Mastodawn

Signal Messenger is warning that Recall, the AI tool rolling out in Windows 11 that will screenshot, index, and store everything a user does every three seconds, poses a risk to its users. Effective immediately, the Windows Desktop version will by default block the ability of Windows to screenshot the app. Of course, Microsoft provides no API to disable Recall from screenshotting specific apps, so Signal is getting creative. They are invoking a digital rights management API that blocks the screenshotting of copyrighted material.

https://signal.org/blog/signal-doesnt-recall/

By Default, Signal Doesn't Recall

Signal Desktop now includes support for a new “Screen security” setting that is designed to help prevent your own computer from capturing screenshots of your Signal chats on Windows. This setting is automatically enabled by default in Signal Desktop on Windows 11. If you’re wondering why we’re on...

Signal Messenger

Dan Goodin May 21, 2025

Signal writes:

"We hope that the AI teams building systems like Recall will think through these implications more carefully in the future. Apps like Signal shouldn’t have to implement “one weird trick” in order to maintain the privacy and integrity of their services without proper developer tools. People who care about privacy shouldn’t be forced to sacrifice accessibility upon the altar of AI aspirations either."

Dan Goodin May 21, 2025

https://arstechnica.com/security/2025/05/signal-resorts-to-weird-trick-to-block-windows-recall-in-desktop-app/

“Microsoft has simply given us no other option,” Signal says as it blocks Windows Recall

Even after its refurbishing, Recall provides few ways to exclude specific apps.

Ars Technica

Dr Andrew A. Adams #FBPE 🔶May 21, 2025

@dangoodin Of course MS bent over backwards to avoid capturing copyrighted content, but mostly ignored privacy and security concerns.

Netux May 22, 2025

@a_cubed @dangoodin I don't know a ton about copyright, but isn't normal writing copywriten upon creation?

Dr Andrew A. Adams #FBPE 🔶May 22, 2025

@Netux @dangoodin
Yes, I should have said commercially copyrighted material. Most people don't think of their ephemeral work as copyright relevant, though (I have the research receipts somewhere to back that up from a project in 2011 or so).

Netux May 22, 2025

@a_cubed @dangoodin I wonder if we could get an injunction or a class action against it for copyright. Don't know the details on dcma, but just copyright should be enough of anything gets shipped off the computer.

Dr Andrew A. Adams #FBPE 🔶May 22, 2025

@Netux @dangoodin
Good luck with getting the US courts to apply the letter of (c) law to a big tech corp. See the "debates" around Meta's torrenting of millions of books and other docs to train LLAMA. Despite ridiculous claims for thousands of $ for torrenting one single back in the day, Meta look to be getting away with taking a whole library worth despite having the ability to pay for a copy of everything (even leaving aside whether they could then put that copy in an AI trainer within (c)).

Mira May 22, 2025

@dangoodin Nice seeing something meant to “protect” corporate products being repurposed to protect user data.

I’m sure MS will issue an update to break this repurpose

ck May 21, 2025

@dangoodin sometimes I even want a screenshot of a signal thing... sigh

ck May 21, 2025

@dangoodin getting my camera out so I can screenshot my signal chats and then edit them with the analog loophole like a caveman

aburka 🫣May 21, 2025

@cursedsql @dangoodin they have a setting to disable the protection. But Recall completely breaks Signal's security model so I'll be (a little) more comfortable knowing this is on by default

ck May 21, 2025

@aburka @dangoodin I'll only be comfortable never running windows 10 - if you run signal desktop your encrypted sqlite database's password is right next to the file so the security model there is a bit out of the window

aburka 🫣May 21, 2025

@cursedsql @dangoodin wait, what?

mathew May 21, 2025

@cursedsql @aburka @dangoodin
Signal desktop uses Electron safeStorage for the database password, and that's backed by the relevant OS's allegedly secure keyring storage.
https://github.com/signalapp/Signal-Desktop/issues/6944#issuecomment-2243704263

Login keyring password prompt after upgrading to 7.16.0 · Issue #6944 · signalapp/Signal-Desktop

Using a supported version? I have searched searched open and closed issues for duplicates. I am using Signal-Desktop as provided by the Signal team, not a 3rd-party package. Overall summary After u...

