Signal Blocks Windows 11 Recall Feature to Protect User Privacy

Signal resorts to "weird trick" to block Windows Recall in Desktop app

Signal Messenger is warning the users of its Windows Desktop version that the privacy of their messages is under threat by Recall, the AI tool rolling out in Windows 11 that will screenshot, index, and store almost everything a user does every three seconds. Effective immediately, Signal for Windows will by default block the ability of Windows to screenshot the app. Signal users who want to disable the block -- for instance to preserve a conversation for their records or make use of accessibility features for sight-impaired users -- will have to change settings inside their desktop version to enable screenshots. My kingdom for an API "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal officials wrote Wednesday. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." When Recall was first introduced in May 2024, security and privacy practitioners quickly warned it created undue risks for both Windows users and those using other platforms who interact with Windows users. Many of the criticisms were based on specific designs. Recall was turned on by default. Screenshots and OCR data were stored in plaintext, where it could be accessed by any app with user system rights. It provided few granular tools to limit the type of content that was sucked into its massive vacuum bag of data. After facing one of its worst PR disasters in recent memory, Microsoft pulled Recall out of Windows 11 previews a few months after adding it. Then, last month, Microsoft reintroduced a significantly overhauled version of the tool. As Ars Senior Technology Reporter Andrew Cunningham painstakingly documented a few weeks later, the refurbished Recall went to great lengths to correct some of the poorly thought-through designs in the first iteration. Recall was now opt-in, rather than on by default. The database storing Recall data was now encrypted, with the keys secured in a secure enclave separate from Windows. And the tool now provided some level of user control to limit the type of content it indexed. But the changes go only so far in limiting the risks Recall poses. As I pointed out, when Recall is turned on, it indexes Zoom meetings, emails, photos, medical conditions, and -- yes -- Signal conversations, not just with the user, but anyone interacting with that user, without their knowledge or consent. Researcher Kevin Beaumont performed his own deep-dive analysis that also found that some of the new controls were lacking. For instance, Recall continued to screenshot his payment card details. It also decrypted the database with a simple fingerprint scan or PIN. And its unclear whether the type of sophisticated malware that routinely infects both consumer and enterprise Windows users will be able to decrypt encrypted database contents. And as my Ars colleague Cunningham also noted, Beaumont found that Microsoft still provided no means for developers to prevent content displayed in their apps from being indexed. That left Signal developers at a disadvantage, so they had to get creative. With no API for blocking Recall in the Windows Desktop version, Signal is instead invoking an API Microsoft provides for protecting copyrighted material. App developers can turn on the DRM setting to prevent Windows from taking screenshots of copyrighted content displayed in the app. Signal is now repurposing the API to add an extra layer of privacy. "We hope that the AI teams building systems like Recall will think through these implications more carefully in the future," Signal wrote Wednesday. "Apps like Signal shouldn't have to implement 'one weird trick' in order to maintain the privacy and integrity of their services without proper developer tools. People who care about privacy shouldn't be forced to sacrifice accessibility upon the altar of AI aspirations either." Signal's move will lessen the chances of Recall permanently indexing private messages, but it also has its limits. The measure only provides protection when all parties to a chat -- at least those using the Windows Desktop version -- haven't changed the default settings. Microsoft officials didn't immediately respond to an email asking why Windows provides developers with no granular control over Recall and whether the company has plans to add any.

Signal says no to Windows 11's Recall screenshots

Umar Shakir is a news writer fond of the electric vehicle lifestyle and things that plug in via USB-C. He spent over 15 years in IT support before joining The Verge. Signal is taking proactive steps to ensure Microsoft's Recall feature can't screen capture your secured chats, by rolling out a new version of the Signal for Windows 11 client that enables screen security by default. This is the same DRM that blocks users from easily screenshotting a Netflix show on their computer or phone, and using it here could cause problems for people who use accessibility features like screen readers. While Signal says it's made the feature easy to disable, under Signal Settings > Privacy > Screen Security, it never should've come to this. Developer Joshua Lund writes that operating system vendors like Microsoft "need to ensure that the developers of apps like Signal always have the necessary tools and options at their disposal to reject granting OS-level AI systems access to any sensitive information within their apps." Despite delaying Recall twice before finally launching it last month, the "photographic memory" feature doesn't yet have an API for app developers to opt their users' sensitive content out of its AI-powered archives. It could be useful for finding emails or chats (including ones in Signal) using whatever you can remember, like a description of a picture you've received or a broad conversation topic, but it could also be a massive security and privacy problem. Lund notes that Microsoft already filters out private or incognito browser window activity by default, and users who have a Copilot Plus PC with Recall can filter out certain apps under the settings, but only if they know how to do that. For now, Lund says that "Signal is using the tools that are available to us even though we recognize that there are many legitimate use cases where someone might need to take a screenshot."

Signal calls out Microsoft for poor implementation of Windows 11 Recall, blocks it by default

Microsoft quietly demoed a macOS-inspired feature on Windows 11, then tried to pretend it didn't Summary Signal blocks Windows Recall by default with Screen security setting. Signal unhappy with Microsoft's Recall feature. Signal warns of dropping Windows support in the future if privacy is impacted. Signal is a fairly popular messaging app that is touted for its security features. It is primarily used by those who are very conscious of their privacy or are involved in whistleblowing activities. The cross-platform app offers end-to-end encryption (E2EE) and is estimated to have tens of millions of users all over the globe. For privacy- and security-focused software like Signal, Microsoft's latest Windows 11 feature, Recall, can be particularly problematic. Although the Redmond tech firm has made several improvements to the capability since its disastrous launch last year, the "takes screenshots of everything you do on your PC" aspect still alarms many Windows 11 customers. Now, Signal has echoed that sentiment and decided to block the feature by default in its Windows 11 app. Signal will block Windows Recall by default, with a trade-off In a detailed blog post, Signal has announced that its Signal Desktop app will block Windows Recall by default through a new Screen security setting. This configuration will leverage Microsoft's built-in Digital Rights Management (DRM) flag, which restricts users or other applications from taking screenshots of the content being played by the software utilizing this flag. Of course, the downside of this approach is also that users won't be able to manually take screenshots until they disable this setting, which can be a nuisance in some cases. The non-profit company understands that there are many genuine cases where its customers may need to take screenshots quickly, but it believes that this is a trade-off worth making, especially if you can restrict your PC from taking screenshots of everything you do after every few seconds. Signal isn't happy with Microsoft Credit: Spyglass Of course, Signal isn't particularly happy that it had to make this decision, and it has called out Microsoft in a rather scathing tone. It claims that Microsoft has made a "glaring omission" by not allowing app developers to easily restrict Recall themselves, also noting that the idea of Recall itself sounds like a feature that was generated by a rudimentary LLM as a way to make investors happy at the expense of accessibility and privacy. The company has also warned Microsoft that if its "move fast and break things" ideology impacts the foundation of privacy-preserving apps like Signal, the app may drop support for Windows altogether in the future. Signal hopes that operating system vendors like Microsoft and other firms building AI systems will be cautious about the implications of this technology, rather than just blindly rushing into the implementation phase and then expecting privacy-focused services like Signal to implement workarounds. For now, Signal Desktop is rolling out with the Screen security feature enabled by default, but customers do have the option to disable it through Signal Settings > Privacy > Screen security. If you do attempt to disable it, you'll get a warning about Microsoft's antics, which you'll need to acknowledge in order to continue.

Signal will block Microsoft Recall from snooping on your texts

The Screen Security setting is on by default for Windows users. Encrypted messaging platform Signal is rolling out a feature called Screen Security to its Windows app. It's broadly a way to prevent a computer from logging screenshots of your messages when the app is open, but in a , the company directly called out the Recall feature in Windows 11 as the reason for this new capability. Signal explained that what it essentially did was to flag its application as protected by Digital Rights Management (DRM), because content under that umbrella will not be recorded in a screenshot on a Windows device. It's the same reason that a movie streaming from Netflix will appear in screenshots as a black box. Screen Security will be on by default, but this setting can be easily disabled for cases where a user does need to be able to access the application, such as when using a screen reader. "We hope that the AI teams building systems like Recall will think through these implications more carefully in the future," the company said. "Apps like Signal shouldn't have to implement 'one weird trick' in order to maintain the privacy and integrity of their services without proper developer tools." The Recall feature in Windows 11 has had a difficult and development process. While the AI-powered tool to record everything on a PC's screen has some potential benefits for user productivity, it's also raised a lot of concerns about privacy and security. Although Microsoft has started rolling out Recall to , not everyone is convinced that it's ready for prime time.

