Backing up Signal on Android for free and offline was ~always possible. The app creates a multi GB backup file on the phone memory under the Signal folder that you can just copy out and back on a new phone.
The file is encrypted with the passcode and the database can be extracted.
There are a couple of problems with the existing backup:
1. It is non-incremental. This means you'll need about as much free space on your phone as your Signal database takes, and it may take many hours to make if your database is large (mine is 18GB). I used to wake up to find my phone had not even fully charged because it had been so busy writing Signal backups.
2. Once you have it on disk, how do you get it away from your phone? Especially after SyncThing disappeared from Play Store (because it was basically a non-Android app behind a thin Android shell that couldn't easily be upgraded to more modern native APIs), there's nothing super-obvious here.
I would have loved a better solution for local backups, but realistically, $2/month for cloud backup is really cheap, and a pragmatic solution.
dns_snek · 1h ago
> Especially after SyncThing disappeared from Play Store (because it was basically a non-Android app behind a thin Android shell that couldn't easily be upgraded to more modern native APIs), there's nothing super-obvious here.
That's not what happened, it was Google who started rejecting their updates on Play store. I believe the original Android app maintainer quit after that but there's a fork on on F-droid which works perfectly.
graemep · 32m ago
fork that will work perfectly until year after next.
stevenwalton · 22m ago
> Once you have it on disk, how do you get it away from your phone?
Since we're talking about Android, a great method is to just use Termux and rsync. You can write a pretty quick and dirty shell script to accomplish this. Here, I'll drop mine[0]. It's no the cleanest but it'll get the job done and has some documentation to it. It will check if you're on WiFi and connected to a specific SSID. You can change this around pretty easily to do different things like point at 2 servers, use Tailscale, give a white list of allowed SSIDs, change the rsync to have it delete from the local storage, or whatever. If you don't know how you can reply to this comment or open an issue and I'll respond[1].
Unfortunately this doesn't work on iPhone. I have a shortcut that will do something similar that I can share but that is a lot hackier...
[1] Probably better. I'm normally logged into my alt account
autoexec · 1h ago
> Once you have it on disk, how do you get it away from your phone?
plug your phone into a computer? Install Termux and use one of the countless command line programs designed to transfer bits over a network?
whatevaa · 1h ago
On Linux KDE connect can mount your phones filesystem as FUSE filesystem and then you can use desktop file explorer like dolphin. It's even integrated and automatically apears as an option. Quite convenient, I would say. Performance is pretty good too.
andrepd · 1h ago
Any Linux desktop can do that via MTP (Google doesn't allow access as mass storage anymore)
taylortbb · 33m ago
Doesn't MTP require plugging in a USB cable? KDE Connect works wirelessly as long as your phone and computer are on the same network.
godelski · 8m ago
KDE Connect just uses an SFTP file mount. You can do that on any system that you can ssh.
But I wouldn't use that for backups, I'd use rsync.
The $1.99/m is not for the up front work of fixing what sucks about current backups though, it's just bundling those fixes in with YACSS (Yet Another Cloud Storage Subscription) is the only way to get people to pay their "reasonable" recurring fee.
People here seem to want to answer the question of how to copy data most directly, but only because that's how the problem was phrased. I'm not convinced "users had no way to sync data on their phone" was/is a real problem worth paying for YACSS for in the first place.
godelski · 15m ago
Not to mention that this is a pretty good way to fund Signal. That's always been a challenge with Open Source projects as not enough people want to donate. On that note, a lot of companies will do donation matching and just saying, that's one way you could go about it if you feel inclined. For an app I use every day, I don't mind throwing them some beer money (and having work pitch in too). I get more utility out of it than my Spotify subscription
andrepd · 58m ago
Explicitly, from TFA:
> But secure backups aren’t the end of the road. The technology that underpins this initial version of secure backups will also serve as the foundation for more secure backup options in the near future. Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
zamadatix · 41m ago
Yeah, they're definitely fully aware. If they ever do actually get cross device local backup I'll be particularly pleased, several years back the stance was basically "working as intended".
I would use scp under Termux to copy the backup away personally.
jp191919 · 32m ago
>2. Once you have it on disk, how do you get it away from your phone?
I've been using Nextcloud for my backups for the past couple years.
nottorp · 1h ago
> Once you have it on disk, how do you get it away from your phone?
adb pull no worky? At least for HN readers.
Sesse__ · 1h ago
Any backup that needs manual intervention is no backup.
dmesg · 1h ago
Even automatic backups run at intervals to cause less server load. The article says you absolutely have to write down your restore key too (They say notebook or PW manager).
It may seem obvious now, but I know most people will forget and be puzzled if their phone suffers physical damage. A lot about this has mandatory manual steps.
kelnos · 2m ago
I think you misunderstand. Any backup that requires a manual step every time a backup is created is not a backup. A backup that requires some one-time manual setup, like recording a restore key, is fine.
Yes, there are some people who will forget to do that, or just lose the restore key, but that's the security/usability trade off.
nottorp · 1h ago
Thought people are talking about backups without a "cloud" involved. So you'd need to manually connect your phone to something...
nine_k · 1h ago
Wireguard + syncthing (from F-Droid) work fine. Triggering it when the phone is on the charger makes it very easy to sync things from a computer to the phone, while next to the computer.
hiq · 8m ago
To be clear, Signal + Syncthing also works fine, that's what I have.
Sesse__ · 1h ago
What? My phone has a perfectly working 802.11 chipset, which is able to talk to my very own machines that are not in a cloud, no manual connection needed. This is purely a software/ecosystem issue.
dmesg · 1h ago
Imagine we could run the backup server backend self-hosted and FLOSS. Like Vaultwarden, the upstream bitwarden client API.
bmicraft · 1h ago
Foldersync is a great app
jcynix · 1h ago
> Once you have it on disk, how do you get it away from your phone?
On Android? Easy, Termux app and then rsync to my Desktop/Laptop. Or via Solid Explorer. Or E-Mail via Blitzmail.
Non incremental is a suboptimal design decision, backups should be incremental, e.g. monthly if automated or with from-to dates.
tjoff · 2m ago
Yeah, didn't see it mentioned, I trust it will still be available?
growse · 2h ago
Personally, I find that having orchestrate and regularly schedule the exporting of that file off my device to somewhere else, and then look after it there to be not "free".
The new offering is reasonably priced imo.
_heimdall · 1h ago
Agreed. I prefer setting it up myself and have had Signal backing up to my home server for a few years now, but for most users an opt-in with a basic free tier and cheap enough paid plan makes a lot of sense.
Glad to see they're finding potential revenue streams that don't compromise their focus on privacy and security.
dcow · 9m ago
They even say they’re committed to offering BYO storage as the feature matures
paxys · 1h ago
Hiding relevant info behind "..." all over the post is annoying. Instead of reading through it like normal one has to read and click those little dots a dozen times.
I'll save you the trouble:
- Even if you choose not to back up your chats, someone you are talking to can do it, and your messages to them will be saved in their backup.
- 100 MiB of message storage is free.
- Last 45 days of media storage is free.
- Beyond that you have to pay $1.99 per month, and get 100 GB of storage.
- Backups happen once a day.
djrj477dhsnv · 1m ago
I'd much rather be able to simply rsync the data folder for all apps on my phone without having the hardware KeyStore breaking backups installed on another device.
siva7 · 1m ago
So it's stored on their server? I don't get why they can't simply store it safely on the apple or google user cloud like every other messaging app
kelnos · 5m ago
I don't get this. The local-only backup option is already encrypted. Why can't they include an option for me to upload it somewhere of my choosing, like Google Drive, or even using Android's built-in backup system, so I can do it for free (my current backup file is well over a GB)? I already donate $5/mo to Signal Foundation; building a paid-only backup solution gives me a bad taste.
I even wrote a small Android app to do GDrive uploads of the encrypted backup file, watching the local backup directory for new files. (It broke with an Android version update and I haven't gotten around to fixing it.)
akkartik · 2h ago
This looks brilliant. I just hope they make it easy to do test restores. In particular, I want to test restore without perturbing my main device. Let me restore using the secret key on a new device.
When I install Signal on a computer it won't show me message history. Will backups allow me to view _all_ my message history on a computer? A big screen is very helpful for browsing lots of messages.
greysonp · 1h ago
Hi there, Signal dev here. You can sort of do this! You can restore on your new device, and while you will be unregistered on your old device, all of the data is still there. So if you see that something is amiss on the new device, you could re-register on your old device and you'd be right back where you started. This is actually one of the ways we test the feature with our own personal data.
enriquto · 29m ago
What do you mean by "device" here? I use signal on several computers at the same time. Will this break in new versions?
oezi · 51m ago
Multi-device would be a nice feature.
And question: Will a backup taken today on Androis be able to be restored on iOS once released?
amluto · 2h ago
Wow, maybe as a side effect users will be able to migrate between Android and iOS without losing their message history.
Seriously, why is the migration protocol completely different on the two platforms?
greysonp · 1h ago
Hi there, Signal dev here. The new backup format is indeed cross-platform. I've successfully restored backups on an iPhone, we're just stabilizing things :)
If you're curious, the reason that Android's current local backups aren't cross platform is because it was made a long time ago, and it's literally a dump of all the sqlite statements that can be used to recreate Android's sqlite database (encrypted with a strong, random, local key). So not the most portable!
But this new thing is all cross-platform, and in the near future we'll even be making our local backups cross-platform.
oezi · 49m ago
Will the new backup format support also conversion of filetypes between Android and iOS? In the past Voice Memos from Android couldn't be opened on iOS if they weren't sent directly between participants.
Nathan2055 · 18m ago
That's really surprising to me.
iOS has had pretty decent audio format support for a few years now: even though you can't directly import FLAC files to iTunes/Music, they are supported in the OS itself since 2017 and play fine both in Files and in Safari. The other big mainstream formats (WAV, AIFF, MP3, AAC, and ALAC) have been supported for years, and even Opus finally got picked up in 2021.
About the only non-niche audio format that isn't supported natively on Apple platforms at this point is Vorbis, which was fully superseded by Opus well over a decade ago. Even then, I believe it's possible to get Vorbis support in iOS apps using various media libraries, although I'm sure Apple frowns upon it.
I'd really love to know what's causing that incompatibility.
V__ · 1h ago
Are there any plans to allow backups to a custom server or another folder?
andrepd · 56m ago
From tfa:
> But secure backups aren’t the end of the road. The technology that underpins this initial version of secure backups will also serve as the foundation for more secure backup options in the near future. Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
crystaln · 2h ago
This is mentioned as a future feature.
antris · 2h ago
> Seriously, why is the migration protocol completely different on the two platforms?
Because they don't want to make jumping to the competitor too easy.
cosmic_cheese · 1h ago
This is the result of differing storage implementations in the app between platforms and has nothing to do with the platform itself. Painless cross-platform migration is possible but simply wasn’t factored into the original design. IIRC WhatsApp also has this problem.
gardnr · 1h ago
I am happy to see Signal charging for premium features.
From a product perspective, being able to switch between two iOS devices without a 3rd iOS device shouldn’t be a premium feature.
Please consider enabling local backup and restore for a single Signal instance on iOS.
georgeck · 2h ago
It would be really useful to have more client-side control over media storage. That way, I could better manage storage growth without wiping entire threads.
For example, being able to see all media across chats, sort by file size, and optionally group by conversation would make it much easier to clean things up.
sir_brickalot · 28s ago
To your point: What I am missing with Signal:
Choice to store media locally on the phone.
What I miss with most messenger apps: Archiving old stuff and offload it to a remote device.
Right now Signal is 8GB in size and doesn't stop growing.
chimeracoder · 2h ago
> It would be really useful to have more client-side control over media storage. That way, I could better manage storage growth without wiping entire threads.
> For example, being able to see all media across chats, sort by file size, and optionally group by conversation would make it much easier to clean things up.
I have good news for you: this already exists.
On Android:
Settings >> Data and Storage >> Manage Storage >> Review Storage
This allows you to view all of your media, files, and audio across all chats, sorted by the amount of storage used. You can also delete those files individually without affecting the rest of the chat.
You can also do the same thing within a conversation.
mfsch · 6m ago
The issue I have with this is that it deletes the whole message, not just the media. In WhatsApp, you can delete media from the images/video folders and the messages remain in the conversation, they even still have the blurry preview iirc. In Signal, you end up with gaps in your history instead.
georgeck · 2h ago
Thanks, that’s helpful.
I’m also hoping similar media management options are available on iOS and desktop, since I use Signal across devices.
By the way, does Signal treat synced devices (like desktop or a second phone) as “replicas” vs a “primary”? If so, does this affect how storage or message history is handled between them?
Would appreciate any insight from folks familiar with the technical side of this!
wpollock · 1h ago
On my Samsung: Settings >> Device Care >> Storage
derefr · 46m ago
@Signal devs: any reason that the only two options for backup are now "locally" (flexible, but only solves for some use-cases) or "to Signal's special servers" (not flexible; might be legally impossible for many users to enable)?
Because it seems to me that, for much of Signal's (often paranoid) audience, they'd much rather use one of the backup/sync providers they've already verified trust of, than have to additionally trust some new backup service provider.
And it also seems to me that, now that Signal has the architecture to support this, it'd be pretty easy to add additional backup-sync providers.
E.g. in the codebase for the iOS Signal client, you could implement a provider that does incremental backup sync against iCloud (i.e. CloudKit for messages + iCloud Drive for attachments) — allowing the user to use their (perhaps already paid-tier) iCloud account storage.
Same with Android and Google Drive (though Google Drive doesn't have an equivalent to CloudKit, so this might be fiddly; to get good amortized write costs, you might have to e.g. buffer row-like writes in a local replication journal, and then flush them through bulk local key inserts in a locally-partial-fetch-cached set of LevelDB files, where the updated files in the set then get flushed as single whole-file overwrites to GDrive.)
---
Note that in all cases, Signal could/should still fully encrypt this data before pushing it to the provider; the backup wouldn't be expected to be "legible" to the user.
But where, with backups synced to Signal's servers, users need to trust that Signal's E2E backups encryption works perfectly to be able to believe that Signal themselves can't then have access to your backed-up data; it's much less scary to sync to literally any other provider, who won't specifically know that they've got chat data on their hands / won't have any potential to (perhaps after a bad acquisition by a PE firm) begin thinking of themselves as a "data company" who would love to have "chat data" as an asset.
jimkleiber · 44m ago
Perhaps they will?
> Our future plans include letting you save a secure backup archive to the location of your choosing
_aavaa_ · 29m ago
A backup option has been missing for years. Future plans on this particular topic seem to take forever.
nout · 8m ago
What is the UX for the 64 characters key? Does it at least use a wordlist (e.g. like BIP 39)?
y7 · 2h ago
Without paying for remote backups, can I just manage my own backup on my own hard drive, and restore it when I want to?
jewel · 2h ago
Yes! That has been supported for a long while. At least on Android, go to Settings -> Chats -> Chat Backups. Set up a schedule and a passphrase and a folder, and it will export your chats every day.
I do that and then sync that folder with another computer using SyncThing.
joshjob42 · 2h ago
Only on Android, not iOS.
cherryteastain · 1h ago
It's not Signal's fault that Apple does not let you access the most basic feature of an operating system - the filesystem.
joshjob42 · 1h ago
They do and have done for years now. There’s been a files app since 2017. They’ve had Advanced Data Protection available for iOS backups since 2022. Signal has just been lazy and found maintaining the Android backups to be a pain, so they refused to implement it for iOS.
ls612 · 47m ago
Can Signal on iOS not save in the Files app like any other app that uses documents?
swores · 41m ago
From the point of view of iOS, yes it can (the person you're replying to is wrong, as explained by the other person who replied to them). But no, the Signal iOS app does not currently have that functionality.
Bender · 1h ago
I do not see anything like that in Android 14 uLefone Armor 24 is on 14 vendor build. I've had to use a dodgy app to back up messages.
chimeracoder · 2h ago
> I do that and then sync that folder with another computer using SyncThing.
AFAIK SyncThing only monitors for changes between files with matching names, and Signal stores each backup with a separate (timestamped) filename. Are you storing every day's backup individually, or do you have some tool for deduplicating?
hiq · 4m ago
Encrypted backups can't be deduplicated unless the encryption is flawed. There shouldn't be a way to tell that one Signal backup is somewhat related to another, unless you have the passphrase.
That also means that Syncthing can't do better than sending the full backup. But if you're syncing via wifi (e.g. at home) it's not really a problem anyway.
navigate8310 · 2h ago
>The technology that underpins this initial version of secure backups will also serve as the foundation for more secure backup options in the near future. Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
nairb774 · 2h ago
Yep. Local backup generation has been around for at least a few years. You can have signal make a backup for you every day. You just need to get it off the device. This looks to be adding a remote option for this existing feature.
gruez · 1h ago
Only on android, not ios
adastra22 · 57m ago
I have unfortunately lost signal history on various devices. Most recently I lost my iOS history when I restored from a backup without following the right procedure to keep Signal history. I have the full history on my desktop macOS signal though.
Can I use this to restore my macOS signal backup to my iOS phone, so I once again have access to all my old messages on the phone?
arusahni · 50m ago
From the tail end of the blog post:
> The technology that underpins this initial version of secure backups will also serve as the foundation for more secure backup options in the near future. Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
maqp · 15m ago
Shoutout to Signal team for another fantastic achievement!
As a fun evening read I'd like to remind everyone of Pavel Durov's gaslighting on how their approach of everything-leaks-to-server was the right way to implement "cloud backups".
Nice to finally see someone competent show how it's actually done :)
X-Istence · 2h ago
I already pay Apple for storage, please just back up my chats/media to iCloud.
vigilans · 1h ago
This BS is why I completely stopped donating to the signal foundation.
The messages are mine, not theirs, and yet they refuse to allow me to handle them how I deem fit.
teiferer · 1h ago
Have you read the article? They are working on it.
vigilans · 1h ago
Thank you. I should have read to the end, and I'm glad they're planning to support backups stored on their users' media.
rPlayer6554 · 1h ago
Where does it say that?
sambostock · 57m ago
> Our future plans include letting you save a secure backup archive to the location of your choosing, [...]
I also missed this on my first skim of the article though.
layer8 · 1h ago
“Our future plans include letting you save a secure backup archive to the location of your choosing”.
rconti · 2h ago
Are they still refusing to do anything about their painful 30 day device unlinking policy? If they can support full backups, surely they can accomplish this.
Device queues need to expire at some point. At that point you aren’t “linked” anymore. What do you want them to do instead?
swores · 36m ago
Well if somebody has a year of messages backed up on Signal's servers (with this new feature), and one of their linked devices gets turned on after two months of being turned off, they could surely pull the messages from the backup rather than from the normal queue but do it seemlessly so that from a user point of view the device just never got unlinked?
Without backups it makes sense to have a limit, like you said (though I join the person you replied to in wishing there was an option for it yo be more than 30 days), but their point is that once backups contain more than the last 30 days of messages that reason is no longer a blocker.
izacus · 33m ago
Give users control over expiration and allow longer timeout.
growse · 2h ago
Full message content seems to be free, with the option to pay £1.59pm for all media included (45 days of media included in the free tier).
Seems pretty reasonable?
rogerkirkness · 2h ago
The main way I specialize messages at this point is basically 'Am I going to want this later'? If the answer is yes, I use email. If not I use Signal. It's interesting this was the most requested feature... it wouldn't be for me even though I love Signal.
tkel · 2h ago
It's important for Signal groups, because on a new device without a backup the groups you were in don't show up until someone sends a message in the group. Say if you were the only admin in an announcement-only group, no one else can send a message in the group, so that group is now lost to you.
ectospheno · 2h ago
This is the only backup feature I’m interested in. I use signal for the expiring chats.
