https://community.signalusers.org/t/dont-unlink-devices-afte...
Without backups it makes sense to have a limit, like you said (though I join the person you replied to in wishing there was an option for it yo be more than 30 days), but their point is that once backups contain more than the last 30 days of messages that reason is no longer a blocker.
One caveat is that we don't offer this if you're re-linking an install that already has data but became unlinked. This is because we don't currently handle merging message histories. But if you cleared the data from the secondary install first, it would work. We're thinking of ways to make this smoother!
When I install Signal on a computer it won't show me message history. Will backups allow me to view _all_ my message history on a computer? A big screen is very helpful for browsing lots of messages.
And question: Will a backup taken today on Androis be able to be restored on iOS once released?
I have an old iPhone that has all my old Signal messages still on it that I wasnt able to move with me when I switched to Android. Is there any way that I can use these new tools to move the old conversations on my iPhone over to my android phone without losing all the new messages that are on my android now?
That is, I want to merge the two histories.
I do that and then sync that folder with another computer using SyncThing.
I believe in the UK you are legally barred from having access to iCloud ADP.
Apple are still busy fighting the UK government on it in closed-court.
Apple-bashers can continue their hate, but give Apple their due:
1. they are going in all guns blazing fighting the UK government instead of rolling over
2. if they succeed, I think they well-deserve the credit.AFAIK SyncThing only monitors for changes between files with matching names, and Signal stores each backup with a separate (timestamped) filename. Are you storing every day's backup individually, or do you have some tool for deduplicating?
That also means that Syncthing can't do better than sending the full backup. But if you're syncing via wifi (e.g. at home) it's not really a problem anyway.
This isn't an encryption problem; each device can only have one instance of Signal installed, and the latest backup (assuming it has terminated successfully) is a superset of the previous ones (aside from any messages that have dropped from retention, which you presumably don't want to be preserving, by definition).
"Deduplicate" in this context means ensuring that you only have N backups in your remote storage, rather than cumulatively storing every day.
Would you mind elaborating on why this would be an issue? 1) Tools like borgbackup provide the exact functionality you're describing and considered secure. 2) Encrypted file systems also don't re-encrypt your entire HDD whenever you change a single file.
Signal is known for its cutting-edge cryptographic protocol, but this feature has the effect of throwing that out the window and replacing it with a single static key. If a device with this enabled goes through the whole advanced protocol to receive a message (double ratcheting etc), then turns around and uploads it back to Signal’s servers with a static key, isn't that a roundabout way of replacing all of signal's protocol and its forward secrecy with a static key that has no forward secrecy?
They’re calling it "opt-in," but it doesn't look like that's actually true? You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it. In group chats, it looks like a single person turning it on eliminates signal protocol for everyone in the chat.
Based on this post, the only way to actually opt out of this is to force disappearing messages to be enabled for a time under 24 hours for every chat, which is pretty frustrating.
Signal already lags other messengers in reliability, speed, and features. The reason people use it is for its uncompromising security. Shipping something that weakens that foundation undermines the reason people use Signal.
People already can export backups of the messages they receive, in plain text, and publish those on the Internet if they way.
Signal's threat model has never included "you are directly messaging an adversarial party and expect to retain control over redistribution of those messages".
On the contrary.
https://signal.org/blog/signal-doesnt-recall/?pubDate=202508...
Well, no, that doesn't contradict what I said at all. That link isn't about treating the recipient of your messages as an adversarial actor. The recipient can still choose to enable it, if they want to provide Microsoft access to the messages they receive.
TBF Signal already supports automated key-protected backup (and has for years), it's just stored on-device, but there's no way to know what the other party is doing with that on-device backup.
I already sync my Signal backups to the cloud, because that's the most practical and time/cost-effective way to have a 3-2-1 backup system for my chats.
At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. Your recovery key is the only way to “unlock” your backup when you need to restore access to your messages. Losing it means losing access to your backup permanently, and Signal cannot help you recover it. You can generate a new key if you choose. We recommend storing this key securely (writing it down in a notebook or a secure password manager, for example).
If you don't want them to have a history only communicate via disappearing messages.
(a) is much simpler if there is a fixed identifier of a user, but that identifier doesn’t need to be the entire key or even part of it — it could be some derived material.
(b) isn’t strictly required but I would be very uneasy about allowing anyone who stole a user’s device to download even the ciphertext of that user’s future chats. Also, there’s an obvious issue that even the ciphertext reveals something about the amount of activity from the user.
(c) requires that the restoring user hold something like a private key, that said key can be derived using the restore code, and that the user’s device does not know the private key.
One straightforward-ish solution would be for the user’s device to generate, once, a key pair, a user ID, and a backup API key. (The ID and API key could be generated server-side.). The restore key is (user ID, private key). The device retains (user ID, API key, public key). To upload backups, the device establishes a secure session, sends the user ID, proves knowledge of the API key, uploads a backup, and receives a new API key. The old API key is revoked.
This means:
1. The device does not retain the ability to download future backups.
2. A clone of a device (say id the device leaks its secrets somehow) cannot be used to upload new backups on an ongoing basis without being noticed because of the API key rotation.
The exfiltration of which is as easy as exfiltration of database on device. You're not running an IDS scanning 100% of your device LTE traffic in case that happens.
>isn't that a roundabout way of replacing all of signal's protocol and its forward secrecy with a static key that has no forward secrecy?
It's opt in. And again exfiltrating the backup key is as easy as exfiltrating your messages from your device.