Messaging app Signal will block Windows Recall from taking chat screenshots

Serving tech enthusiasts for over 25 years. TechSpot means tech analysis and advice you can trust. WTF?! Recall is shaping up to be a security and privacy nightmare - and one of the most popular messaging platforms is already trying to patch the hole. Signal's developers are now resorting to a "weird trick" involving Windows DRM to shield users from unwanted Microsoft surveillance. The desktop version of Signal now includes a new "Screen security" feature designed to block external programs - and even Windows 11 - from capturing screenshots of the app window. Enabled by default, the setting is Signal's direct response to Microsoft's push to turn Windows into a powerful surveillance tool through Copilot's Recall feature. Signal's official blog states that the Screen Security option protects message privacy from Microsoft Recall. Redmond recently relaunched its AI-fed, perpetual screenshot feature for Copilot+ PCs - claiming to have added new controls to address concerns about privacy violations and unwanted data collection. None of this matters to Signal. Microsoft built Recall to capture desktop and app window screenshots every few seconds, store them in a local database, and shamelessly feed that data to an onboard large language model. "It's a one-year anniversary that nobody wants to celebrate, but Recall is back and Signal is ready," the company said. Microsoft's adjustments to Recall fall short, as the feature still risks exposing content from "privacy-preserving" apps like Signal. The desktop app now has an extra layer of protection to maintain its security, even if it means accepting some usability trade-offs. Windows 11 currently offers no official APIs to prevent Recall from capturing screenshots of an app. As a result, Signal's developers had to get creative, leveraging Windows' native DRM technology to make the app's window impossible to capture. "Apps like Signal shouldn't have to use 'one weird trick' just to protect their users' privacy and maintain service integrity without proper developer tools," the frustrated developers said. Millions worldwide rely on Signal to keep their communication safe and encrypted - though government abuse remains a risk when no responsible oversight exists. In recent years, Signal Foundation President Meredith Whittaker called AI technology a pure surveillance tool, describing it as a platform driven by relentless data harvesting with little regard for privacy or security. Signal's developers are urging Microsoft to provide tools that block OS-level AI access to sensitive data. The "move fast and break things" mantra won't work here - Signal might have to drop Windows support if the platform turns hostile to privacy-focused apps.

Desktop Signal learns a trick from the mobile app to keep Microsoft Recall at bay

Google TV apps will seek more of your attention in a way you may not like Summary The Signal Desktop app now has a new security feature to prevent Microsoft Recall from taking screenshots of chats. This feature utilizes a flag similar to Android's "FLAG_SECURE" to protect user privacy. As a result of this security measure, screenshots of the Signal app will now appear blank. Signal is a privacy-focused messaging and voice call app you can install across all major operating systems, including Android, iOS, and Windows. While it's still no match to the level of user base competitors like WhatsApp enjoy, Signal has gained significant popularity since it came into existence, primarily because of privacy-focused features, some of which you still don't find in messaging apps like WhatsApp. Related 7 easy steps to boost security in your favorite messaging apps Securing your chats made easy Posts However, with the wave of AI features in the recent past, especially concerning the ones that can see what's on your screen, like Microsoft Recall, the chances of your privacy getting compromised have increased if you're not cautious enough. But for Signal Desktop users on Windows, it no longer requires your intervention to keep yourself protected from the seemingly privacy-invasive Recall feature on Windows 11. And it looks like the company has taken some inspiration from Android to do that. Signal Desktop's new security feature is Recall-proof by default Signal's mobile app allows users to prevent contacts from taking screenshots of their chats, but requires you to disable screenshotting from the app's Settings. Microsoft Recall, on the other hand, takes screenshots on its own to create a timeline of everything you've done on your PC. That means all your Signal chats are captured without your input. Image: Signal To prevent this, Signal Desktop has gained a "Screen security" setting, which is enabled by default to nullify the chances of users unknowingly sending the data to Microsoft's database. Of course, you can disable the setting if you don't want to allow Recall to take screenshots. It doesn't sound like a lot of hard work for Signal, because all it had to do was to use the correct Digital Rights Management (DRM) flag on its application. It sounds very similar to how Android's "FLAG_SECURE" flag works: once a window is flagged with it, Android won't allow taking screenshots and prevents the content from being displayed on TVs or other external displays. "FLAG_SECURE" is part of the Android SDK and is commonly used in banking apps and password managers. However, since Signal has now flagged its application as protected by DRM, there are some "usability trade-offs," as mentioned by the company on its official blog post. While the company hasn't specified the caveats, one of the major downsides of the new security setting is that when you take a screenshot of the Signal app, you'll see nothing. It can be a little frustrating, especially if you're running Signal Desktop on a non-Copilot+ PC. The Recall feature is currently limited to Copilot+ PCs, which currently represent only a small fraction of the user base, given the fact that they came into existence only last year. However, Signal Desktop won't discriminate between a non-Copilot PC+ PC or something with the Recall feature enabled; it'll treat them the same and enable the new security feature by default on Windows 11. So, if Recall was the reason you didn't use Signal on your Copilot+ PC, you can now safely install the app, but remember to use its sync feature to transfer your existing chats to your desktop.

