Submit the keyword or topic you are searching for

  1. Home
  2. Technology
  3. Microsoft’s AI Secretly Reads Your WhatsApp, Signal Messages
Technology

Microsoft’s AI Secretly Reads Your WhatsApp, Signal Messages

featured-image

Be very careful what you send — here’s why.

Be very careful what you send. NurPhoto via Getty Images Update: Republished on April 28 with news that Meta’s AI will also read messages. Timing is everything.

Just weeks after America’s NSA warned about the hidden dangers with secure messaging platforms like WhatsApp and Signal, especially when users link phone apps to PCs and other devices, everything is suddenly worse — much worse. Microsoft has decided to release its controversial Recall to Copilot PCs, which then continually screenshots and optically reads everything on screen to be saved behind a simple PIN. It doesn’t matter how secure you think you are, if you message someone who has a Windows PC with this feature enabled, all that security falls away instantly.



As Ars Technica explains, “even if User A never opts in to Recall, they have no control over the setting on the machines of Users B through Z. That means anything User A sends them will be screenshotted, processed with optical character recognition and Copilot AI, and then stored in an indexed database on the other users’ devices.” That means anything Users B through Z sees on screen, bar some specific data types Microsoft will try (and sometimes manage) to redact such as passwords.

Ars Technica warns, that will “indiscriminately hoover up all kinds of User A’s sensitive material, including photos, passwords, medical conditions, and encrypted videos and messages.” Unlike with new options to record phone calls, there is no warning here that your content is being saved and stored by someone else, that your secrets are now dependent on the security of countless Microsoft’s Windows PCs to stay secret . That’s the operative word.

For Users A, this all takes place secretly , without warning or opt-out. Cyber guru Kevin Beaumont put all this to the test and has found security and privacy holes galore. While Recall’s screenshots are stored locally and secured by the infamous TPM 2.

0 that stops so many Windows 10 users upgrading , once set up the only security protecting all that data is a simple PIN, to say nothing of the risk from hackers. “To test this,” Beaumont says, “I tasked my partner with using my device while I was away from desk to use Recall to find out who’d I’d been talking to the previous day in Signal and what I’d been saying.” She guessed the PIN and was in.

“So, in 5 minutes, a non-technical person had access to everything I’d ever done on the PC, including disappearing Signal conversations (as Recall retains anything deleted). That isn’t great.” Recall is an easy target.

It was withdrawn when Microsoft first unleashed it on the world, and was put through a privacy and security sheep dip before its second coming. Now it’s here again, with better opt-outs and security wraps, but with the same very basic flaws. The idea that every interaction you have with a Recall user is screenshot and kept forever without you knowing feels — at its core — very wrong.

But this is just another example of AI bringing unlimited scale to dangerous activities with ease. Your messages — disappearing or otherwise — have always been subject to a recipient screenshot. But not at industrialized scale.

Similarly, targeted phishing attacks and better-written spam and brand ripoffs are all now being industrialized by AI . Put together, the linked device warning and Recall’s launch means it’s time for Signal and WhatsApp and others to end their linked device options or provide some way for messages to be tagged so as only to appear on primacy devices — meaning phones. The simple truth is that secure messaging and staccato screenshotting don’t mix.

In the meantime — and this is a serious warning — do remember that anything you send may not disappear into the chat archive on a phone, but may be analyzed, indexed and stored by AI in an easily searchable database on a device you do not control. As Beaumont says, “Recall still captures and stores things after deletion. Disappearing Signal and WhatsApp messages are still captured, as are deleted Teams messages.

I would recommend that if you’re talking to somebody about something sensitive who is using a Windows PC, that in the future you check if they have Recall enabled first.” Ironically, just as Recall starts optically reading WhatsApp (and other secure messages), WhatsApp itself has stepped in to create even more AI-fueled confusion for its 3 billion users. Meta’s engineers have suddenly announced that its AI will process messages after all, despite saying that it won’t, but with assurances it’s all done privately.

So, nothing to worry about then? “We’re sharing an early look into Private Processing,” the team posted, “an optional capability that enables users to initiate a request to a confidential and secure environment and use AI for processing messages where no one — including Meta and WhatsApp — can access them. To validate our implementation of these and other security principles, independent security researchers will be able to continuously verify our privacy and security architecture and its integrity.” Per Wired , “the whole effort raises a more basic question, though, about why a secure communication platform like WhatsApp needs to offer AI features at all.

Meta is adamant, though, that users expect the features at this point and will go wherever they have to to get them.” That’s the crux of this new debate for billions of users. “What makes me more nervous,” crypto expert Matthew Green posted on X, “is what comes after these systems? Will these AIs stay strictly private? Or will they begin to share summarized private data with providers like Meta, for example to improve search results? There’s a huge risk of a total privacy unraveling here.

” Despite assurances that “Private Processing will allow users to leverage powerful AI features, while preserving WhatsApp’s core privacy promise,” there are clear privacy concerns here. While Meta insists “no one except you and the people you’re talking to can access or share your personal messages, not even Meta or WhatsApp,” this is the grey area where AI is currently changing how we think about our privacy. And even if Meta’s engineers achieve this level of private processing, Recall will take its snapshots of all these private messages and will store them outside WhatsApp.

For users this is becoming overly complex. You have been warned..

My Protein Germany

Myprotein UK

Menkind UK

Top News

Female senators push for higher, decent pay on Labor Day

MANILA, Philippines — On Labor Day, female senators joined...

Labor Day protest goes on despite barricades on roads off to Mendiola

Pak's ISI Chief Assigned Key Role Amid Tensions With India Over Pahalgam | Who Is Asim Malik

King and Queen extend heartfelt Labour Day wishes, honour workers as nation’s backbone

Related Posts

post-thumbnail
Technology

What to watch in May 2025: 20 new shows and movies on Netflix, Prime Video, Hulu and more

post-thumbnail
Technology

Robotic hair washer to enter Hong Kong market in June after gaining interest on mainland

post-thumbnail
Technology

Google places ads inside chatbot conversations with AI startups

post-thumbnail
Technology

May Monthly predictions: Love

post-thumbnail
Technology

IBM and Scuderia Ferrari HP Debut Reimagined Mobile App to Supercharge Global Formula 1 Fan Experience

post-thumbnail
Technology

It's Ridge Racer! Riiidge Racer! And It's Coming to PS5 Next Month

post-thumbnail
Technology

HONOR launched the MagicBook Pro 16 2025 series in China

post-thumbnail
Technology

Microsoft puts brakes on AI spending as profit increases 18%