Marsymars · 2h ago
I like this idea, but I don't think I'd ever be able to convince my wife to run that analysis on any particular message before she decides whether to email or to message me on Signal.
noman-land · 2h ago
You can imagine even the same person having some conversations they would want to keep and some they wouldn't.
jwr · 2h ago
This is so incredibly important! I am very happy to see this, the fact that you could not do a backup on iOS and you would lose everything in case your device dies is the biggest drawback of Signal.
I still do not quite understand why I can't have the option to just back things up to iCloud (I do understand the security implications and I'm fine with it), but ANY backup solution is better than "your data is gone, tough".
Oh, now having reread the article I do understand why I can't have any other backup options. Paid subscription. Of course.
jemiluv8 · 1h ago
Feels like a really good way to finally get Signal to start working towards sustainability. I see myself paying just to help this incredible product continue serving its mission
3np · 1h ago
> This is so incredibly important! I am very happy to see this, the fact that you could not do a backup on iOS and you would lose everything in case your device dies is the biggest drawback of iOS.
FTFY. It's originally Apple preventing its users from easily controlling their own data.
saurik · 24m ago
Apple 100% supports this, and has since day one, backing up securely to your local computer with no cloud in sight--and, in fact, has always been an industry leader on this, as they understand backups directly help their hardware sales--but Signal goes out of their way to block it.
6thbit · 44m ago
I'm glad they're opening up a new revenue stream tied to something that provides real value to customers, like backups.
Hope they also may it easy to pay for family/friends, maybe similar to the "donate for a friend" they have already.
IshKebab · 1h ago
> Losing it means losing access to your backup permanently, and Signal cannot help you recover it.
Oof... That's going to be tough to explain to normal users. "Sorry you've been paying for backups all this time, but you should have written down this code that you will only ever use once somewhere safe and remembered where it is. All your data is gone."
Not the right security trade-off for most people.
tgsovlerkhgsel · 1h ago
Absolutely the right security trade-off for Signal users. Anything else would devalue the entire product.
Whatsapp chose a different approach (which is reasonable for their user base) but that means that there is an escrow key. Regardless of your choices, messages that you sent may end up "end to end encrypted" but in reality stored in the cloud with a key escrowed to Meta...
The backup feature seems to be opt-in, i.e. the requirement to write the key down won't be too surprising.
elvisloops · 1h ago
The implementation feels uncharacteristically crude for Signal. Instead of seamless protections, you just get handed 64 characters you’re told to “store securely.” That’s not realistic: most people will screenshot it, and those screenshots will end up in unencrypted cloud backups.
iamtheworstdev · 1h ago
there are more than a few backup providers that do this security trade off with user acceptance of the risk. if this trade off isn't good for the user, they can use any other number of insecure backups.
0x457 · 1h ago
If they were able to recover backups for you, then it wouldn't be secure. Right trade-off.
staplers · 1h ago
It's this way, or it's not encrypted. The whole premise of their privacy model requires this.
Signal opens themselves up to government coercion and ruined reputation otherwise.
ngrilly · 47m ago
What is the reason for saving the end-to-end encrypted backup files on Signal backup servers instead of iCloud or Google backup service, as most of us are already paying for this storage?
drnick1 · 31m ago
Besides the obvious (they want/need the revenue from selling their own solution), many people using Signal do so in an effort to move away from Big Tech and/or on devices with custom ROMs.
drnick1 · 24m ago
Are backups really necessary? I have always regarded texts (over Signal or SMS) as ephemeral. No one is or should be sending valuable information over Signal, and if you happen to receive something you want to keep, you can always do so manually.
3form · 11m ago
For many people the messages are meaningful long term (including myself), and I consider ability to preserve your personal data as a base electronic right.
rlpb · 11m ago
How should users send valuable information then, if they require E2E encryption?
mimischi · 15m ago
Why do you think our should not? Sincerely asking.
And while I’m here, if you’re implying that Signal is Blut trustworthy, you should step out of the HN bubble and have a look around what everyone and their dog shares through less secure means
drnick1 · 23s ago
I did not mean to say that there are better options for encrypted communication. My point was that my use case is texts like "I'll be in the gym at 6:00 bro", not things that I really want to keep or backup. If someone sends a picture or a file that I want to keep, I can already do so manually.
joshjob42 · 2h ago
It's a real shame they aren't implementing this on iOS in beta before the new iPhone launch. Android has had backups for a long time, just locally. iOS users have been SOL so if anything goes wrong with the transfer and sync on your new phone, you're screwed.
Klonoar · 35m ago
Signal has done a very poor job of calling out that you can optionally connect your old and new phone via cable; the transfer will be much more stable and quick.
(No, this does not really help if you're one of the TouchID holdouts on an older SE)
declan_roberts · 1h ago
Am I still required to add a phone number to use signal? What's the point of that. Every single person in the USA (and probably world) is quickly and trivially de-anonymized with a phone number.
throawayonthe · 1h ago
nobody has access to your phone number from your account, and when subpoenad they are unable to provide it:https://signal.org/bigbrother/
'the point' is spam protection, alas
jdthedisciple · 45m ago
perhaps said too much on a whim, but why should I backup my Signal... or WhatsApp, or any other communications.
live in the moment. let things pass. there is probably no fortune hidden in it anyway...
Sanzig · 40m ago
IIRC, that used to be the opinion of the Signal project as well, but backups are such a requested feature it looks like they've finally decided to offer it.
mihaaly · 31m ago
perhaps others see it differently
Ericson2314 · 52m ago
That's great they are doing a paid feature, but I really just want my desktop to back up my phone.
They clearly think people have bad desktop security, and still don't want this to happen. Patronizing...
Edit on
> Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
That's good, but they've said that before. I feel a bit burnt on this.
netule · 1h ago
Do I get this for free if I’m a monthly donator?
drnick1 · 27m ago
Signal is open source, so security claims can be verified unlike anything made by Apple or other Big Tech companies.
IshKebab · 1h ago
Doesn't sound like it, but just decrease your donation and buy a subscription. Donations are donations.
withinrafael · 1h ago
Do backups get pruned over time? Is there an expiration? I don't think folks want old lost-key backups sitting around forever for quantum to catch up, right?
blintz · 1h ago
It’s symmetric keys, so quantum doesn’t matter.
ktosobcy · 57m ago
> In the past, if you broke or lost your phone, your Signal message history was gone.
this and completly useless multi-device support is the reason I don't use Signal... Telegram is not fully e2ee but it's way more convenient here.
Even XMPP with PGP would be lightyears ahead.
Nathan2055 · 28m ago
This has been the advantage, and the drawback, of Signal's security model from the start.
Everything on Signal (at least the "original" design from a few years ago, this has started to be adjusted with the introduction of usernames and now backups and eventually syncing) is end-to-end encrypted between users, with your original phone acting as the primary communication node doing the encryption. Any other devices like desktops and tablets that get added are replicating from the original node rather than receiving new messages straight from the network.
