Signal is resorting to DRM to block Microsoft Recall from grabbing screenshots of your conversations. This is critical for preserving the security of the Signal app.
Microsoft Recall, a new “AI” feature, logs all apps, websites, and documents opened on a device, enabling users to “recall” or search for specific activities or information.
Signal’s encryption protects your data when it’s not being used as well as while it’s data in transit. But when you decrypt the data to use it, aka data in use, it presents an opportunity for the following types of scenarios:
- Shoulder surfing – Someone is standing right behind you. This happened to Mike Walz recently in a meeting where reporters were able to capture a picture of his phone and even read portions of the decrypted messages.
- Microsoft Recall – Microsoft’s AI assistant virtually shoulder-surfs on you, ostensibly to help you. But to be most helpful, it needs to be able to see everything you do and remember it.
- Someone gets your phone – Someone can read your decrypted messages if they gain access to your phone, whether through hacking or physical means, since Signal doesn’t require a password to open the app once the phone is unlocked.