Previous discussion of same topic: https://news.ycombinator.com/item?id=44053364

In short: Signal uses DRM to prevent Windows Recall (spyware) from capturing what's inside the app. It's similar to how Netflix prevents piracy.

That's an interesting use-case of web DRM.

There are other details in the article, for example about Recall forces users to use biometrics to then permit them to authenticate using a PIN code. That's an interesting observation.

I don't know why Signal calls it "DRM" because the do not use DRM for this. Typically DRM means encryption & keys are involved (which is what Netflix & others are doing with Widevine or PlayReady).

All Signal does is just a simple Windows API call to exclude window from screen capture. SetWindowDisplayAffinity function with WDA_EXCLUDEFROMCAPTURE argument: https://learn.microsoft.com/en-us/windows/win32/api/winuser/...

And Microsoft, literally call it the DRM flag. DRM doesn't insist on being encrypted.

https://learn.microsoft.com/en-us/windows/client-management/...

And that "simple Windows API" call is pretty much absolute, since it's across the stack.

Thanks for the insight, I thought they took advantage of the whole DRM stack (including HDCP in monitors) to encrypt the UI and let the monitor decrypt it.

and as plenty of people have noted, virtue signaling. As signal already saves one's entire chat history by default in an easily digestible db.

any security hole on windows that enables an attacker to get to the recall db, would just as easily enable them to get to the signal db.