Brave Software has announced a significant privacy-enhancing measure for its users by choosing to block Microsoft’s controversial Windows Recall feature by default. Citing its commitment to “privacy-maximizing defaults,” Brave will prevent Recall from taking screenshots of any content within the Brave browser. This proactive step underscores the ongoing debate surrounding user privacy and data collection in modern operating systems.
Windows Recall is an opt-in feature for Windows 11 designed to create a searchable timeline of a user’s computer activity. It functions by taking screenshots every few seconds, analyzing them for text and images, and allowing users to search through their past actions using natural language. While Microsoft intended this as a tool for convenience, it was met with widespread criticism from security experts and privacy advocates who warned that it could create a centralized, high-value target for attackers, potentially exposing everything from passwords and financial details to private messages and health records.
In response to these concerns, Microsoft implemented security enhancements, including encrypting the Recall database with Windows Hello Enhanced Sign-in Security (ESS) and providing methods for software developers to opt their applications out. Brave has utilized one of these methods to safeguard its users. Specifically, Brave developers used Microsoft’s SetInputScope API to flag all browser windows with the IS_PRIVATE input scope. This technical instruction effectively tells the Windows operating system that the content within these windows is private and should not be captured or indexed by Recall.
According to a company announcement, Brave’s decision was driven by the significant privacy risks involved, especially the danger of a user’s entire Browse history being logged. The company highlighted the potential for abuse in sensitive situations, such as cases of intimate partner violence, where a searchable history could be weaponized. The change is already active in Brave’s Nightly test builds and is scheduled to be rolled out to all stable versions of the browser in the coming weeks, though users will have the option to re-enable Recall compatibility through the browser’s settings if they choose.
Brave is not the only privacy-conscious software to take a stand against Windows Recall. In May, the encrypted messaging app Signal also implemented a block, using a DRM management flag to prevent the operating system from taking screenshots of its application window. This broader trend indicates a growing resistance from software developers who are prioritizing the protection of user data against features they deem overly invasive, forcing users and the industry to continually evaluate the balance between convenience and security.
Reference:
