubt everything they make is intentional behavior, but when they're caught doing bad things, only then they'll intervene and say they made a mistake. Same was with SmartScreen. They said full URLs collected weren't being associated with user accounts, when in fact they were. They didn't even try to hide it.

I actually trust Google more than Microsoft, even though they both collect bunch of data from us. Google at least gives you ability to turn everything off, Microsoft only let's you "delete" collected data, but doesn't let you disable data collection.

 

[jamey910111]

Yea great point about intentional behaviour.
Regarding Smart Screen, long time ago i blocked it using my firewall as well - if there is anything suspicious either I won’t execute/download or my AV will catch it instead.

 

[Marko :)]

Yea great point about intentional behaviour.
Regarding Smart Screen, long time ago i blocked it using my firewall as well - if there is anything suspicious either I won’t execute/download or my AV will catch it instead.

I disabled it everywhere I could. But for some reason, smartscreen.exe keeps launching on my PC. And I can't get rid of it.

 

[oldschool]

I disabled it everywhere I could. But for some reason, smartscreen.exe keeps launching on my PC. And I can't get rid of it.

I assume you killed it via Task Manager? And it still launched again?

 

[Marko :)]

I assume you killed it via Task Manager? And it still launched again?

It doesn't launch again immediately; but it certainly is active again after some time. It also launches with every boot.

It's funny because I disabled it with Group Policy Editor and it really should honor that.

 

[Sorrento]

Any snapshots I blocked in Group Policy, not sure now if that was sufficient?

 

[jamey910111]

i actually don’t have windows recall as i am not on windows 11 but is it not possible to fully turn it off?

 

[jamey910111]

It doesn't launch again immediately; but it certainly is active again after some time. It also launches with every boot.

It's funny because I disabled it with Group Policy Editor and it really should honor that.

At least if firewall blocked it cannot send any info - upon trying it says it is being blocked from accessing the net or something - i think this is enough cause it’s not a memory hugging app

 

[Marko :)]

To be fair, it doesn't have any network activity from what I can see, and it's using just 2 MB of RAM. But I want it gone out of spite.

Group Policy is the strongest set of settings which should be respected by the OS and it's apps. And if I disable a certain feature I don't plan to use, it should be completely disabled and not only partially.

 

[TairikuOkami]

I disabled it everywhere I could. But for some reason, smartscreen.exe keeps launching on my PC. And I can't get rid of it.

That is the reason I remove it and I apply my remediation settings at every shutdown, since Windows updates (+SFC) love to restore them.

takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreen.exe"
icacls "%WinDir%\System32\smartscreen.exe" /grant:r %username%:F
taskkill /im smartscreen.exe /f
del "%WinDir%\System32\smartscreen.exe" /s /f /q

At least if firewall blocked it cannot send any info - upon trying it says it is being blocked from accessing the net or something - i think this is enough cause it’s not a memory hugging app

Assuming that it is smartscreen.exe sending info only, not MsMpEng.exe or svchost.exe MS philosophy is, if you fail, try and try again. Windows is great in reinstalling installed updates.
I have uninstalled and blocked Recall via a presumed domain based on copilot, but not sure if it helps, since I have never used it. maybe someone, who actually uses it, can confirm, please?!

 

[eXDj]

Huoooo !!!

 

[oldschool]

i actually don’t have windows recall as i am not on windows 11 but is it not possible to fully turn it off?

I'm not on 24H2, but I believe it can be.

 

[Brownie2019]

Stop Recall​

Detect and Disable Microsoft Recall​

Ashampoo® Stop Recall

Detect and Disable Microsoft Recall

www.ashampoo.com