Blackmailers, spys, and cheaters beware: Signal cuts off Microsoft screengrab feature

Signal, the popular privacy-centric messaging app, has rolled out a significant update to its Windows 11 desktop client, called "Screen Security" to combat Microsoft's AI-powered Recall tool from capturing screenshots of users' private conversation. This move underscores Signals stance on user privacy, following recent publicity from the Trump Administration and attention drawn to how the app is used. According to Bleeping Computer, the Screen Security feature is turned on by default in Windows 11. Recommended Videos Understanding Microsoft's Recall feature Microsoft Recall, recently launched on Copilot+ PCs, is an AI-driven tool that periodically captures screenshots of a person's desktop to create a searchable timeline of past activities. While intended to enhance productivity by allowing people to revisit previous tasks, Recall has sparked privacy concerns due to its broad access to on-screen content, including sensitive information from various applications. Notably, Recall lacks an API that would enable developers to exclude their applications from being captured, leaving privacy-focused apples like Signal vulnerable to unintended data exposure. Signals proactive privacy measure In response, Signal's latest update employs Digital Rights Management (DRM) techniques - similar to those used by streaming services like Netflix or Hulu - to block screen capture attempts. According to Laurent Giret at Thurrott.com, when the Screen Security feature is enabled, any attempt to take a screenshot of the Signal app results in a blank image, effectively shielding conversations from being recorded by Recall or other screenshot tools. This feature is activated by default on Windows 11 devices but can be disabled by people who require compatibility with certain accessibility tools. Signal acknowledges that while this measure may interfere with functionalities like screen readers, the lack of granular control over Recalls operations left them with limited options. As Signal developer Joshua Lund stated, "Microsoft has simply given us no other option" reports ArsTechnica. Are there broader implications? Signals action highlights a growing tension between privacy and system-level AI features. The implementation of Recall without adequate opt-out mechanisms raises questions about the balance between innovation and privacy rights. By taking matters into its own hands, Signal sets a precedent for other applications to prioritize user data protection, potentially prompting Microsoft to reconsider the design and permissions associated with Recall. As AI continues to integrate deeper into the operating systems of devices, the need for transparent and user-controlled privacy settings becomes increasingly critical. Signal's update serves as a reminder that safeguarding user privacy requires vigilant and proactive measure, especially when system-level features may inadvertently compromise sensitive information. For people concerned about the implications of Microsoft's recall feature, Signals latest update offers a layer of protection, refining the apps reputation in the secure communication space. We have a solid list of Signal tips & tricks should you decide to give the app a try.

Signal Blocks Screenshots on Windows to Protect User Privacy

Calling and messaging platform Signal has announced that it will prevent your Windows computer from taking screenshots of Signal chats. The platform's decision to block screenshots comes as Microsoft re-released the 'Recall' feature as part of Windows 11 in April this year. First introduced in May 2024, the Recall feature takes screenshots of whatever a user is doing on their Windows computer every few seconds. It then allows them to search these screenshots for any specific topic. Ever since its launch, users have expressed concerns that the feature could pose privacy risks. In response, the company released privacy settings for the feature, allowing users to 'opt in' to Recall instead of having it automatically screengrab all of a user's activities. It also assured users that Recall would detect sensitive information and not store such screenshots. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," the communication platform said. It added that blocking screenshots of Signal will act as an extra layer of protection on Windows 11. If you attempt to take a screenshot of your Signal desktop app on a Windows 11 device, the portion of the screenshot showing the app will be completely blacked out (pictured below). However, this does not mean that you can't take screenshots of the same chat screen on your phone. Furthermore, the person you are speaking with on Signal will still be able to take screenshots -- provided they do not use the Windows desktop app. "This limitation can be frustrating, but it might look familiar to you if you've ever had the audacity to try and take a screenshot of a movie or TV show on Windows," Signal explains. According to Windows' official developer documentation about managing Recall, the feature does not store digital rights management (DRM) content -- just like its Snip tool, which currently allows people to take screenshots on Windows devices. Signal explains that if a developer sets the correct DRM flag on their application, they can prevent the app's content from showing up in Recall or any other screen-grabbing application on Windows. Signal acknowledges that there are legitimate reasons someone may want to take a screenshot. As such, it allows users to disable this screenshot-blocking feature by turning off 'Screen Security'. The company says it hopes AI teams building features like Recall will think more carefully about the implications of what they create. "Apps like Signal shouldn't have to implement 'one weird trick' in order to maintain the privacy and integrity of their services without proper developer tools," it adds. As Signal flags in its blog post, messaging apps are a window into a person's entire life. This information, if collected, can give a bad actor access to details about your friends or family members, confidential business communications, and more. This is especially concerning given that an ethical hacker named Alex Hagenah even created a tool called Total Recall that could extract all the information Recall records on a user's device. In this case, Signal's move to use DRM protections to block screenshots shows how developers can leverage existing Windows security mechanisms to safeguard user communication. This move could even become a template for other communication apps to protect sensitive user data from both malicious actors and features like Recall.