Ad
Image credit: Signal Private Messenger/Google Play Store
Signal messenger has rolled out a new security feature in its Windows Desktop app to shield users’ messages from Microsoft’s Recall tool, an AI-powered Windows 11 feature that records and indexes user activity.
The update prevents Recall from capturing screenshots of the Signal app window, with the company citing concerns over the security risks posed by such continuous screen recording. Users can still opt to disable the feature by adjusting their privacy settings within the app.
Recall works by taking screenshots roughly every three seconds and storing them in a searchable local database. Privacy and security practitioners quickly warned of the undue risks Recall created for Windows users, as well as the alternative platforms that interact with them.
Signal’s workaround for Recall
Signal raised concerns about the lack of developer-level controls in Windows 11, noting that privacy-focused apps are left with no standard way to opt out of Recall.
To address this, the company implemented a workaround using a Digital Rights Management setting — commonly used to block screen captures on streaming or media applications — to restrict Recall from logging what appears on Signal’s desktop interface.
The DRM-based block minimizes the chance of users having their private Signal messages screenshot by Recall and of it permanently indexing their private messages. However, it can also cause usability issues, like impairing the functionality of accessibility software or archiving the messages they prefer to document.
“Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that’s displayed within privacy-preserving apps like Signal at risk,” Signal officials wrote in a blog post on May 21.
“As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option.”
SEE: How to Safeguard Enterprises from Exploitation of AI Applications from TechRepublic Premium
Criticisms about Windows 11 Recall feature
Concerns surrounding the Windows 11 Recall feature are nothing new.
Upon Recall’s initial release in May 2024, its criticisms mostly involved the design of the product, such as how it was on by default and stored data in plaintext that can be easily accessed by apps with user system rights. Users also had limited options in terms of granular tools to control what content of their own would be aggregated within the solution’s inventory of data.
In response to backlash, Microsoft pulled Recall out of Windows 11 previews months after adding it. In April 2025, it reintroduced a revamped version of Recall last month. Changes include Recall now being an opt-in tool rather than one on by default, encryption to protect the database storing Recall data, and some user controls limiting the kind of content it indexes.
Still, privacy experts argue that vulnerabilities remain. Security researcher Kevin Beaumont, who performed a security research analysis of the reintroduced version of Recall, found that the tool still captures sensitive information and that its database can be decrypted using standard Windows authentication like a PIN or fingerprint scan.
Microsoft’s response
At the time of this writing, Microsoft has not publicly responded to inquiries about whether it plans to offer developers a formal API or mechanism to exclude their applications from Recall’s data capture in future updates.
Ad