This offers substantial privacy and security guarantees, at the cost of convenience and portability. It can be contrasted with something like iMessage, before Messages in iCloud was implemented, where every registered device is a full node that receives every new message directly, as long as they're connected at the time that it's sent.
Today's addition brings Signal to where iMessage was originally: each device is backing up their own messages, but those backups aren't syncing with one another. Based on the blog post, the goal is to eventually get Signal to where iMessage is today now that Messages in iCloud is available: all of the devices sync their own message databases with a version in the cloud, which is also end-to-end encrypted with the same guarantees as the messages themselves, but which ensures that every device ends up with the same message history regardless of whether they're connected to receive all of the messages as they come in. Then, eventually, they seem to also intend to take it one step farther and allow for arbitrary sync locations for that "primary replica" outside of their own cloud storage, which is even better and goes even further than Apple's implementation does.
If done well, I actually quite like the vision they're going for here. I'm still frustrated that they wouldn't just port the simple file backup feature from Android to the other platforms, even as just a stopgap until this is finished, but I think that the eventual completion of this feature as described will solve all of my major concerns with Signal's current storage implementation.
maqp · 34m ago
>"Telegram is not fully e2ee but it's way more convenient here."
Yeah convenient way to hand your data to a Russian oligarch.
PGP has no forward secrecy and OTR in XMPP lacks future secrecy, multi-device support etc.
Signal introducing end-to-end encrypted backups is exactly how Telegram should've done it decade ago.
mtzaldo · 1h ago
I would like to have the option to have chats without encrypting the media. It will nice to backup the media directly to a NAS.
ipv6ipv4 · 1h ago
That Signal data doesn’t just transfer like any other data on iOS when upgrading phones is seriously dumb.
Wrap it in whatever security deemed necessary (or make migration/backup opt-in), but just let the blob copy over like every other app on the planet.
This cumbersome backup nonsense is a senseless no more secure bandaid for a problem that shouldn’t exist in the first place.
kayson · 1h ago
I would love to switch over to Signal, but the video call quality pales in comparison to WhatsApp and FaceTime. Add to that issues with even sending pictures or videos on Android, and it's a really hard sell.
pxeboot · 1h ago
I agree the video call quality needs improvement, but sending photos and videos has always been flawless on Android for me.
kayson · 53m ago
Lucky you! I pretty much can never send videos. I'm guessing it's something format / compression / transcoding related. Pictures are hit or miss; I think it's an infrastructure thing.
mhitza · 1h ago
> Add to that issues with even sending pictures or videos on Android, and it's a really hard sell.
What issues? The only issue I've seen with Signal and media files, was on iOS, where users aren't able to download them (copy them outside the signal app).
kayson · 54m ago
There are a lot of GitHub issues about this (mine being similar to the last one)
Anecdotally, I've not had any issues on iOS (not that I'm needing to download media files often, but I have saved quite a few photos and the occasional video over the years and don't recall any failures).
Not that my experience invalidates that of people who have had problems, just sharing to say that the problems haven't been universal.
On Android I tap on the image in chat, 3 dots and save. Way more involved on iOS. But at least I'll be able to point this out to my iOS peers.
autoexec · 1h ago
I'm glad that this is opt-in (at least for now).
I wish they'd done that for all the other data they collect and permanently store in the cloud (name, photo, phone number, signal contacts, etc.) since you can't even opt-out of that data collection.
I wonder if now signal will finally update their privacy policy which still opens with the outright lie: "Signal is designed to never collect or store any sensitive information."
antirez · 2h ago
Great article not mentioning local backups were already available and what this is about. The state of affairs in iOS vs Android of the past feature and the next one. Details of all the kind are missing. WTF.
WhereIsTheTruth · 40m ago
Whenever the US promises you that your data are "secure" with their tech, remind yourself of this story:
Ok smarty-pants. Explain exactly how the encrypted cloud backup leaks to NSA when the key to decrypt it sits on your device and safe alone?
komali2 · 2h ago
I'm confused, I've restored Signal from encrypted backups before. I did it like 4 months ago. What's this feature?
Marsymars · 2h ago
Cloud storage for your backup.
chimeracoder · 2h ago
> I'm confused, I've restored Signal from encrypted backups before. I did it like 4 months ago. What's this feature?
Those backups are stored locally, are platform-specific (Android-only), and there is no feasible way to automate their transfer to any other device, which means that either you have to manually manage them regularly, or you risk losing your entire message history if your phone suddenly dies (or is stolen, or broken beyond repair, etc.).
This is a true automated, off-site backup feature.
yapyap · 1h ago
haha, did they make this for the US gov ;)
maqp · 31m ago
Messages: Encrypted on device. Keys stay on device. Server has access to ciphertexts.
Backups: Encrypted on device. Key stays on device. Server has access to ciphertext.
Yapyaps: Is the backup a backdoor?
chimeracoder · 2h ago
I know plenty of people who have inadvertently lost their entire messaging history because their phone broke or was lots and they couldn't transfer messages directly from the old phone to the new one. Signal allows you to export backups of messages to a file, but only on Android - the iOS version does not. This is a great feature not only for users who are less technically inclined than the average HN reader, but for any user who doesn't want to go through the tedious process of manually backing up their messages periodically but doesn't want to risk losing their message history if their phone has one unfortunate encounter with gravity.
My only concern reading this is that I hope they don't remove the manual export feature once this is rolled out. I know that that feature has been technically complicated to support, but it's important for users to preserve the option to maintain control over their backups, if they want to manage backups themselves, alongside the option of having a more convenient, automated approach.
greysonp · 1h ago
Hi there, Signal dev here. We are absolutely keeping the local backup feature. More than that -- we'll be improving it to also be cross-platform and incremental, meaning it'll be much faster to both create the backup as well as sync it if you use a third-party folder-syncing solution (like syncthing or something).
lencastre · 2h ago
measuring the temperature of hell…
…
…
nope, still hot
elvisloops · 2h ago
I can't believe Signal is doing this.
Signal is known for its cutting-edge cryptographic protocol, but this feature has the effect of throwing that out the window and replacing it with a single static key. If a device with this enabled goes through the whole advanced protocol to receive a message (double ratcheting etc), then turns around and uploads it back to Signal’s servers with a static key, isn't that a roundabout way of replacing all of signal's protocol and its forward secrecy with a static key that has no forward secrecy?
They’re calling it "opt-in," but it doesn't look like that's actually true? You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it. In group chats, it looks like a single person turning it on eliminates signal protocol for everyone in the chat.
Based on this post, the only way to actually opt out of this is to force disappearing messages to be enabled for a time under 24 hours for every chat, which is pretty frustrating.