GitHub

ck May 21, 2025

@mathew @aburka @dangoodin I mean - last time I wrote the code to export the data from signal that's what I found https://github.com/ConstantineK/export-signal-desktop-to-json/blob/49de9cdffd9368518dc295c502dd17e0e4a0e1b5/src/lib.rs#L215 - my program could read your encrypted sqlite database (or could when I wrote it two years ago) by getting the password out of the json stored right next to it

export-signal-desktop-to-json/src/lib.rs at 49de9cdffd9368518dc295c502dd17e0e4a0e1b5 · ConstantineK/export-signal-desktop-to-json

A simple Rust CLI to export Signal messages from the Desktop client. - ConstantineK/export-signal-desktop-to-json

GitHub

aburka 🫣May 21, 2025

@cursedsql @mathew @dangoodin welllll... the issue @mathew linked is newer than that so maybe it's been changed? I'll test your exporter later to see if it still works

ck May 22, 2025

@aburka @mathew @dangoodin PR's welcome if it doesn't do something, it was one of my first Rust projects and I haven't done a ton since 😅 that being said I am pretty sure they haven't changed anything - cat .config/Signal/config.json shows me the exact same structure I saw on windows 2 years ago

mathew May 22, 2025

@cursedsql @aburka @dangoodin Found more details here:
https://cryptographycaffe.sandboxaq.com/posts/protecting-signal-desktop-keys/#the-official-fix

I have "encryptedKey" in the config.json rather than the old "key".

Protecting Signal Keys on Desktop

This blogpost describes our investigation and proof of concept to enhance the security of Signal Messenger key management on desktop.

The Cryptography Caffè ☕

aburka 🫣May 22, 2025

@mathew @cursedsql @dangoodin that seems improved, yeah?

ck May 22, 2025

@aburka @mathew @dangoodin for windows the key point is that any program running as your user probably can still access the data afaict with the reading of that doc

aburka 🫣May 22, 2025

@cursedsql @mathew @dangoodin "it rather involved being on the other side of that airtight hatchway" etc etc

JeanMarie_Dhainaut May 21, 2025

Tuxicoman May 21, 2025

@dangoodin maybe people that care about privacy should not use windows in first place.

Charo del Genio May 22, 2025

@dangoodin what makes them think that the implications were NOT actually thought through?

Klaus Frank May 21, 2025

@dangoodin I'm surprised that Recall is honoring the DRM Flags.

⊥ᵒᵚ Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️May 21, 2025

@agowa338 @dangoodin you, as a media consumer individual are not Microsoft's customer. That's why you didn't pay (directly) for Windows.

Vincent Sparks May 21, 2025

@agowa338 @dangoodin i'm not. can you imagine how mad copyright monopolists would get if one frame every five minutes of their copyrighted content was screenshotted?

unlike pathetic nobodies like the Signal devs and their actual users, companies that can afford to hire lawyers are entities microsoft actually has to listen to

(or it might just be they didn't bother to disable it when they hooked into an existing screenshot API to make this bolted on pseudo feature. who knows)

Klaus Frank May 22, 2025

@AVincentInSpace @dangoodin

Yes, I can. And do you imagine how hard they'd go against Microsoft for that?

If someone is able to put them into their place then it's them...

dragonfrog May 21, 2025

@agowa338 @dangoodin They know what side their bread is buttered on.

LonM May 21, 2025

@dangoodin I find it immensely annoying that DRM allows for screenshots to be blocked in the first place. I guess this is a silver lining.

~n May 21, 2025

@dangoodin DRM being used to do good was not on my bingo card this year.

Nathan A. Stine May 21, 2025

@nblr @dangoodin stopped clock is right twice a day, etc.

Stanley Coupdebrique May 21, 2025

@nblr @dangoodin
- DRM blocking open-source software in 2015 😡🤬
- DRM blocking open-source software in 2025 😎😎

Ulrich O.May 21, 2025

I just gave it a try - and after an update, it grayed out. Sweet!

nivs May 21, 2025

@dangoodin @mrsbeanbag It’s fitting that a copyright protection tool is being used to defend against GenAI.

John Breen May 21, 2025

@dangoodin Intesresting !
As a general rule - I consider all the things I do on my own computer to be copyrighted, unless I choose to publish it somehow.
I'm preserving a "native" Windows 10 instance on a laptop, just in case, which I refuse to update to Win-spy 11. Soon, I'll only allow Windows 10 in a VM, if at all, from native linux platforms.

