For those who came in late, Recall, which is set to roll out in Windows 11 has been pretty controversial. The feature captures screenshots of almost everything users do every three seconds and neatly indexes it for your convenience or corporate surveillance.

Effective immediately, Signal's Windows desktop app will block screenshots by default to stop Recall from hoovering up private chats. If users want to switch that off to save messages or for accessibility reasons, they must dig into the settings themselves.

Signal isn’t thrilled. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content displayed within privacy-preserving apps like Signal at risk," Signal officials wrote..

“As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform, even though it introduces some usability trade-offs. Microsoft has simply given us no other option.”

Recall first appeared in May 2024, only to face immediate backlash from privacy wonks and security researchers. The criticisms weren’t just philosophical. Recall was on by default, stored screenshots in plaintext, and didn’t bother with anything resembling fine-grained user control. It was a textbook PR disaster even by Microsoft’s standards.

After yanking it out of previews, Redmond re-released a supposedly improved version. It was now opt-in, encrypted, and handed users a few more toggles. Senior Ars journo Andrew Cunningham gave Microsoft a bit of credit for fixing the basics, but the underlying snoopware remained.

It still logs Signal messages, emails, medical notes, and bank details, whether or not the people on the other end agree. Security researcher Kevin Beaumont tested the revamp and found it still screenshots his card info and decrypts the data with a mere PIN or fingerprint. And for anyone infected by common Windows malware, all bets are off.

Crucially, Microsoft hasn’t provided an API for apps to tell Recall to bog off. So Signal had to MacGyver a fix. With no privacy-preserving tools, the app uses a DRM API meant to protect copyrighted content from screenshots. It's like using a bicycle lock on a submarine hatch, but it’s all Microsoft gave them.

“We hope that the AI teams building systems like Recall will think through these implications more carefully in the future,” Signal said. “Apps like Signal shouldn’t have to implement ‘one weird trick’ to maintain their services' privacy and integrity without proper developer tools. People who care about privacy shouldn’t be forced to sacrifice accessibility upon the altar of AI aspirations either.”

Signal’s fix might block Recall if all chat participants use the Windows desktop app and don’t fiddle with the defaults. But it’s hardly watertight.