Cool, good to point out that you can set any app to be excluded from recall. Funny that they need to pretend to have DRM, but yeah thereâs an easy windows API devs can use to avoid this feature altogether. Honestly they shouldâve done this before anyway to prevent people from taking screenshots of signal chats.
implementing âDRMâ that works for you (not against you) is the best choice that we had. Itâs like a scene in a movie where the villain has switched side
DRM used for good
Microsoft has launched Recall without granular settings for app developers that would enable Signal to easily protect privacy, which is a glaring omission that limits our choices.
Seriously, this is embarassing. No one would want Microsoft to take screenshots of their private messengers, private browser like Tor, password managers, etc.
Even if Recall is off by default, this means that people that think this is a cool feature will have massive security risks like AI seeing their passwords.
Itâs fully on-device and by default it tries to filter out sensitive info like passwords, so not a huge security concern. Microsoft should have some kind of granular API to prevent recall/screenshots for sensitive apps tbh, but the DRM one seems to work fine.
What about senstive websites? Oh wait isnt it all personal data? Maybe just not have it all togetherâŚ
I mean who defines what is sensitive? That seems very personal and given other people will have your data on their devices this seems a stretch.
I thought this is out of Signalâs threat model/scope? It used to store its private key completely unencrypted accessible by any userland process until a few months ago. Why are they suddenly freaking out about Recall, whose data is encrypted with VBS?
Yeah I thought so too, but clearly theyâre now open to using OS features to protect their users so weâll see. Iâd like to see them sandbox their desktop apps, use the OS keystore, etc. In any case itâs the best use of DRM Iâve ever seen lol.
Cynically, I would guess they tackled this simply due to the ease of implementing this feature. This feature already exists in their mobile apps though too, so it is not unprecedented for Signal either.
Well, it completely breaks the end-to-end encryption if a third-party has access to your chats, encrypted or not. I am not aware that Signal also stored the key in plaintext on Windows. See anonfox
Meanwhile, Signal Desktop is still broken on Wayland. I wish theyâd fix that firstâŚ
Perhaps I donât know enough. Can you explain how and what you mean by this?
It did.
I guess this makes for a nice blogpost, so they didnât need drama to implement it.
The desktop client doesnât work properly (if it launches at all) when you use the wayland electron flag (--ozone-platform=wayland). When you launch it normally under a Wayland compositor, it works relatively well but it uses XWayland, which limits some functionality such as screensharing, not to mention the security issues of X11.
EDIT: Even Vesktop, an UNOFFICIAL Discord client made by volunteers supports Wayland and screensharing works perfectly fine via XDG Desktop Portal. The electron-wayland issue has been solved a long time ago, itâs pretty much just Signal that has this issue now.