Microsoft’s AI Starts Secretly Copying And Saving Your Messages
Be very careful what you send.
Timing is everything. Just weeks after America’s NSA warned about the hidden dangers with secure messaging platforms like WhatsApp and Signal, especially when users link phone apps to PCs and other devices, everything is suddenly worse — much worse.
Microsoft has decided to release its controversial Recall to Copilot PCs, which then continually screenshots everything on a user’s screen to be saved behind a simple PIN code. It doesn’t matter how secure you think you are, if you message someone who has a Windows PC with this feature enabled, all that security falls away instantly.
As Ars Technica explains, “even if User A never opts in to Recall, they have no control over the setting on the machines of Users B through Z. That means anything User A sends them will be screenshotted, processed with optical character recognition and Copilot AI, and then stored in an indexed database on the other users’ devices.”
That means anything Users B through Z sees on screen, bar some specific data types Microsoft will try (and sometimes manage) to redact such as passwords. Ars Technica warns, that will “indiscriminately hoover up all kinds of User A’s sensitive material, including photos, passwords, medical conditions, and encrypted videos and messages.”
Unlike with new options to record phone calls, there is no warning here that your content is being saved and stored by someone else, that your secrets are now dependent on the security of countless Microsoft’s Windows PCs to stay secret. That’s the operative word. For Users A, this all takes place secretly, without warning or opt-out.
Cyber guru Kevin Beaumont put all this to the test and has found security and privacy holes galore. While Recall’s screenshots are stored locally and secured by the infamous TPM 2.0 that stops so many Windows 10 users upgrading, once set up the only security protecting all that data is a simple PIN, to say nothing of the risk from hackers.
“To test this,” Beaumont says, “I tasked my partner with using my device while I was away from desk to use Recall to find out who’d I’d been talking to the previous day in Signal and what I’d been saying.” She guessed the PIN and was in. “So, in 5 minutes, a non-technical person had access to everything I’d ever done on the PC, including disappearing Signal conversations (as Recall retains anything deleted). That isn’t great.”
Recall is an easy target. It was withdrawn when Microsoft first unleashed it on the world, and was put through a privacy and security sheep dip before its second coming. Now it’s here again, with better opt-outs and security wraps, but with the same very basic flaws. The idea that every interaction you have with a Recall user is screenshot and kept forever without you knowing feels — at its core — very wrong.
But this is just another example of AI bringing unlimited scale to dangerous activities with ease. Your messages — disappearing or otherwise — have always been subject to a recipient screenshot. But not at industrialized scale. Similarly, targeted phishing attacks and better-written spam and brand ripoffs are all now being industrialized by AI.
Put together, the linked device warning and Recall’s launch means it’s time for Signal and WhatsApp and others to end their linked device options or provide some way for messages to be tagged so as only to appear on primacy devices — meaning phones. The simple truth is that secure messaging and staccato screenshotting don’t mix.
In the meantime — and this is a serious warning — do remember that anything you send may not disappear into the chat archive on a phone, but may be analyzed, indexed and stored by AI in an easily searchable database on a device you do not control.
As Beaumont says, “Recall still captures and stores things after deletion. Disappearing Signal and WhatsApp messages are still captured, as are deleted Teams messages. I would recommend that if you’re talking to somebody about something sensitive who is using a Windows PC, that in the future you check if they have Recall enabled first.”
You have been warned.