>You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it
You can't know if you're talking to an informant or if your contact is running Android that's receiving security updates or if it's a zero-day on wheels, either. Tech doesn't solve human problems.
You (and Signal) can't control how the recipient handles your messages if you're not using disappearing. They could be copying and pasting your messages or taking screenshots. I don't see how the backup feature is any different.
Seriously, why is the migration protocol completely different on the two platforms?
Because they don't want to make jumping to the competitor too easy.
If you're curious, the reason that Android's current local backups aren't cross platform is because it was made a long time ago, and it's literally a dump of all the sqlite statements that can be used to recreate Android's sqlite database (encrypted with a strong, random, local key). So not the most portable!
But this new thing is all cross-platform, and in the near future we'll even be making our local backups cross-platform.
> But secure backups aren’t the end of the road. The technology that underpins this initial version of secure backups will also serve as the foundation for more secure backup options in the near future. Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
iOS has had pretty decent audio format support for a few years now: even though you can't directly import FLAC files to iTunes/Music, they are supported in the OS itself since 2017 and play fine both in Files and in Safari. The other big mainstream formats (WAV, AIFF, MP3, AAC, and ALAC) have been supported for years, and even Opus finally got picked up in 2021.
About the only non-niche audio format that isn't supported natively on Apple platforms at this point is Vorbis, which was fully superseded by Opus well over a decade ago. Even then, I believe it's possible to get Vorbis support in iOS apps using various media libraries, although I'm sure Apple frowns upon it.
I'd really love to know what's causing that incompatibility.
> But this new thing is all cross-platform, and in the near future we'll even be making our local backups cross-platform.
This is excellent news! Will there also be official documentation on the backup format, potentially even official tooling like signalbackup-tools[0] to access/parse backups offline? I'm asking because, having used Signal/TextSecure for 10 years now, my backups are worth a lot to me (obviously) and there have been times when I would have liked to mine & process my backed-up data. (Extract media from conversations in an automated manner, build a more elaborate search, …)
My backups have also reached the point where they are so big (15-20 GB) that it's starting to become difficult to conduct a backup each day and sync it successfully before it gets overridden 48h later. So unless I start using the new "cloud backup" feature[1] (which I'm not sure I want to), at some point I will have to archive my existing Signal conversations somewhere and start from scratch (i.e. reset the app). In that case, it would be nice if there was an officially documented way to merge & read new and old backups offline (on my desktop), similar to what [0] provides right now.
[0]: https://github.com/bepaald/signalbackup-tools
[1]: EDIT: Actually, it seems like the new cloud backup feature doesn't support incremental backups, either? https://news.ycombinator.com/item?id=45175387
Also, as someone else noted, the format is indeed incremental. So while we'll still do the thing where we keep the last two backups on disk, because those two backups will share almost all the same media files, the size on disk will be much much smaller. As someone with a 50 GB backup file, this was very much a goal for me :)
[1] https://github.com/signalapp/Signal-Android/blob/main/app/sr...
That would be fantastic! Thanks so much!
> As someone with a 50 GB backup file, this was very much a goal for me :)
Haha, I'm glad I'm not the only one!
There's no reason to keep it secret and no reason why signal won't speak to this point.
Thanks!
Seems pretty reasonable?
For example, being able to see all media across chats, sort by file size, and optionally group by conversation would make it much easier to clean things up.
> For example, being able to see all media across chats, sort by file size, and optionally group by conversation would make it much easier to clean things up.
I have good news for you: this already exists.
On Android:
Settings >> Data and Storage >> Manage Storage >> Review Storage
This allows you to view all of your media, files, and audio across all chats, sorted by the amount of storage used. You can also delete those files individually without affecting the rest of the chat.
You can also do the same thing within a conversation.
I’m also hoping similar media management options are available on iOS and desktop, since I use Signal across devices.
By the way, does Signal treat synced devices (like desktop or a second phone) as “replicas” vs a “primary”? If so, does this affect how storage or message history is handled between them?
Would appreciate any insight from folks familiar with the technical side of this!
Choice to always store media locally on the phone.
What I miss with most messenger apps: Archiving old stuff and offload it to a remote device.
Right now Signal is 8GB in size and doesn't stop growing.
Those backups are stored locally, are platform-specific (Android-only), and there is no feasible way to automate their transfer to any other device, which means that either you have to manually manage them regularly, or you risk losing your entire message history if your phone suddenly dies (or is stolen, or broken beyond repair, etc.).
This is a true automated, off-site backup feature.
My only concern reading this is that I hope they don't remove the manual export feature once this is rolled out. I know that that feature has been technically complicated to support, but it's important for users to preserve the option to maintain control over their backups, if they want to manage backups themselves, alongside the option of having a more convenient, automated approach.
(That presumably would let me store as much as I wanted without a fee).
I wasn't even aware of the existing "local backup feature" making it more confusing -- but reading the announcement I was like, wait, the only backups avail are in Signal cloud? that doesn't seem right, why can't I get my own backup file to do what I want with?
I feel like I now understand, thanks! Personally would recommend the announcement at least reference this future roadmap too, for clarity.
I still do not quite understand why I can't have the option to just back things up to iCloud (I do understand the security implications and I'm fine with it), but ANY backup solution is better than "your data is gone, tough".
Oh, now having reread the article I do understand why I can't have any other backup options. Paid subscription. Of course.
FTFY. It's originally Apple preventing its users from easily controlling their own data.
Could you please elaborate?
iOS has secure encrypted backups, and secure encrypted cloud backups using end-to-end encryption. Signal specifically disables these mechanisms.
