Microsoft's AI Secretly Reads Your WhatsApp, Signal Messages

Forbes

29-04-2025

Be very careful what you send.
NurPhoto via Getty Images
Update: Republished on April 28 with news that Meta's AI will also read messages.
Timing is everything. Just weeks after America's NSA warned about the hidden dangers with secure messaging platforms like WhatsApp and Signal, especially when users link phone apps to PCs and other devices, everything is suddenly worse — much worse.
Microsoft has decided to release its controversial Recall to Copilot PCs, which then continually screenshots and optically reads everything on screen to be saved behind a simple PIN. It doesn't matter how secure you think you are, if you message someone who has a Windows PC with this feature enabled, all that security falls away instantly.
As Ars Technica explains, 'even if User A never opts in to Recall, they have no control over the setting on the machines of Users B through Z. That means anything User A sends them will be screenshotted, processed with optical character recognition and Copilot AI, and then stored in an indexed database on the other users' devices.'
That means anything Users B through Z sees on screen, bar some specific data types Microsoft will try (and sometimes manage) to redact such as passwords. Ars Technica warns, that will 'indiscriminately hoover up all kinds of User A's sensitive material, including photos, passwords, medical conditions, and encrypted videos and messages.'
Unlike with new options to record phone calls, there is no warning here that your content is being saved and stored by someone else, that your secrets are now dependent on the security of countless Microsoft's Windows PCs to stay secret. That's the operative word. For Users A, this all takes place secretly, without warning or opt-out.
Cyber guru Kevin Beaumont put all this to the test and has found security and privacy holes galore. While Recall's screenshots are stored locally and secured by the infamous TPM 2.0 that stops so many Windows 10 users upgrading, once set up the only security protecting all that data is a simple PIN, to say nothing of the risk from hackers.
'To test this,' Beaumont says, 'I tasked my partner with using my device while I was away from desk to use Recall to find out who'd I'd been talking to the previous day in Signal and what I'd been saying.' She guessed the PIN and was in. 'So, in 5 minutes, a non-technical person had access to everything I'd ever done on the PC, including disappearing Signal conversations (as Recall retains anything deleted). That isn't great.'
Recall is an easy target. It was withdrawn when Microsoft first unleashed it on the world, and was put through a privacy and security sheep dip before its second coming. Now it's here again, with better opt-outs and security wraps, but with the same very basic flaws. The idea that every interaction you have with a Recall user is screenshot and kept forever without you knowing feels — at its core — very wrong.
But this is just another example of AI bringing unlimited scale to dangerous activities with ease. Your messages — disappearing or otherwise — have always been subject to a recipient screenshot. But not at industrialized scale. Similarly, targeted phishing attacks and better-written spam and brand ripoffs are all now being industrialized by AI.
Put together, the linked device warning and Recall's launch means it's time for Signal and WhatsApp and others to end their linked device options or provide some way for messages to be tagged so as only to appear on primacy devices — meaning phones. The simple truth is that secure messaging and staccato screenshotting don't mix.
In the meantime — and this is a serious warning — do remember that anything you send may not disappear into the chat archive on a phone, but may be analyzed, indexed and stored by AI in an easily searchable database on a device you do not control.
As Beaumont says, 'Recall still captures and stores things after deletion. Disappearing Signal and WhatsApp messages are still captured, as are deleted Teams messages. I would recommend that if you're talking to somebody about something sensitive who is using a Windows PC, that in the future you check if they have Recall enabled first.'
Ironically, just as Recall starts optically reading WhatsApp (and other secure messages), WhatsApp itself has stepped in to create even more AI-fueled confusion for its 3 billion users. Meta's engineers have suddenly announced that its AI will process messages after all, despite saying that it won't, but with assurances it's all done privately.
So, nothing to worry about then?
'We're sharing an early look into Private Processing,' the team posted, 'an optional capability that enables users to initiate a request to a confidential and secure environment and use AI for processing messages where no one — including Meta and WhatsApp — can access them. To validate our implementation of these and other security principles, independent security researchers will be able to continuously verify our privacy and security architecture and its integrity.'
Per Wired, 'the whole effort raises a more basic question, though, about why a secure communication platform like WhatsApp needs to offer AI features at all. Meta is adamant, though, that users expect the features at this point and will go wherever they have to to get them.' That's the crux of this new debate for billions of users.
'What makes me more nervous,' crypto expert Matthew Green posted on X, 'is what comes after these systems? Will these AIs stay strictly private? Or will they begin to share summarized private data with providers like Meta, for example to improve search results? There's a huge risk of a total privacy unraveling here.'
Despite assurances that 'Private Processing will allow users to leverage powerful AI features, while preserving WhatsApp's core privacy promise,' there are clear privacy concerns here. While Meta insists 'no one except you and the people you're talking to can access or share your personal messages, not even Meta or WhatsApp,' this is the grey area where AI is currently changing how we think about our privacy.
And even if Meta's engineers achieve this level of private processing, Recall will take its snapshots of all these private messages and will store them outside WhatsApp. For users this is becoming overly complex.
You have been warned.