Windows Recall - how to disable for specific pages in my apps

As most people should know by now, Windows Recall will come to Windows, and while it is supposed to be opt-in, with the required hardware, it has mayor security and privacy questions that are currently unknown.

I have a couple of web apps where some pages show users’ personal information. The access to these pages are restricted, but unfortunately I do not assign the access to the people that needs to be able to access these pages (I built the apps; my client lease access on the apps to organizations, and they in turn assign people their access).

As such I want to know if there is a way that I can, for example using a header or meta-tag, indicate to the browser that the current page may not be screenshot at all.

While much of this information is said to be automatically stripped by the recall AI, I am quite cautious.

The leaking (for example by hacking the recall db), would be a mayor breach of legislation, including GDPR and our local POPIA/CPA.

You cant stop a computer from screenshotting a browser window. That’s a negotiation between the browser and the OS (and i’m not even sure that applications can declare themselves exempt), not between your page and the browser.

Recall is nothing new in that regard. Someone could be running a recall-like application on their PC even before this point.

According to Microsoft’s support article, it works with a filtering list that a user can setup (allowing it to filter websites), when using a supported browser (Edge, Firefox, Opera, Chrome). They also mention an API there to control it. I was hoping the browsers have implemented such an API to allow me to blacklist the sensitive pages - instead of having to rely on users to correctly configure the filters.

At best, it would require the browsers to expose an API, which would not be standardized between browsers, so you’d probably end up having to code 4 different API calls, and then still be exposed if the user is using any of the non-big-4 browsers.

Also, you’d be letting a website dictate to your browser whether or not your local PC is allowed to record a screenshot of… the browser you’re running. Also, you still wouldnt be blocking… actual screenshots. Or other software besides Recall taking screenshots. So… uhm… if you’re depending on a browser implementing an API to interact with Microsoft’s API for your security… we need to have a conversation about your ideas of security.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.