(No, this does not really help if you're one of the TouchID holdouts on an older SE)
The file is encrypted with the passcode and the database can be extracted.
The new offering is reasonably priced imo.
Glad to see they're finding potential revenue streams that don't compromise their focus on privacy and security.
1. It is non-incremental. This means you'll need about as much free space on your phone as your Signal database takes, and it may take many hours to make if your database is large (mine is 18GB). I used to wake up to find my phone had not even fully charged because it had been so busy writing Signal backups.
2. Once you have it on disk, how do you get it away from your phone? Especially after SyncThing disappeared from Play Store (because it was basically a non-Android app behind a thin Android shell that couldn't easily be upgraded to more modern native APIs), there's nothing super-obvious here.
I would have loved a better solution for local backups, but realistically, $2/month for cloud backup is really cheap, and a pragmatic solution.
adb pull no worky? At least for HN readers.
I recently vibe-coded a crappy Windows Go GUI to grab files off my phone via rclone & sshd4a and then optionally delete them, but it's a very manual process since sshd4a has to be running on the phone before I initiate the pull.
It's entire purpose is "make two folders identical".
It's very good at that: so good that I frequently wish it did other things - i.e. if it had some notion of minimum seeding levels so it would destage files off a device provided they were replicated elsewhere (e.g. automatically clearing old photos off your phone would be a good use of it).
It may seem obvious now, but I know most people will forget and be puzzled if their phone suffers physical damage. A lot about this has mandatory manual steps.
Yes, there are some people who will forget to do that, or just lose the restore key, but that's the security/usability trade off.
plug your phone into a computer? Install Termux and use one of the countless command line programs designed to transfer bits over a network?
This is not trivial when each backup archive is in the order of 20 GB.
People here seem to want to answer the question of how to copy data most directly, but only because that's how the problem was phrased. I'm not convinced "users had no way to sync data on their phone" was/is a real problem worth paying for YACSS for in the first place.
> But secure backups aren’t the end of the road. The technology that underpins this initial version of secure backups will also serve as the foundation for more secure backup options in the near future. Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
On Android? Easy, Termux app and then rsync to my Desktop/Laptop. Or via Solid Explorer. Or E-Mail via Blitzmail.
Non incremental is a suboptimal design decision, backups should be incremental, e.g. monthly if automated or with from-to dates.
But I wouldn't use that for backups, I'd use rsync.
That's not what happened, it was Google who started rejecting their updates on Play store. I believe the original Android app maintainer quit after that but there's a fork on on F-droid which works perfectly.
The bigger issue for third party apps will be things like Newpipe, where applying for a key will put the developers in danger of a lawsuit because it affects Google's business.
(The APK signing requirement is a fiasco, I'm not defending Google. Just pointing out that this app will probably not be as seriously impacted as others).
> Once you have it on disk, how do you get it away from your phone?
Unfortunately this doesn't work on iPhone. I have a shortcut that will do something similar that I can share but that is a lot hackier...
[0] https://github.com/stevenwalton/.dotfiles/blob/master/script...
[1] Probably better. I'm normally logged into my alt account
Ever thought about that?
You're welcome.
The solution is to split up your data into encrypted chunks, and only upload the new ones.
>
> 1. It is non-incremental.
I wonder if that's differently with the newly announced functionality. Their announcement doesn't sound like it:
> Once you’ve enabled secure backups, your device will automatically create a fresh secure backup archive every day, replacing the previous day’s archive.
I ended up using rclone on Windows with an rsync server running on the phone, I think sshd4a usually.
My solution for #2 is an sshd I start up in Termux when I need to backup. I just rsync the file onto my computer.
I didn't trust their rationale about PINs and remote attestation somehow meaning your data is secured by a small passphrase, just like I won't trust them to not remove a useful and existing feature I already rely on for backups.
Also not mentioned, they designed their existing backup solution to require reverse-engineered community solutions to actually access your data; I have to use a Github project to unencrypt the backup and export my chats, which is something I've never had to do with any other messenger.
>This is excellent news! Will there also be official documentation on the backup format, potentially even official tooling like signalbackup-tools[0] to access/parse backups offline? I'm asking because, having used Signal/TextSecure for 10 years now, my backups are worth a lot to me (obviously) and there have been times when I would have liked to mine & process my backed-up data. (Extract media from conversations in an automated manner, build a more elaborate search, …)
I'm like that poster and backup all my chats obsessively, since way back in the day, and experienced a period with Signal where it was impossible for me to access my own data because of their position.
Also, considering that linking requires access to your existing device I don't see an issue with that. Moxie himself considered usability to be more important than tinfoil hat-level crypto because large-scale adoption is what enables security.
The messages are mine, not theirs, and yet they refuse to allow me to handle them how I deem fit.
I also missed this on my first skim of the article though.
Unless you have direct insights into their dev process, your claim that the restriction be "entitely unnecessary" seems overly strong.
"They refuse to allow me" meaning "they don't add the features I want for free to the app they provide for free, so I complain".
The messages are yours, of course. But don't forget that you use their work for free. If you're not happy, go use the free work of someone else, I guess?
Allowing encrypted backups was free for Signal, but they spent time and money to prevent it for iOS users.
Part of the code the wrote to prevent backups in question:
https://github.com/signalapp/Signal-iOS/blob/5590f09c3643f12...
As in: they may not want their users to inadvertently share their Signal messages with Apple.
I was saying that maybe, Signal did not want to push their users to trust the Apple backup by default.
