Brave is the latest application to block Microsoft Recall, joining other privacy-conscious apps in their attempts to protect user privacy.

Microsoft Recall is the company’s controversial AI feature that takes screenshots of everything a user does on their computer. Recall then parses the screenshots into plain text, which is stored in a database that users can search with natural language queries.

Recall was almost universally slammed by critics and security experts when it was first announced, cybersecurity expert Kevin Beaumont saying Microsoft is “going to deliberately set cybersecurity back a decade & endanger customers.” Despite the company’s efforts to improve security, Beaumont found that the final release of Recall still captured sensitive information it was supposed to ignore.

The feature to filter sensitive data doesn’t appear to work reliably, across multiple devices from testing.

For example, I updated my credit card in Microsoft’s own account interface, and Recall recorded it.

In this snapshot I’d typed an invalid credit card number, but it also captured the valid card number. It indexed both, and both were findable under “credit card” in Recall search. It captured and indexed the CVV, too.

Encrypted messaging app Signal was one of the first to announce it would block Recall, and Brave has announced its browser will do the same. The company explained its decision in a blog post.

Microsoft first announced Recall in May 2024 and immediately drew fire from security and privacy advocates. Recall saved full-screen screenshots every few seconds and stored them in a local plaintext database, leaving it open for exploitation by anyone (including malware) who had access to the machine. The outcry caused Microsoft to hastily roll back the feature and re-work it significantly.

A year later, Recall is back, and Brave is ready for it. We will disable it by default for Windows 11+ users, with a toggle to turn it back on for users who really want Recall.

Brave acknowledged that Microsoft has made significant progress in its efforts to improve the security and privacy of Recall, but says it still falls short of what users of a privacy-focused browser expect.

Microsoft has, to their credit, made several security and privacy-positive changes to Recall in response to concerns. Still, the feature is in preview, and Microsoft plans to roll it out more widely soon. What exactly the feature will look like when it’s fully released to all Windows 11 users is still up in the air, but the initial tone-deaf announcement does not inspire confidence.

Given Brave’s focus on privacy-maximizing defaults and what is at stake here (your entire browsing history), we have proactively disabled Recall for all Brave tabs. We think it’s vital that your browsing activity on Brave does not accidentally end up in a persistent database, which is especially ripe for abuse in highly-privacy-sensitive cases such as intimate partner violence.

Brave says they were inspired by Signal’s decision, but their method offers more fine-tuned control than Signal.

We were partly inspired by Signal’s blocking of Recall. Given that Windows doesn’t let non-browser apps granularly disable Recall, Signal cleverly uses the DRM flag on their app to disable all screenshots. This breaks Recall, but unfortunately also breaks the ability to take any screenshots, including by legitimate accessibility software like screen-readers. Brave’s approach does not have this limitation since we’re able to granularly disable just Recall; regular screenshotting will still work. While it’s heartening that Microsoft recognizes that Web browsers are especially privacy-sensitive applications, we hope they offer the same granular ability to turn off Recall to all privacy-minded application developers.

Much like encrypted messaging apps, web browsers often have access to users’ most sensitive information. As a result, it is good to see Brave protecting user privacy and security by default, while stilling providing a way to enable Recall for those that want to use it.