Emerging Threats

Windows Recall: What a Computer That Screenshots Everything Means for Private Messaging

July 17, 2026 7 min read Haven Team

Recall takes a snapshot of your screen every few seconds, runs text recognition over it, and files the result in a searchable local archive. Microsoft pitches it as photographic memory for your PC. For anyone who uses encrypted messaging, the same feature is an archive of every message that ever crossed the screen, including the ones that were supposed to disappear.


Microsoft announced Recall in May 2024 as a flagship feature of Copilot+ PCs. The idea: you half-remember seeing something last week, so you type "that chart about rent prices" and Recall finds the moment it was on your screen. To make that work, the system continuously captures snapshots, extracts the text with OCR, and indexes everything locally.

Within days of the first preview builds, security researchers showed that the initial implementation stored those snapshots and the OCR database in a plain SQLite file readable by any process running as the logged-in user. Extraction tools appeared almost immediately. The backlash was loud enough that Microsoft pulled the feature before general release, made it opt-in instead of on-by-default, gated access behind Windows Hello, and moved the data into encrypted storage backed by virtualization-based security. It returned through the Insider program that autumn and shipped broadly in 2025.

Those fixes were real, and they addressed the sloppiest problems. They did not address the feature's actual privacy question, because that question has nothing to do with how well the database is encrypted.

The problem is the archive existing, not how it's stored

End-to-end encryption protects a message in transit and on the server. It has never protected a message from the screen it is displayed on. That was always true: the person you write to could screenshot anything. What Recall changes is scale and defaults. A manual screenshot is a deliberate act applied to one message. Recall is an automatic act applied to every message, from a system component the other person did not choose, may not know is running, and cannot see.

Play that forward for a disappearing message. You send something with a five-minute timer to a contact whose laptop runs Recall. The timer fires, the app deletes the message on both ends, and a snapshot of it sits in your contact's Recall archive anyway, indexed by its own text, retrievable by anyone who can unlock that PC. Neither of you did anything wrong. The operating system quietly overruled the messenger's deletion contract.

The consent gap

Recall's opt-in is granted by the PC's owner. The people whose messages, photos, and video calls appear on that screen were never asked. A messaging privacy decision that used to be bilateral (you and your contact) now has a silent third party: the endpoint's OS configuration.

Who this actually endangers

Microsoft is right that snapshots stay on the device and are not used for ad targeting. But "local only" describes where the data lives, not who can get it. The realistic threats are local too:

Microsoft added content filtering that tries to skip snapshots of passwords, payment card numbers, and private browsing windows. Independent testing since launch has repeatedly found the filtering inconsistent: it catches a checkout form, then happily captures the same card number typed into a chat or displayed in an email. Filters that work most of the time are a poor foundation for a guarantee.

What messaging apps can and cannot do about it

In May 2025 Signal shipped "screen security" on Windows: it marks its window with the same DRM flag video-streaming apps use, so screenshots and Recall snapshots of the chat window come back black. Other privacy-focused apps have since taken similar measures or announced plans to. It works, with real costs: it also blocks legitimate screenshots, breaks some screen readers and accessibility tooling, and it depends on the OS honoring a flag designed for a different purpose.

The deeper limitation is structural. An app can only flag its own window. The moment a message is copied into another app, quoted in a notification, or read aloud into a transcribed call, it leaves the protected surface. A messenger can raise the cost of ambient capture; it cannot make an operating system stop photographing itself.

A useful way to update your threat model: treat "what my contact's device does by default" as part of the conversation's attack surface. It always was, but the default used to be "nothing." The operating assumption we suggest for 2026

Practical steps

If you run Windows on a Copilot+ machine and care about the confidentiality of your communications:

None of this is a reason to abandon encrypted messaging, which still protects you from every network and server adversary it always protected you from. It is a reason to stop treating the endpoint as neutral ground. The industry spent fifteen years getting encryption in transit right. The next fight is over what the endpoint quietly remembers, and Recall is the clearest sign so far that the endpoint's defaults are moving in the wrong direction.

Try Haven free for 15 days

Encrypted email and chat in one app. No credit card required.

Get Started →