Signal is a nonprofit foundation, it's not like they are trying to squeeze their users with their own secure backup.
But there is also nothing (except for some secret reason they refuse to elaborate) that prevents them from allowing users to actively chose to trust Apple. Except for their own internal reasons, that is.
It's the user's data after all. The user should be able to control and access it. Sensible defaults makes sense, but the outright refusal to explain why they prevent it is very odd. I have a decent "IT hygiene", I keep my operating system updated with patches, I don't download pirated/cracked software, I have hardware-enabled encryption on my storage devices, I have a good password for my local account, I encrypt my local iPhone backups.
Why should I not be allowed to include my Signal chats in those local backups? Signal has never answered that question, which is very strange.
Wrap it in whatever security deemed necessary (or make migration/backup opt-in), but just let the blob copy over like every other app on the planet.
This cumbersome backup nonsense is a senseless no more secure bandaid for a problem that shouldn’t exist in the first place.
Backups: Encrypted on device. Key stays on device. Server has access to ciphertext.
Yapyaps: Is the backup a backdoor?
I wish they'd done that for all the other data they collect and permanently store in the cloud (name, photo, phone number, signal contacts, etc.) since you can't even opt-out of that data collection.
I wonder if now signal will finally update their privacy policy which still opens with the outright lie: "Signal is designed to never collect or store any sensitive information."
"On the other hand, symmetric algorithms such as AES are believed to be immune to Shor. In most cases, the best-known quantum key recovery attack uses Grover’s algorithm which provides a generic square-root speed-up over classical exhaustion in terms of the number of queries to the symmetric algorithm. In other words, Grover would recover the 256-bit key for AES-256 with around 2^128 quantum queries to AES compared to around 2^256 classical queries for exhaustion. "
- https://csrc.nist.gov/csrc/media/Events/2024/fifth-pqc-stand...
</pedantry>
the paper itself concludes "the practical security impact of Grover with existing techniques on plausible near-term quantum hardware is limited."
I'll save you the trouble:
- Even if you choose not to back up your chats, someone you are talking to can do it, and your messages to them will be saved in their backup.
- 100 MiB of message storage is free.
- Last 45 days of media storage is free.
- Beyond that you have to pay $1.99 per month, and get 100 GB of storage.
- Backups happen once a day.
From a product perspective, being able to switch between two iOS devices without a 3rd iOS device shouldn’t be a premium feature.
Please consider enabling local backup and restore for a single Signal instance on iOS.
I have moved Signal from an iOS device to a new iOS device multiple times. Why do you need a 3rd one?
'the point' is spam protection, alas
That data is only protected by a pin (which can be brute forced) and SGX which has a history of being leaky. Researchers even demonstrated that data could be collected from Signal at one point. There are very likely side channel attacks that would allow Signal, or the government to collect the data stored in the cloud.
https://web.archive.org/web/20250117232443/https://www.vice....
https://web.archive.org/web/20230519115856/https://community...
Oof... That's going to be tough to explain to normal users. "Sorry you've been paying for backups all this time, but you should have written down this code that you will only ever use once somewhere safe and remembered where it is. All your data is gone."
Not the right security trade-off for most people.
Signal opens themselves up to government coercion and ruined reputation otherwise.
Whatsapp chose a different approach (which is reasonable for their user base) but that means that there is an escrow key. Regardless of your choices, messages that you sent may end up "end to end encrypted" but in reality stored in the cloud with a key escrowed to Meta...
The backup feature seems to be opt-in, i.e. the requirement to write the key down won't be too surprising.
Granted, I'm sure there are a lot of people out there who just use Signal because one of their more security-conscious friends/family members told them to install it, and so you're probably right for those people.
But, frankly, I can't see how else they could do it. Offering an unencrypted option, or weakening the encryption (by storing a copy of the key on Signal's servers) would make Signal not Signal.
What issues? The only issue I've seen with Signal and media files, was on iOS, where users aren't able to download them (copy them outside the signal app).
https://github.com/signalapp/Signal-Android/issues/10135
https://github.com/signalapp/Signal-Android/issues/13098
Not that my experience invalidates that of people who have had problems, just sharing to say that the problems haven't been universal.
On Android I tap on the image in chat, 3 dots and save. Way more involved on iOS. But at least I'll be able to point this out to my iOS peers.
You can hold down on the media, and after about a second it brings up a menu where one of the options is "Save", you tap this and it will be saved to your camera roll (ie open Photos app to see it). If it's a message with multiple photos/videos, you so the same thing and all of them will be downloaded at the same time.
Or instead of holding down to get the context menu, you can tap once to open full screen view of the media which has the iOS "share" button in the bottom left, which you can use if you either want to just save one thing from a message that had multiple photos/videos, or if instead of saving to the default place - it's the standard iOS share function, so you can choose from "save to photos" (ie a the default like above), or "save to files" (accessible from the iOS file manager or from other apps), or share directly to a different app (like an email client, or an FTP client if you have one installed, or to an app like DropBox, or any other app you have that supports the OS-wide share menu).
