It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.
Signal’s Recall brawl
In May 2024, Microsoft announced a new feature named Recall, which would take screenshots of Windows users’ activities every few seconds and retain them for later searches. Windows users could then use Microsoft’s Copilot AI to search through their previous activity. As you might imagine, this has a variety of risky implications. Shared devices, devices infected with malware that could help attackers leverage Recall, and queries for sensitive information like credit card, password, or health information all present serious security risks to users. Following pressure from security experts, the feature was postponed. But after rearchitecting with more safety features, it’s now back.
That’s why Signal recently announced it will use Windows’ built-in Digital Rights Management to block Signal content from appearing in Recall screenshots. If you’ve ever tried to take a screenshot or a recording of Netflix, for example, you may find that you are not able to see the content of your favorite streaming show in the resulting files. The same applies here: When Recall tries to … recall your Signal messages, Signal will deny permission to make these copies. Read Signal’s post.
What you can do
- The good news is, following the backlash from the security community, this most recent iteration of Recall is opt-in. A store of your prior activity — including potentially sensitive information about sources or unreported materials — may be a gold mine to attackers. Unless you have a specific need, you can simply leave it turned off.
Updates from our team
- We are thrilled to welcome Evan Summers as our newest senior digital security trainer! Evan joins us from the National Democratic Institute for International Affairs (NDI), where he spent nearly a decade, most recently as a program director on their Digital Resilience project and, before that, as a senior cybersecurity program manager. During his time at NDI, he conducted digital security trainings and audits for organizations in over a dozen countries. Along the way, he's also contributed novel ways to deliver educational material on security, including work on NDI’s CyberSim experiential learning tabletop exercises. Welcome, Evan!
- Reminder: We’re interested in learning more about journalists’ use of AI tools in your work. Our hope is to research the security and privacy properties of the most popular tools, how to use them as safely as possible, and to identify potential settings and alternatives that may address your concerns. We put together a short questionnaire on this and would appreciate your help! Please add your thoughts here: https://forms.gle/8xcMh1d2HnVbkE6SA
Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.
Best,
Martin
–
Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation
