Signal has added a new default screen protection feature on Windows 11 aimed at blocking Microsoft's AI-powered Recall from capturing its messages.
The move is a direct response to Recall's controversial return on Copilot+ PCs, a tool that automatically records screen activity at regular intervals and stores it for later search.
Signal adds “Screen Security”
The update was announced yesterday by Joshua Lund, who detailed the new “Screen Security” setting in Signal Desktop for Windows. This feature exploits Microsoft's own Digital Rights Management (DRM) APIs to render Signal's window invisible to both Recall and third-party screenshot tools. Signal's decision underscores its growing concern over Recall's data collection model, which it sees as a structural privacy threat to secure messaging applications.
Recall was initially unveiled by Microsoft in May 2024 and met with immediate backlash over its broad and continuous on-screen capture functionality. Despite Microsoft's assurances, including hardware-level encryption, VBS Enclave isolation, and opt-in design, privacy experts raised flags. Security researcher Kevin Beaumont was among the early voices warning that Recall's local snapshot storage could expose sensitive data to malware or physical access attacks. Microsoft temporarily paused the feature before re-releasing it in April 2025 with improved privacy controls as part of the rollout of Copilot+ PCs.
Copilot+ PCs, introduced by Microsoft as a premium hardware line with enhanced AI capabilities, now include Recall as a headline feature. Recall continuously captures on-screen content every few seconds and indexes it into a local searchable database using vectorized data, allowing users to find past activities via natural language queries. Microsoft claims this is a productivity booster, helping users “fly back in time” to rediscover lost content. However, its potential to capture confidential messages, passwords, or sensitive material displayed by privacy-first applications like Signal remains a central concern.
Signal is a widely used encrypted messaging platform known for its end-to-end encryption and open-source code. It is trusted by journalists, activists, government officials, and privacy-conscious users globally. Signal's technical integrity and minimal data retention model have made it a standard-bearer for private digital communication. With Recall's mechanism now potentially encroaching on that model, Signal has opted to use Microsoft's own content protection flags to opt out, by force, of Recall's reach.
Not an ideal solution
Signal's DRM-based screen security mimics the protections used by streaming services to block screen capture. According to Microsoft's developer documentation, applications using the appropriate DRM flags will be excluded from Recall and other screenshot applications. Signal's implementation automatically enables this protection on all Windows 11 installations of Signal Desktop, and users must manually disable it, with a warning prompt, if needed.
However, this privacy protection feature comes with trade-offs. Users relying on accessibility tools like screen readers or magnification utilities may face degraded functionality. Signal acknowledges this limitation but blames Microsoft's failure to offer granular developer controls for Recall, forcing apps to choose between total exposure and total blackout. The team has made the screen security toggle easy to find (under Settings → Privacy → Screen Security), but difficult to disable unintentionally.
Signal's announcement also criticizes the broader industry trend of deploying invasive AI features without robust privacy frameworks. “Take a screenshot every few seconds” is described as the kind of idea a low-capacity AI might generate, suggesting a lack of thoughtful design behind such surveillance-like features. Signal warns that combining Recall-like tools with AI agents that have elevated permissions poses a broader risk to software privacy boundaries, especially on platforms like Windows.
While Microsoft has emphasized Recall's local-only processing, encryption safeguards, and optional nature, the tension remains: Recall's architecture still lacks a standardized way for privacy-preserving apps to assert exclusion. Signal's workaround highlights how software developers are being forced to reverse-engineer protections in the absence of official APIs or opt-out mechanisms.
Copilot+ PC users concerned about Recall may disable it entirely through the Windows settings panel, activate full-disk encryption, and use strong local authentication passwords.
Im confused . Why ? I thought that if you use Winders with this kind of garbage installed , you were just okay with it . I dont see this as working on this dumpsterfire OS .