TLDR: The help page you linked to, the top part of that iOS section (that makes it seem complicated) is just explaining how to find an overview of all previously shared media for a contact/group, and then download from there, but you don't need to do that to download it if you're already looking at what you want to download in the main chat window. The bottom part on that page is my second option from above, which is basically identical to what you say about how to do it on Android - just 3 touches (press image, press 3 dots on Android or share icon on iOS, then press save image). But it's actually the more complicated way, with a 2 touch option available (hold down on image, then press "save" :)
(p.s. to any Signal devs reading this, if you'd like to offer a free backups subscription in return for me continuing to evangelise, or beta testing on my iPhone... feel free to reach out :P
And, although personally I'm more keen on the future feature or backing up either to iCloud or to my own server, may I make a suggestion that, if paying for you to backup media, I'd prefer to be able to pay for a "family" plan - as I've moved several family members onto Signal and would like to be able to gift them free backups rather than tell them all to start paying. I suspect I'm not the only person who would think an option to share storage with 5 or more family/friends would be worth paying a bit more than your current single-account price.)
this and completly useless multi-device support is the reason I don't use Signal... Telegram is not fully e2ee but it's way more convenient here.
Even XMPP with PGP would be lightyears ahead.
Yeah convenient way to hand your data to a Russian oligarch.
PGP has no forward secrecy and OTR in XMPP lacks future secrecy, multi-device support etc.
Signal introducing end-to-end encrypted backups is exactly how Telegram should've done it decade ago.
PGP does multirecipients natively, so any restrictions there would be in the XMPP client.
I have actually tried out PGP over XMPP and is was nice once it was set up. Absolutely no state. If the message somehow gets to you it just works. Sucked when the keys expired though:
* https://articles.59.ca/doku.php?id=pgpfan:expire
PGP support on XMPP isn't really that great. Forward secrecy might be a nice addition, even if it was semi-manual. There are compatibility problems between clients for encrypted media. You don't end up with an always encrypted archive like you do with email, but that could be considered an inherent weakness of instant messaging...
Meaning --if-- when your keys get compromised the system recovers.
PGP lacks even forward secrecy, meaning key compromise alone allows retrospective decryption of every message you've ever sent.
OTR fixed that in... ...2004 https://dl.acm.org/doi/10.1145/1029179.1029200
Using PGP for secure communication in 2025 when you have option to use stateful E2EE over stuff like Signal is just bonkers.
Forcing your paranoidal perception "is just bonkers".
So either you're too young or too ignorant to have read the Snowden docs.
I think that the sort of people that use PGP are more interested in not having any messages compromised, ever, while still retaining access to their old messages in a secure way. Contrast that with, say, Signal where a forensic tool like Cellebrite will allow access to retained Signal messages[1]. Sure, most of that is due to the inherent insecurity of encrypted instant messaging over, say, encrypted email, but the users in the end don't care. They just want to be able to communicate privately.
[1] https://web.archive.org/web/20201210150311/https://www.celle...
Not everyone is paranoid at extremum.
> PGP has no forward secrecy and OTR in XMPP lacks future secrecy, multi-device support etc.
Have you ever considered that perfect-forward-secrecy is not needed by 99% of the people? And PGP (OX) can be enough of encryption that gives you multi-device support.
Btw. OTR is long dead…
Everything on Signal (at least the "original" design from a few years ago, this has started to be adjusted with the introduction of usernames and now backups and eventually syncing) is end-to-end encrypted between users, with your original phone acting as the primary communication node doing the encryption. Any other devices like desktops and tablets that get added are replicating from the original node rather than receiving new messages straight from the network.
This offers substantial privacy and security guarantees, at the cost of convenience and portability. It can be contrasted with something like iMessage, before Messages in iCloud was implemented, where every registered device is a full node that receives every new message directly, as long as they're connected at the time that it's sent.
Today's addition brings Signal to where iMessage was originally: each device is backing up their own messages, but those backups aren't syncing with one another. Based on the blog post, the goal is to eventually get Signal to where iMessage is today now that Messages in iCloud is available: all of the devices sync their own message databases with a version in the cloud, which is also end-to-end encrypted with the same guarantees as the messages themselves, but which ensures that every device ends up with the same message history regardless of whether they're connected to receive all of the messages as they come in. Then, eventually, they seem to also intend to take it one step farther and allow for arbitrary sync locations for that "primary replica" outside of their own cloud storage, which is even better and goes even further than Apple's implementation does.
If done well, I actually quite like the vision they're going for here. I'm still frustrated that they wouldn't just port the simple file backup feature from Android to the other platforms, even as just a stopgap until this is finished, but I think that the eventual completion of this feature as described will solve all of my major concerns with Signal's current storage implementation.
Yes, it's at the expense of security perhaps... But I tried to get my wife to use Signal, as well as many friends and it never stuck bar one or two. She had to use telegram to contact someone and decided she liked it and continued using it.
It is what it is.
Can I use this to restore my macOS signal backup to my iOS phone, so I once again have access to all my old messages on the phone?
> The technology that underpins this initial version of secure backups will also serve as the foundation for more secure backup options in the near future. Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
They clearly think people have bad desktop security, and still don't want this to happen. Patronizing...
Edit on
> Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
That's good, but they've said that before. I feel a bit burnt on this.
Because it seems to me that, for much of Signal's (often paranoid) audience, they'd much rather use one of the backup/sync providers they've already verified trust of, than have to additionally trust some new backup service provider.
And it also seems to me that, now that Signal has the architecture to support this, it'd be pretty easy to add additional backup-sync providers.
E.g. in the codebase for the iOS Signal client, you could implement a provider that does incremental backup sync against iCloud (i.e. CloudKit for messages + iCloud Drive for attachments) — allowing the user to use their (perhaps already paid-tier) iCloud account storage.
Same with Android and Google Drive (though Google Drive doesn't have an equivalent to CloudKit, so this might be fiddly; to get good amortized write costs, you might have to e.g. buffer row-like writes in a local replication journal, and then flush them through bulk local key inserts in a locally-partial-fetch-cached set of LevelDB files, where the updated files in the set then get flushed as single whole-file overwrites to GDrive.)
