Brave Browser Blocks Microsoft Recall by Default Due to Privacy Concerns

A significant privacy protection measure with the Brave browser now blocks Microsoft’s controversial Recall feature by default starting in version 1.81 for Windows users. 

The decision reflects growing concerns about user privacy and data security, as Microsoft’s Recall system automatically captures screenshots of user activity and stores them in a local database. 

Key Takeaways
1. Brave uniquely disables Microsoft Recall by default across all tabs.
2. It flags every tab as “private” to block Recall while preserving regular screenshot functionality.
3. Safeguards users from Recall’s plaintext screenshot database and potential misuse.

This proactive move positions Brave as the only major web browser to disable Microsoft Recall across all browsing tabs, demonstrating the company’s commitment to privacy-maximizing defaults in response to what they consider a substantial threat to user privacy.

Blocking Microsoft Recall

Microsoft first unveiled Recall in May 2024, immediately triggering widespread criticism from security and privacy advocates who highlighted significant vulnerabilities in the system’s design. 

The feature captured full-screen screenshots every few seconds and stored them in a plaintext database, creating potential exploitation opportunities for malware and unauthorized access. 

The intense backlash forced Microsoft to temporarily withdraw the feature and implement substantial revisions.

Despite Microsoft’s subsequent security improvements, Brave’s engineering team determined that the risks remained too significant to ignore. 

The company cited particular concerns about privacy-sensitive scenarios, including cases involving intimate partner violence, where persistent browsing history databases could enable harmful surveillance. 

Shivan Kaul Sahib, Brave’s VP of Privacy and Security, emphasized that the feature’s preview status and uncertain final implementation warranted immediate protective action.

According to the advisory, Brave’s solution employs an elegant technical approach that extends Microsoft’s existing privacy protections for private browsing windows to all Brave browser tabs. 

The implementation tells the Windows operating system that every Brave tab operates in ‘private’ mode, effectively preventing Recall from capturing any screenshots of Brave browsing activity. 

This method allows users to access the feature through brave://settings/privacy where they can find the “Block Microsoft Recall” toggle.

The technical implementation, detailed in GitHub pull request #29251, showcases Brave’s ability to rapidly modify Chromium’s privacy functionality without compromising other system features. 

Unlike Signal’s approach, which uses the DRM flag to disable all screenshots and inadvertently blocks legitimate accessibility software, Brave’s solution maintains granular control. 

This allows regular screenshot functionality to continue working while specifically blocking Recall, ensuring compatibility with screen-readers and other accessibility tools that depend on screenshot capabilities.

Brave’s preemptive action against Microsoft Recall represents a significant privacy milestone, establishing new standards for browser-level protection against operating system surveillance features. 

The implementation demonstrates both technical sophistication and principled commitment to user privacy, offering a template for how browsers can protect users from potentially invasive system-level features while maintaining essential functionality.

Boost detection, reduce alert fatigue, accelerate response; all with an interactive sandbox built for security teams -> Try ANY.RUN Now