Signal already lags other messengers in reliability, speed, and features. The reason people use it is for its uncompromising security. Shipping something that weakens that foundation undermines the reason people use Signal.
maqp · 23m ago
>Signal is known for its cutting-edge cryptographic protocol, but this feature has the effect of throwing that out the window and replacing it with a single static key
The exfiltration of which is as easy as exfiltration of database on device. You're not running an IDS scanning 100% of your device LTE traffic in case that happens.
>isn't that a roundabout way of replacing all of signal's protocol and its forward secrecy with a static key that has no forward secrecy?
It's opt in. And again exfiltrating the backup key is as easy as exfiltrating your messages from your device.
>You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it
You can't know if you're talking to an informant or if your contact is running Android that's receiving security updates or if it's a zero-day on wheels, either. Tech doesn't solve human problems.
Marsymars · 2h ago
> They’re calling it "opt-in," but it doesn't look like that's actually true? You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it. In group chats, it looks like a single person turning it on eliminates signal protocol for everyone in the chat.
TBF Signal already supports automated key-protected backup (and has for years), it's just stored on-device, but there's no way to know what the other party is doing with that on-device backup.
elvisloops · 2h ago
There's a big difference to me between storing it on device and someone else's servers.
Marsymars · 2h ago
Sure, but you already have no way of knowing which one the other parties in your chats are doing.
I already sync my Signal backups to the cloud, because that's the most practical and time/cost-effective way to have a 3-2-1 backup system for my chats.
elvisloops · 2h ago
There's a difference between someone in your chats acting adversarially and Signal supporting/encouraging adversarial behavior as part of the way the app works. If Signal published a change to the protocol that removed forward secrecy, we wouldn't consider it a non-event and say "well anyone could screenshot messages anyway," even though that may be true. They're calling this "secure backups," but in truth it appears to reduce security
joshjob42 · 2h ago
I don't think it's appropriate to call someone you're talking to with disappearing messages turned off making a backup of the conversation so they have the (non-disappearing) message history if they drop their phone in a lake as "adversarial behavior".
If you don't want them to have a history only communicate via disappearing messages.
elvisloops · 1h ago
This post says disappearing messages are included in the backups. You have to enable disappearing messages with a timer of less than 24 hours to ensure that you can opt out.
joshjob42 · 1h ago
Sure but the backup happens each day and then gets overwritten/deleted when the next days backup happens (which then deletes the disappearing messages that are expiring express the next backup). It just ensures you have access to any messages that you’re supposed to have access to according to the timers on said messages.
evbogue · 2h ago
I'd also wonder where this shared encryption key for message "backups" is stored. If it's available on all of my devices, I suspect it would be available on other devices as well?
brewdad · 1h ago
The article says it is generated on your device and they don't have a copy. Sounds like a public-private keypair where you are responsible for managing the private key.
evbogue · 1h ago
got it. doesn't Signal already have on-device keys with a session ratchet? why not back those keys up so one can decrypt the entire history on any device?
krior · 49m ago
afaik the key material is regenerated for every message. new keys can be derived for every subsequent message you send, but only until you get a reply, then a new key exchange takes place. And the key material for message m1 cannot derive keys for the messages that came before m1. If the old key material gets properly deleted then there is only a very small window of compromise. backing up those keys would defeat the purpose of the ratchet.
evbogue · 27m ago
yes, agreed, and isn't this feature re-encrypting all of the material without a ratchet or asymmetrical boxing?
bilal4hmed · 1h ago
I mean it says so right in the blog post
At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. Your recovery key is the only way to “unlock” your backup when you need to restore access to your messages. Losing it means losing access to your backup permanently, and Signal cannot help you recover it. You can generate a new key if you choose. We recommend storing this key securely (writing it down in a notebook or a secure password manager, for example).
evbogue · 1h ago
i missed that paragraph, thanks for pointing it out. i wonder what algorithm they're using here, and if we could use third party tooling to decrypt these messages on a local computer? it might be a pathway to some cool experimental third-party Signal apps
It seems plausible that the protocol could be designed such that the device doesn’t know the recovery key. The key serves three purposes: (a) identifying the backup when a user tries to restore it, (b) authenticating that user to the restore API, and (c) allowing the user to decrypt the backup.
(a) is much simpler if there is a fixed identifier of a user, but that identifier doesn’t need to be the entire key or even part of it — it could be some derived material.
(b) isn’t strictly required but I would be very uneasy about allowing anyone who stole a user’s device to download even the ciphertext of that user’s future chats. Also, there’s an obvious issue that even the ciphertext reveals something about the amount of activity from the user.
(c) requires that the restoring user hold something like a private key, that said key can be derived using the restore code, and that the user’s device does not know the private key.
One straightforward-ish solution would be for the user’s device to generate, once, a key pair, a user ID, and a backup API key. (The ID and API key could be generated server-side.). The restore key is (user ID, private key). The device retains (user ID, API key, public key). To upload backups, the device establishes a secure session, sends the user ID, proves knowledge of the API key, uploads a backup, and receives a new API key. The old API key is revoked.
This means:
1. The device does not retain the ability to download future backups.
2. A clone of a device (say id the device leaks its secrets somehow) cannot be used to upload new backups on an ongoing basis without being noticed because of the API key rotation.
chimeracoder · 2h ago
> They’re calling it "opt-in," but it doesn't look like that's actually true? You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it. In group chats, it looks like a single person turning it on eliminates signal protocol for everyone in the chat.
People already can export backups of the messages they receive, in plain text, and publish those on the Internet if they way.
Signal's threat model has never included "you are directly messaging an adversarial party and expect to retain control over redistribution of those messages".
3np · 1h ago
> Signal's threat model has never included "you are directly messaging an adversarial party and expect to retain control over redistribution of those messages".
Well, no, that doesn't contradict what I said at all. That link isn't about treating the recipient of your messages as an adversarial actor. The recipient can still choose to enable it, if they want to provide Microsoft access to the messages they receive.
x0x0 · 42m ago
Huh? That is very explicitly about preventing the migration of your signal messages into Windows Recall. Not the threat model you discuss.
elvisloops · 2h ago
I think the difference is that this is all happening in the app as a supported flow. If simply enabling a toggle in Signal (likely without understanding the implications) is now considered "adversarial," then I think that's a problem
The file is encrypted with the passcode and the database can be extracted.
https://github.com/bepaald/signalbackup-tools
1. It is non-incremental. This means you'll need about as much free space on your phone as your Signal database takes, and it may take many hours to make if your database is large (mine is 18GB). I used to wake up to find my phone had not even fully charged because it had been so busy writing Signal backups.