---
Note that in all cases, Signal could/should still fully encrypt this data before pushing it to the provider; the backup wouldn't be expected to be "legible" to the user.
But where, with backups synced to Signal's servers, users need to trust that Signal's E2E backups encryption works perfectly to be able to believe that Signal themselves can't then have access to your backed-up data; it's much less scary to sync to literally any other provider, who won't specifically know that they've got chat data on their hands / won't have any potential to (perhaps after a bad acquisition by a PE firm) begin thinking of themselves as a "data company" who would love to have "chat data" as an asset.
> Our future plans include letting you save a secure backup archive to the location of your choosing
That seems like an unhelpful limitation for a lot of people. For me - and as far as I know literally everyone I communicate with using Signal - the reason to use it is the E2EE for the messages. Once we have the messages or media on our own devices we're fine with having control over them ourselves. By all means also provide an option to create a secured archive for those who want it. But as long as the data can only be read using a specific app on a specific device then whatever you're creating isn't really a backup for a lot of practical purposes.
But I just use this project to export my signal messages to plaintext: https://github.com/tbvdm/sigtop
I have it auto run periodically and it's great. Makes for easy full text searching of my message history.
IMHO the point is that it's not rational. Signal is as vulnerable to the analogue hole as any other messaging platform that displays the messages on a phone screen. There was never any credible way to prevent someone who has received your message from keeping or passing on the information it contained. The idea is as unrealistic as the "disappearing message/photo" applications when confronted with any cheap phone or camera separate to the one showing that message/photo. Ultimately if you don't trust the recipient of your information to treat it as you would wish then your only choice is not to send them the information in the first place.
(and IMHO there are edge case scenario where the additional friction in exporting messages provides some protection. Particularly when your threat model involves imperfect actors)
edit: here's an example. Let's say I use 4 week disappearing message with everyone I chat with. That's imperfect of course, but let's say right now only about 5% of the people I chat with are proactively backing up/screenshotting my disappearing messages and the rest let messages expire. If Signal rolled out an "export all messages to plaintext" feature, then suddenly that 5% might become 50%. And now a lot more of my messages which used to disappear, are being preserved.
If everyone I chat with is a perfect 'threat actor' that always backups up every message they ever receive, then there's no difference at all. But most people aren't, so practically there's a big difference because now exporting to plaintext (and bypassing time restrictions) is trivial for the masses.
I just ran a backup, and it was 850MB. So having my phone upload something of that size every day would be a bit annoying.
Most of the major cloud storage platforms don't offer sync on Android.
It's not really a good fit for how the filesystem is used by Android apps.
I currently only do a Signal backup every few months (when I remember), and manually upload it to OneDrive.
I'm not going to pay for their new service - I already pay for too many storage services.
It may be inconvenient but this can be solved by using the features in the app to review your storage and save those thousands of images/audio/file sequestered inside the app out to the filesystem, then delete them from the app. You're not backing up "chats" you're backing up your image library being stored inside a chat app.
(yes I get the argument that you need to store them "in context" so save those and do the rest. there's no way 100% of that 850MB is "must have saved inside the app in chats" data, I'll bet $10 USD on it)
Edit: in context, Google Messages has none of these features and I have friends still married to Google Voice who send me tons of pics. Culling SMS requires using a third party tool to export and re-import etc. leagues behind Signal. None of it's backed up without the same third party tools as well and no built in image management.
I'd like to replace all my SMS usage with Signal. I have every text message and photo I've ever sent/received. I want to do the same with Signal.
Hope they also may it easy to pay for family/friends, maybe similar to the "donate for a friend" they have already.
https://www.eff.org/deeplinks/2014/01/after-nsa-backdoors-se...
And while I’m here, if you’re implying that Signal is Blut trustworthy, you should step out of the HN bubble and have a look around what everyone and their dog shares through less secure means
I don't feel like backing these up manually; it's a computer, and its job is to do tedious, repetitive, easy-to-forget tasks so I don't have to.
Signal is one of the few "privacy-first" services. But it is not just about privacy, it is also about having as many users as possible, which is actually important for privacy. If only people who really have "something to hide", then just using the app makes you a target. If instead it is used by millions of people for grocery shopping and dinner planning, then whoever really needs the privacy features will not stand out. The third is, of course, making money, because, of course, none of that is free.
That's why features like backups are important. Many people want them, maybe not you, but Signal is not just for you, it also makes money. By the way, that's also the reason why there are some privacy compromises, like contact discovery and the use of phone numbers, because they feel like done right, it is worth it. Note that have partially addressed both of these problems.
As a fun evening read I'd like to remind everyone of Pavel Durov's gaslighting on how their approach of everything-leaks-to-server was the right way to implement "cloud backups" for Telegram.
https://web.archive.org/web/20200226124508/https://tgraph.io...
Nice to finally see someone competent show how it's actually done :)
I even wrote a small Android app to do GDrive uploads of the encrypted backup file, watching the local backup directory for new files. (It broke with an Android version update and I haven't gotten around to fixing it.)
> Our future plans include letting you save a secure backup archive to the location of your choosing
The existing local-only option is legacy. I guess they haven't built on top of it because of that. The new option is better, and they say in the article that it should offer an option to do exactly what you ask for.
