By default, Signal doesn't recall

Original Article ↗ Hacker News Discussion ↗

DRM, Recall, and Signal’s response

  • Many see it as ironic that Signal must use a DRM-style Windows API to protect users from the OS itself.
  • Others argue it’s not “real DRM” but just a Win32 flag asking Windows not to include a window in screenshots.
  • Some liken this to GPL: using an oppressive mechanism (DRM / copyright) to enforce user freedom.

How dangerous is Recall?

  • Critics view Recall as “OS-level spyware”: continuous screenshots plus AI indexing, with high abuse potential (e.g., domestic abusers, workplace surveillance).
  • Supporters stress it is currently local-only, opt-in, and no more powerful than what Microsoft could already do with ring‑0 access.
  • Skeptics counter that once data is structured and searchable, turning on cloud sync or selective exfiltration is a small policy change, not a technical leap.
  • Comparisons are drawn to Apple’s “private cloud compute”: some see Apple as heading in the same direction, just with better marketing.

Limits of app‑level protections

  • Several point out that any process running as the user can already read Signal’s local database; blocking screenshots mainly prevents accidental capture and Recall’s separate history.
  • This gives limited “forward secrecy” against Recall’s time-bounded snapshot store, but does not stop malware or a malicious OS.
  • Some argue fighting the OS is futile; others say partial mitigations are still worthwhile in realistic threat models.

Trust, OS choice, and the “year of Linux”

  • Recall and general Windows enshittification (forced Microsoft accounts, OneDrive re‑enabling, Edge nagging) are pushing some users to Linux or macOS.
  • Long thread debates whether desktop Linux is finally ready for non‑technical users: lots of positive anecdotes but also honest reports of driver, gaming, and UX friction.
  • FOSS trust is argued to come from multi‑party review, not mere source availability; opponents note that most packages still get little scrutiny.
  • Some warn that mass migration to Linux would bring “entitled” users and new pressures; others see Valve/Steam Deck as an important booster.

Signal’s own privacy model and gaps

  • Commenters highlight that disappearing messages don’t apply to call logs, which remain as metadata even when chats auto‑delete.
  • Deleting a conversation still leaves some associated settings or identifiers, potentially revealing past contacts.
  • Signal’s continued dependence on phone numbers is criticized as brittle and exclusionary, despite new username features.

Backups, usability, and registration

  • Multiple users are more frustrated by missing features: robust backups, iOS↔Android migration, and phone‑free signup.
  • Some suggest alternative messengers with non‑phone identifiers, but others cite serious security weaknesses in those systems.