Microsoft has re-released its controversial Recall to Copilot tool on PCs, which captures screenshots and reads messages optically without user consent. This raises significant security and privacy concerns, as users’ messages can be analyzed, indexed, and stored by the AI in an easily searchable database on a device they don’t control.
The tool can siphon sensitive material from WhatsApp and Signal messages, including photos, passwords, medical conditions, and encrypted videos and messages. Since Recall’s screenshots are stored locally and secured by TPM 2.0, only a simple PIN provides protection against hacking risks.
Cyber guru Kevin Beaumont discovered security holes in the tool and demonstrated its ability to access sensitive information without warning or opt-out. This has sparked concerns about the potential for AI-powered threats to compromise user data.
Meanwhile, Meta has announced that its new AI will process WhatsApp messages, despite earlier assurances it wouldn’t. The company claims that a “Private Processing” feature allows users to initiate secure environments for message processing, but experts have raised doubts about the effectiveness of this promise.
The linked device warning and Recall’s launch emphasize the need for secure messaging platforms like Signal and WhatsApp to reassess their linked device options or provide methods for tagging messages to only appear on primacy devices – such as phones. The increasing use of AI in messaging apps is making traditional security measures obsolete, highlighting the urgent need for better privacy protections.
Source: https://www.forbes.com/sites/zakdoffman/2025/04/29/microsofts-ai-starts-secretly-copying-and-saving-your-messages