I had to install sqlcipher, find my encrypted key stored locally, find the decrypt key in apple's keychain, decrypt it using Signal's format, etc. This took a lot of trial and error, and reading a lot of existing source (special thanks to https://github.com/bepaald/get_signal_desktop_key_mac but unfortunately it did not work OOTB for me)
You already had secure and encrypted backups on your phone, which you could copy and restore, if you remembered to copy them, and write down a very long password.
The new feature is apparently a way for signal to sell cloud services.
I do think cloud based backups are very useful for less technical people. But it does not really matter if your (properly encrypted) signal backup lives on a google drive/apple cloud, or on a cloud service managed by Signal.
It leaves sort of a gross taste in my mouth that a paid service is the fix for their unhelpful UX.
Did I? Where? on iOS I don't.
Edit: there is a transfer to a new phone thing, but that only works if the old phone still works. Which makes it not a backup (it's a transfer).
All that BEFORE your phone was stolen/damaged.
I also know a large number of people who won't use it because it locks your messages up in its own walled garden. People use apps like this precisely because they want to have control over their own communications without any third parties interfering! I have never understood what kind of threat model they think they're protecting against by not letting people take their own backups and store them according to their own preferences. Whatever the reasons it is clearly a deterrent to wider adoption.
This announcement might seem like progress but I doubt it will convince any of the people I know who won't use it because at the end of the day it's still a walled garden. If and when the promise of the comments near the end of the announcement is realised and we can back up our own messages and media freely from our own devices to our own (presumably also secure) backup facilities then it will be much more interesting.
That's actually the feature I've been looking forward to. As I moved vom Android to iOS, I lost _all_ message histories from all messenger apps that use E2EE (Signal, WhatsApp, Threema, etc). The only one that "just worked" was Telegram due to not being encrypted. WhatsApp had a migration app that has to be done when setting up the iPhone, but it failed due to some bug. Signal had backups, but they didn't seem to be compatible between different OS versions.
Android to Android works
iOS to/from Android does not work
stolen phone to new phone does not work :)
It's appalling to see how poor there QA is for a company that big. They also have a migration tool for migrations between android devices without going through a Google drive, but this one didn't work either when I tried it two years ago.
Threema has this feature and it's reassuring to know that people can't open my chats when I hand my phone to someone. Or if I give the device lock/PIN to someone I trust for backup purposes but don't want them to have access to chats themselves.
Last I checked this was not possible with Signal (at least on Android).
That's very interesting.
My only concern with it would be how sustainable it is in the long term. I am using Threema currently, which has a plan for enterprises, so that seems more reliable but it's lacking in features and usability.
Another concern should be: can you trust molly? Cryptographers have been auditing Signal... who is auditing molly?
--or, of course, Joint Chiefs military coordination. I bet that was a fun surprise for the team.
Right now, theoretically, I can do this by backing up to my phone and then copying the file over. But, this has many issues. Firstly, it is manual, so it will happen way less. Secondly, it is not differential, so the storage requirements will explode. Thirdly, if my signal message archive is bigger than the free space on my phone (especially if it takes more than 50% of total space) then I'm just fucked — there's no way to back it up anywhere else. Fourthly, the backup system is EXTREMELY buggy, to the point that it takes me HOURS babysitting it every time I make a backup.
A good solution would be let me put FTP/FTPS/SFTP/SCP/WebDav/SMB/etc. credentials in the Signal app and have it do periodic differential backups to there. Let me decide if I want it to be encrypted or not based on my threat model. Tell my contacts if this is enabled and let me exclude and/or encrypt specific chats if you want to let other people apply their security model too.
Only supporting any reasonable (meaning automatic and convenient) backup system with their paid cloud and not supporting my own server smells like a money grab to me. This is utterly unacceptable in a supposedly non-profit app. I have no problem with their paid cloud being an option, to be clear.
Another problem with Signal is that they only provide an official Linux package for Debian-based distributions. This forces people using other distributions to either do repeated manual effort to pull it out of their .deb files or build it themself (which is made way harder than it should be), or rely on sketchy third parties for packags. Given how much privatea information goes over Signal, such third party packages are an extremely tempting target for anyone from criminals to national spy agencies. This lapse in security due to not packaging for any Linux except Debian-based Linux (or even providing an ideally auto-updating portable binary!) is a much larger security lapse than letting me backup to my own server conveniently. So, their cries of security concerns relating to backups ring hollow.
Overall, it's quite a shitty app. I only use it because the alternatives are worse.
> Right now, theoretically, I can do this by backing up to my phone
You don't have this option on iOS right now.
Alternatively, would it be an option to get a throwaway number you could register your old phone under?
Finally, once you have the backup, use something like https://github.com/bepaald/signalbackup-tools to merge your old phone's backup with your current phone's backup, and then reinstall Signal on your current phone from that merged backup. (Disclaimer: I have never actually done this before but signalbackup-tools has been around for a long time and the developer seems to be very responsive.)
¹) I'm talking about the traditional way of backing up Signal conversation data to an encrypted archive here, not the feature discussed in the OP.
https://sneak.berlin/20210425/signal-is-wrecking-your-images...
Also, the donation spam in Signal doesn’t let me donate Mobilecoin from the wallet right inside Signal. What’s the point of having a payments feature if I can’t use it to pay you?
Please allow payments to Signal to be done in Signal’s native payment system.
I would love to subscribe to Signal in a privacy-preserving way.
Even “High” is still total shit. I frequently contemplate hacking the client app and recompiling it to remove image recompression entirely.
Do not get me wrong. Signal is great software and i'd gladly pay for it. Honestly. But not via this underhanded nonsensical way
All of my Signal chats are set to 4 week expiry. Any media I want to keep, I save to the device.