2. Once you have it on disk, how do you get it away from your phone? Especially after SyncThing disappeared from Play Store (because it was basically a non-Android app behind a thin Android shell that couldn't easily be upgraded to more modern native APIs), there's nothing super-obvious here.
I would have loved a better solution for local backups, but realistically, $2/month for cloud backup is really cheap, and a pragmatic solution.
That's not what happened, it was Google who started rejecting their updates on Play store. I believe the original Android app maintainer quit after that but there's a fork on on F-droid which works perfectly.
Unfortunately this doesn't work on iPhone. I have a shortcut that will do something similar that I can share but that is a lot hackier...
[0] https://github.com/stevenwalton/.dotfiles/blob/master/script...
[1] Probably better. I'm normally logged into my alt account
plug your phone into a computer? Install Termux and use one of the countless command line programs designed to transfer bits over a network?
But I wouldn't use that for backups, I'd use rsync.
https://wiki.archlinux.org/title/SSHFS
People here seem to want to answer the question of how to copy data most directly, but only because that's how the problem was phrased. I'm not convinced "users had no way to sync data on their phone" was/is a real problem worth paying for YACSS for in the first place.
> But secure backups aren’t the end of the road. The technology that underpins this initial version of secure backups will also serve as the foundation for more secure backup options in the near future. Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
adb pull no worky? At least for HN readers.
It may seem obvious now, but I know most people will forget and be puzzled if their phone suffers physical damage. A lot about this has mandatory manual steps.
Yes, there are some people who will forget to do that, or just lose the restore key, but that's the security/usability trade off.
On Android? Easy, Termux app and then rsync to my Desktop/Laptop. Or via Solid Explorer. Or E-Mail via Blitzmail.
Non incremental is a suboptimal design decision, backups should be incremental, e.g. monthly if automated or with from-to dates.
The new offering is reasonably priced imo.
Glad to see they're finding potential revenue streams that don't compromise their focus on privacy and security.
I'll save you the trouble:
- Even if you choose not to back up your chats, someone you are talking to can do it, and your messages to them will be saved in their backup.
- 100 MiB of message storage is free.
- Last 45 days of media storage is free.
- Beyond that you have to pay $1.99 per month, and get 100 GB of storage.
- Backups happen once a day.
I even wrote a small Android app to do GDrive uploads of the encrypted backup file, watching the local backup directory for new files. (It broke with an Android version update and I haven't gotten around to fixing it.)
When I install Signal on a computer it won't show me message history. Will backups allow me to view _all_ my message history on a computer? A big screen is very helpful for browsing lots of messages.
And question: Will a backup taken today on Androis be able to be restored on iOS once released?
Seriously, why is the migration protocol completely different on the two platforms?
If you're curious, the reason that Android's current local backups aren't cross platform is because it was made a long time ago, and it's literally a dump of all the sqlite statements that can be used to recreate Android's sqlite database (encrypted with a strong, random, local key). So not the most portable!
But this new thing is all cross-platform, and in the near future we'll even be making our local backups cross-platform.
iOS has had pretty decent audio format support for a few years now: even though you can't directly import FLAC files to iTunes/Music, they are supported in the OS itself since 2017 and play fine both in Files and in Safari. The other big mainstream formats (WAV, AIFF, MP3, AAC, and ALAC) have been supported for years, and even Opus finally got picked up in 2021.
About the only non-niche audio format that isn't supported natively on Apple platforms at this point is Vorbis, which was fully superseded by Opus well over a decade ago. Even then, I believe it's possible to get Vorbis support in iOS apps using various media libraries, although I'm sure Apple frowns upon it.
I'd really love to know what's causing that incompatibility.
> But secure backups aren’t the end of the road. The technology that underpins this initial version of secure backups will also serve as the foundation for more secure backup options in the near future. Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
Because they don't want to make jumping to the competitor too easy.
From a product perspective, being able to switch between two iOS devices without a 3rd iOS device shouldn’t be a premium feature.
Please consider enabling local backup and restore for a single Signal instance on iOS.
For example, being able to see all media across chats, sort by file size, and optionally group by conversation would make it much easier to clean things up.
Choice to store media locally on the phone.
What I miss with most messenger apps: Archiving old stuff and offload it to a remote device.
Right now Signal is 8GB in size and doesn't stop growing.
> For example, being able to see all media across chats, sort by file size, and optionally group by conversation would make it much easier to clean things up.
I have good news for you: this already exists.
On Android:
Settings >> Data and Storage >> Manage Storage >> Review Storage
This allows you to view all of your media, files, and audio across all chats, sorted by the amount of storage used. You can also delete those files individually without affecting the rest of the chat.
You can also do the same thing within a conversation.
I’m also hoping similar media management options are available on iOS and desktop, since I use Signal across devices.
By the way, does Signal treat synced devices (like desktop or a second phone) as “replicas” vs a “primary”? If so, does this affect how storage or message history is handled between them?
Would appreciate any insight from folks familiar with the technical side of this!
Because it seems to me that, for much of Signal's (often paranoid) audience, they'd much rather use one of the backup/sync providers they've already verified trust of, than have to additionally trust some new backup service provider.
And it also seems to me that, now that Signal has the architecture to support this, it'd be pretty easy to add additional backup-sync providers.
E.g. in the codebase for the iOS Signal client, you could implement a provider that does incremental backup sync against iCloud (i.e. CloudKit for messages + iCloud Drive for attachments) — allowing the user to use their (perhaps already paid-tier) iCloud account storage.
Same with Android and Google Drive (though Google Drive doesn't have an equivalent to CloudKit, so this might be fiddly; to get good amortized write costs, you might have to e.g. buffer row-like writes in a local replication journal, and then flush them through bulk local key inserts in a locally-partial-fetch-cached set of LevelDB files, where the updated files in the set then get flushed as single whole-file overwrites to GDrive.)
---
Note that in all cases, Signal could/should still fully encrypt this data before pushing it to the provider; the backup wouldn't be expected to be "legible" to the user.
But where, with backups synced to Signal's servers, users need to trust that Signal's E2E backups encryption works perfectly to be able to believe that Signal themselves can't then have access to your backed-up data; it's much less scary to sync to literally any other provider, who won't specifically know that they've got chat data on their hands / won't have any potential to (perhaps after a bad acquisition by a PE firm) begin thinking of themselves as a "data company" who would love to have "chat data" as an asset.
> Our future plans include letting you save a secure backup archive to the location of your choosing
I do that and then sync that folder with another computer using SyncThing.
AFAIK SyncThing only monitors for changes between files with matching names, and Signal stores each backup with a separate (timestamped) filename. Are you storing every day's backup individually, or do you have some tool for deduplicating?
That also means that Syncthing can't do better than sending the full backup. But if you're syncing via wifi (e.g. at home) it's not really a problem anyway.
