Cool, good to point out that you can set any app to be excluded from recall. Funny that they need to pretend to have DRM, but yeah thereâs an easy windows API devs can use to avoid this feature altogether. Honestly they shouldâve done this before anyway to prevent people from taking screenshots of signal chats.
implementing âDRMâ that works for you (not against you) is the best choice that we had. Itâs like a scene in a movie where the villain has switched side
DRM used for good
Microsoft has launched Recall without granular settings for app developers that would enable Signal to easily protect privacy, which is a glaring omission that limits our choices.
Seriously, this is embarassing. No one would want Microsoft to take screenshots of their private messengers, private browser like Tor, password managers, etc.
Even if Recall is off by default, this means that people that think this is a cool feature will have massive security risks like AI seeing their passwords.
Itâs fully on-device and by default it tries to filter out sensitive info like passwords, so not a huge security concern. Microsoft should have some kind of granular API to prevent recall/screenshots for sensitive apps tbh, but the DRM one seems to work fine.
What about senstive websites? Oh wait isnt it all personal data? Maybe just not have it all togetherâŚ
I mean who defines what is sensitive? That seems very personal and given other people will have your data on their devices this seems a stretch.
I thought this is out of Signalâs threat model/scope? It used to store its private key completely unencrypted accessible by any userland process until a few months ago. Why are they suddenly freaking out about Recall, whose data is encrypted with VBS?
Yeah I thought so too, but clearly theyâre now open to using OS features to protect their users so weâll see. Iâd like to see them sandbox their desktop apps, use the OS keystore, etc. In any case itâs the best use of DRM Iâve ever seen lol.
Cynically, I would guess they tackled this simply due to the ease of implementing this feature. This feature already exists in their mobile apps though too, so it is not unprecedented for Signal either.
Well, it completely breaks the end-to-end encryption if a third-party has access to your chats, encrypted or not. I am not aware that Signal also stored the key in plaintext on Windows. See anonfox
Meanwhile, Signal Desktop is still broken on Wayland. I wish theyâd fix that firstâŚ
Perhaps I donât know enough. Can you explain how and what you mean by this?
It did.
I guess this makes for a nice blogpost, so they didnât need drama to implement it.
The desktop client doesnât work properly (if it launches at all) when you use the wayland electron flag (--ozone-platform=wayland). When you launch it normally under a Wayland compositor, it works relatively well but it uses XWayland, which limits some functionality such as screensharing, not to mention the security issues of X11.
EDIT: Even Vesktop, an UNOFFICIAL Discord client made by volunteers supports Wayland and screensharing works perfectly fine via XDG Desktop Portal. The electron-wayland issue has been solved a long time ago, itâs pretty much just Signal that has this issue now.
This is overly generous to a tool that takes screenshots of (almost) everything you do on your computer and stores them in a neat database for a threat actor to steal 
Thanks to Signal for the insight, but this only holds true if Recall depends exclusively on high-level screen-capture APIs, where windows marked with WDA_EXCLUDEFROMCAPTURE would be excluded from snapshots.
However, there is a risk of framebuffer bypass by WDDM and many other attack surfaces, which suggests that Recall could potentially access the GPUâs compound framebuffer directly, thus bypassing application-level capture restrictions.
Remember how Edge allowed Microsoft to set the default browser automatically without user manipulation. Microsoft is used to circumventing and brutally developing features to achieve their ends.
Androidâs implementation has nothing to do with that of Windows, itâs incomparable. Google has developed in open source, according to clear security concepts. Itâs completely crazy to think that Microsoft could develop something secure without even having access to the source code (they donât give a damn about non-commercial security features).
It tries to ? Why not just automatically exclude password managers from recall ?
It is true that now the recall screenshots are encrypted using Windows hello so Iâll leave it at that. The storing them in raw is gone now.
Supporting quote:
âŚ.
âŚ. Snapshots and any associated information in the vector database are always encrypted. Encryption keys are protected via Trusted Platform Module (TPM), which is tied to your Windows Hello ESS identity, and can be used by operations within a secure environment called a Virtualization-based Security Enclave (VBS Enclave). This means that other users cannot access these keys and thus cannot decrypt this information. Device Encryption or BitLocker are enabled by default on Windows 11. For more information, see Recall security and privacy architecture in the Windows Experience Blog.
Try to have a better point next time like @Encounter5729âs, just saying [or couldâve kept it at the fact that it consistently takes screenshot and not have said any further]
Thank you kind stranger for correcting⌠presses finger to earpiece oh there have been bypasses found in the past for âWindows Helloâ. And maybe have an understanding of what VBS enclaves are before being so trusting of them, because oh oops if you have an exploit that lets you execute arbitrary code in kernel mode, itâs joever (the kernel in VTL0 needs to talk to the one in VTL1 at some point, damn thatâs crazy). And finally, I would just like to point out a fun website called âLiving Off The Land Driversâ as an addendum to the point about kernel exploitation 
Considering many OEMs have questionable implementations of biometrics on Windows I wouldnât necessarily find that reassuring. Security is completely up to the manufacturer. This might briefly deter a low-level adversary from remoting your PC to extract Recallâs data but if your threat model includes physical safety this would be a nightmare scenario. Many devices just use a web cam as facial recognition and leave their greasy fingers all over their laptop people are bound to fool it
especially since Windows by default has zero implementations of BFU protections and will let you login with biometrics upon boot so you canât even shut it off for protection
Also very important to note that Windows Hello is not the same as biometrics. Recall works perfectly well with a standard Windows Hello PIN after you initially set it up, so unfortunately there are still no physical biometric presence requirements in place with Recall 