I don’t audio record my conversations with close friends and family; why would I keep chat logs?
I don’t understand why people demand this feature. It wasn’t until the iPhone that people got accustomed to keeping every text for all time.
I don’t think it’s a healthy approach. For most of human history, you didn’t get a permanent record of private conversations you had with people. It feels like a type of hoarding, given how often people actually use/access their old (>4 weeks) chat logs.
> Once you’ve enabled secure backups, your device will automatically create a fresh secure backup archive every day, replacing the previous day’s archive.
So IIUC backups will not be incremental and I will have to re-upload my 15 GB backup archive every day? Why is that? What's the security risk here? (Obviously I'm not suggesting encrypting & uploading each message & media file individually but splitting things up into same-sized chunks, like e.g. borgbackup does.)
> At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. This key is different from your Signal PIN, which serves different purposes.
Both recovery key and Signal PIN seem to serve the exact same purpose, though, namely restoring data (conversations, contacts, account, …)? Why not unify them?
That's less of a problem when the backups are local, because access to the local backups implies access to the device, but if the backups are in the cloud with no forward secrecy, this seems like a huge security backslide for Signal.
> Most people will screenshot it, and those screenshots will end up in unencrypted cloud backups.
At least on Android apps can disable screenshots, though, which might be a simple way to deter people from doing that?
Yes, much easier to type
> So IIUC backups will not be incremental
Nope! It's very much incremental :) At least the media is. There's one blob of containing all of your messages+metadata which does have to be re-uploaded every night, but for most people that's gonna be somewhere in the low-tens of MB. Your attachments are uploaded incrementally one at a time, typically as they're sent/received, so you usually don't even have to wait to upload them at backup-time.
> Both recovery key and Signal PIN seem to serve the exact same purpose, though, namely restoring data (conversations, contacts, account, …)? Why not unify them?
This was a hard decision and something we went back and forth on. But at the end of the day, we felt the safest thing we could do for now is to use a completely separate strong, random key. We're very aware of all the trade-offs involved, but this is where we landed.
That's great to hear, thanks so much!
So after so many years of having a serious design flaw this poor substitute of a backup where you can't even save all your text for free is all they've managed to come up with?
> The reason we’re doing this is simple: media requires a lot of storage, and storing and transferring large amounts of data is expensive.
Easy fix: let the user choose his own local/cloud storage location? (at least it's planned, maybe in just another decade)
It‘s my fucking data!
(I‘m on iOS)
After moving devices I can no longer access/decrypt my oldest image/video messages, they failed to import properly.
And remember, Signal is a nonprofit. If you use it, and if you can, you should be donating.
Just save the pictures in the camera roll and important messages in your notes app of choice.
But their desktop app is built with electron.
It's extremely clunky (over 200 MB) very slow and probably inherits all electron's security issues.
I have noticed the same issue with desktop apps from Proton Mail.
Why is it that rich corporations with lots of money like shortcuts and don't care about the quality of thier software?
Those costs are for doing backups to their servers. If this supported making encrypted backups to Google drive/OneDrive/iCloud/etc, they wouldn’t have those costs, and, AFAICT, that would not be less secure, given (also FTA):
“At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. Your recovery key is the only way to “unlock” your backup when you need to restore access to your messages. Losing it means losing access to your backup permanently, and Signal cannot help you recover it.”
⇒ I think it’s more of “we were looking for a new revenue stream, and picked this as a way to get that”
There’s nothing wrong with that, but presenting it as “to get secure backups, we have to make costs” is disingenuous.
This seems highly implausible given the 2 USD/mo pricing, the existence of a free storage plan, and the non-negligible operating costs that obviously do exist.
I'd be interested if you have data that supports the idea of the economics working out though.
Keep doing voluntary donations and wait for rich people to throw 50mil at it again?
They didn't screw over anyone, for the past 8 years Signal was and remains free for everyone.
That service is not mandatory and didn't even exist before, so who exactly is screwed over?
Also, let me know where me and my friends can sign up on your particular matrix instance. What's your ToS anyway?
I also just learned that you can still backup without a subscription. That's great!
> Also, let me know where me and my friends can sign up on your particular matrix instance. What's your ToS anyway?
I said that was my personal solution and not an alternative to centralized platforms.
I know, you can download media and save it through something else, but most people just opt-in whatever is default. I think my only suggestion would be to make it real clear or even maybe have some sort of counter that says something like "39 images are no longer backed up" or "8374 media items are NOT being backed up, 507 are in backup, 29 will be removed tomorrow". This could be directly on the backup page, I'm not currently running the beta build as I installed the apk, but if it's already on there, scratch the feedback!
Thank you again for all your hard work on this, it really is appreciated (financially too!)
The only interaction I can ever see having with this key is putting it into and taking it out of my password manager....
rogerkirkness•20h ago
noman-land•20h ago
Marsymars•20h ago
tkel•20h ago
ectospheno•19h ago
sudahtigabulan•15h ago
On Android, if you know the group's name, you can search in the contact list, and the group will "magically" show up, even though it wasn't in the list.
Not the greatest UX.
prmoustache•6h ago
Also unless everyone use gpg, email isn't very secure nor confidential.
I tend to use notes on my smartphone for information I want to keep that are encrypted and synchronized on my desktop when reaching home. Having said that I often forget to copy a message to a note because it is a manual process and it is sometimes not trivial to anticipate that an info will be important enough in the future that you need it again.