Signal blocks Microsoft Recall from screenshotting conversations

Signal has released a new version of its end-to-end encrypted communication app for Windows that prevents Microsoft Recall and users from screenshotting text-based conversations happening in the app.

The new “Screen security” setting is enabled by default and can be easily disabled through privacy settings. Crucially, though, it’s difficult to disable it by mistake.

“Turning off ‘Screen security’ in Signal Desktop on Windows 11 will always display a warning and require confirmation in order to continue,” Signal developer Joshua Lund explained.

Signal’s warning when disabling screen security (Source: Signal)

Impairing Microsoft Recall and future AI-powered features

The warning doesn’t mention the controversial Microsoft (Windows) Recall feature, which was first unveiled for testing in May 2024. Instead, it pre-emptively covers all screenshotting used “for features that may not be private.”

Recall’s public rollout has been delayed after it got labeled a privacy and security nightmare. Microsoft worked to change badly implemented and insecure aspects, then released it a month ago, despite some things still not working as they should.

Signal’s blog post makes Microsoft Recall being the reason for the new setting explicit: “Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that’s displayed within privacy-preserving apps like Signal at risk.”

Screen security feature uses DRM tech

To implement the feature, Signal developers decided to take advantage of technology that controls and manages access to copyrighted digital content. Thus, Signal Desktop how has a Digital Rights Management (DRM) flag that prevents any kind of screenshotting.

While the Screen security feature works as intended, Signal noted that, unfortunately, might interfere with accessibility software used by visually impaired individuals.

Lund also made sure to point out that while the feature disallows Windows 11 systems from taking screenshots of Signal conversations, users using other operating systems (including mobile ones) are not constrained by it and they can still take screenshots of conversations involving users of Signal Desktop on Windows 11.

Scolding Microsoft

Lund criticized Microsoft for launching Recall without granular settings to help app developers protect user privacy without affecting functionality.

Apps like Signal must maintain their ability to prioritize security by default in a way that can be publicly validated, he pointed out, and operating system vendors should provide developers with tools and options to prevent OS-level AI systems to access to any sensitive information within their apps.

“Private messaging apps like Signal deserve to be treated with at least the same level of caution that’s afforded to a web browser’s private or incognito browsing window — which Microsoft has already excluded from Recall by default,” he added.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!