Kaliah May 21, 2025

@dangoodin Every app needs to do this

ms_genderfluid_flag

@dangoodin so, they didn't provide a way for apps to say "this is private personal data, please don't AI this"
But a way to go "this content is copyrighted, photograph it and meet our lawyers"

I mean, I'm not surprised

Sky, Cozy Goth Prince of Cats May 21, 2025

@dangoodin Wait MS is actually going through with this disaster of a product launch?

a fish named dog ✡️♾️May 21, 2025

@dangoodin browsing explore and the first two things are, in order, signal and then you

SQLAllFather May 21, 2025

I noticed this change in behavior a few minutes before seeing this post. I went to take a screen shot of another window and my Signal window immediately went black.

I could not be happier to see Signal take this step.

Capricious Day May 21, 2025

@dangoodin at some point it just becomes easier to put a message on the site that says "windows download not available as the OS undermines privacy too completely"

Sherri W (SyntaxSeed)May 21, 2025

@dangoodin What happens to things like password manager apps & browser extensions? Those are getting screenshotted too. 😬

What a mess.

#recall #security #privacy

Kevin Boyd (he/him) 🇨🇦May 21, 2025

@syntaxseed @dangoodin Password managers often rely on the copy-paste buffer / clipboard. When the operating system maker decides to violate trust by constantly recording apps, why wouldn't they also record clipboard contents?

The entire operating system is suspect.

Alerta! Alerta!May 21, 2025

@kboyd @syntaxseed @dangoodin The main question for me is "Why"?

Why is Microsoft doing that?

They are actively breaking the little trust they still have. Why?

Why would I want to continue working with this System?

The answer is probably "Because they can". People got so dependent on M$ that they can just.do anything.

Still. Where's the benefit?

I don't get it... 🤷

Alex Celeste, Princess Consort of Burnout May 22, 2025

@heiglandreas @kboyd @syntaxseed @dangoodin it's to harvest training data for "agent" models

Adolph May 21, 2025

@dangoodin God bless me, I don't use Windows anymore.

J.A. Machete May 21, 2025

@dangoodin I'm sooo glad I'm moving to linux. Thanks win11 for opening my eyes :)) much obliged and buh-bye!

Viktoria D. Richards/Uddelhexe May 21, 2025

Reading this i want to thank Windows again for kicking my butt to conquer my fears and switching to Linux.
A step that marked a start in my journey of freeing myseklf from the big tech companies in little steps and be more bold trying out new and open source stuff.

Thank you, Windows 11. It would not have been possible without you and my disgust for you shitting on privacy (even more) and rendering perfectly fine working hardware useless.

You forced me to evolve. 👍

Just Bob May 21, 2025

@v_d_richards @dangoodin

For 12 years, I had a computer shop and all I ever did was reinstall M$. Very rare that I actually had a hardware repair. Within a couple years of started doing it, I stopped using MicroShit for personal or business and haven't looked back except when I see someone struggling to use the shit.

Oxyte 🥴🥴🥴🥴🥴May 21, 2025

@dangoodin If you explained any of this to someone using Windows XP back in the day they'd have an aneurysm

squalouJenkins May 21, 2025

@dangoodin out of context fun fact : makes me finally consider Wayland way of handling screenshots security awesome !

David W. Jones May 22, 2025

@dangoodin
Worth keeping in mind: Anything you create and post is copyrighted by you. So their idea makes perfect sense!

⚡Tasin 🚀May 22, 2025

@dangoodin There is no privacy on windows anymore. What is holding back people fron using Linux instead!! I understand the fact about gaming. But what about other users! You have FreeOffice that is very close to Office360. And now you have tools like Canva that works on web, so why still windows!!

The Evil Chocolate Cookie May 22, 2025

@dangoodin alternatively, Microsoft could just not take screenshots of our screens and new bonus. That’s creepy.

Vijay Prema May 22, 2025

This is basically DRM but protecting the individual users content from being copied by the big company, rather than the other way around.

Better solution is to not use Windows or Recall, if possible.

Knut 🏳️‍🌈 🇳🇴🧸May 22, 2025

@dangoodin #NixOS are you spying on me? *Silence* exactly because bitch don't talk back to daddy.