Can I use this to restore my macOS signal backup to my iOS phone, so I once again have access to all my old messages on the phone?
> The technology that underpins this initial version of secure backups will also serve as the foundation for more secure backup options in the near future. Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
As a fun evening read I'd like to remind everyone of Pavel Durov's gaslighting on how their approach of everything-leaks-to-server was the right way to implement "cloud backups".
https://web.archive.org/web/20200226124508/https://tgraph.io...
Nice to finally see someone competent show how it's actually done :)
The messages are mine, not theirs, and yet they refuse to allow me to handle them how I deem fit.
I also missed this on my first skim of the article though.
https://community.signalusers.org/t/dont-unlink-devices-afte...
Without backups it makes sense to have a limit, like you said (though I join the person you replied to in wishing there was an option for it yo be more than 30 days), but their point is that once backups contain more than the last 30 days of messages that reason is no longer a blocker.
Seems pretty reasonable?
I still do not quite understand why I can't have the option to just back things up to iCloud (I do understand the security implications and I'm fine with it), but ANY backup solution is better than "your data is gone, tough".
Oh, now having reread the article I do understand why I can't have any other backup options. Paid subscription. Of course.
FTFY. It's originally Apple preventing its users from easily controlling their own data.
Hope they also may it easy to pay for family/friends, maybe similar to the "donate for a friend" they have already.
Oof... That's going to be tough to explain to normal users. "Sorry you've been paying for backups all this time, but you should have written down this code that you will only ever use once somewhere safe and remembered where it is. All your data is gone."
Not the right security trade-off for most people.
Whatsapp chose a different approach (which is reasonable for their user base) but that means that there is an escrow key. Regardless of your choices, messages that you sent may end up "end to end encrypted" but in reality stored in the cloud with a key escrowed to Meta...
The backup feature seems to be opt-in, i.e. the requirement to write the key down won't be too surprising.
Signal opens themselves up to government coercion and ruined reputation otherwise.
And while I’m here, if you’re implying that Signal is Blut trustworthy, you should step out of the HN bubble and have a look around what everyone and their dog shares through less secure means
(No, this does not really help if you're one of the TouchID holdouts on an older SE)
'the point' is spam protection, alas
They clearly think people have bad desktop security, and still don't want this to happen. Patronizing...
Edit on
> Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
That's good, but they've said that before. I feel a bit burnt on this.
this and completly useless multi-device support is the reason I don't use Signal... Telegram is not fully e2ee but it's way more convenient here.
Even XMPP with PGP would be lightyears ahead.
Everything on Signal (at least the "original" design from a few years ago, this has started to be adjusted with the introduction of usernames and now backups and eventually syncing) is end-to-end encrypted between users, with your original phone acting as the primary communication node doing the encryption. Any other devices like desktops and tablets that get added are replicating from the original node rather than receiving new messages straight from the network.
This offers substantial privacy and security guarantees, at the cost of convenience and portability. It can be contrasted with something like iMessage, before Messages in iCloud was implemented, where every registered device is a full node that receives every new message directly, as long as they're connected at the time that it's sent.
Today's addition brings Signal to where iMessage was originally: each device is backing up their own messages, but those backups aren't syncing with one another. Based on the blog post, the goal is to eventually get Signal to where iMessage is today now that Messages in iCloud is available: all of the devices sync their own message databases with a version in the cloud, which is also end-to-end encrypted with the same guarantees as the messages themselves, but which ensures that every device ends up with the same message history regardless of whether they're connected to receive all of the messages as they come in. Then, eventually, they seem to also intend to take it one step farther and allow for arbitrary sync locations for that "primary replica" outside of their own cloud storage, which is even better and goes even further than Apple's implementation does.
If done well, I actually quite like the vision they're going for here. I'm still frustrated that they wouldn't just port the simple file backup feature from Android to the other platforms, even as just a stopgap until this is finished, but I think that the eventual completion of this feature as described will solve all of my major concerns with Signal's current storage implementation.
Yeah convenient way to hand your data to a Russian oligarch.
PGP has no forward secrecy and OTR in XMPP lacks future secrecy, multi-device support etc.
Signal introducing end-to-end encrypted backups is exactly how Telegram should've done it decade ago.
Wrap it in whatever security deemed necessary (or make migration/backup opt-in), but just let the blob copy over like every other app on the planet.
This cumbersome backup nonsense is a senseless no more secure bandaid for a problem that shouldn’t exist in the first place.
What issues? The only issue I've seen with Signal and media files, was on iOS, where users aren't able to download them (copy them outside the signal app).
https://github.com/signalapp/Signal-Android/issues/10135
https://github.com/signalapp/Signal-Android/issues/13098
https://github.com/signalapp/Signal-Android/issues/11263
https://github.com/signalapp/Signal-Android/issues/14293
Not that my experience invalidates that of people who have had problems, just sharing to say that the problems haven't been universal.
On Android I tap on the image in chat, 3 dots and save. Way more involved on iOS. But at least I'll be able to point this out to my iOS peers.
I wish they'd done that for all the other data they collect and permanently store in the cloud (name, photo, phone number, signal contacts, etc.) since you can't even opt-out of that data collection.
I wonder if now signal will finally update their privacy policy which still opens with the outright lie: "Signal is designed to never collect or store any sensitive information."
https://www.eff.org/deeplinks/2014/01/after-nsa-backdoors-se...
https://en.wikipedia.org/wiki/CLOUD_Act
Those backups are stored locally, are platform-specific (Android-only), and there is no feasible way to automate their transfer to any other device, which means that either you have to manually manage them regularly, or you risk losing your entire message history if your phone suddenly dies (or is stolen, or broken beyond repair, etc.).
This is a true automated, off-site backup feature.
Backups: Encrypted on device. Key stays on device. Server has access to ciphertext.
Yapyaps: Is the backup a backdoor?
My only concern reading this is that I hope they don't remove the manual export feature once this is rolled out. I know that that feature has been technically complicated to support, but it's important for users to preserve the option to maintain control over their backups, if they want to manage backups themselves, alongside the option of having a more convenient, automated approach.
Signal is known for its cutting-edge cryptographic protocol, but this feature has the effect of throwing that out the window and replacing it with a single static key. If a device with this enabled goes through the whole advanced protocol to receive a message (double ratcheting etc), then turns around and uploads it back to Signal’s servers with a static key, isn't that a roundabout way of replacing all of signal's protocol and its forward secrecy with a static key that has no forward secrecy?
They’re calling it "opt-in," but it doesn't look like that's actually true? You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it. In group chats, it looks like a single person turning it on eliminates signal protocol for everyone in the chat.
Based on this post, the only way to actually opt out of this is to force disappearing messages to be enabled for a time under 24 hours for every chat, which is pretty frustrating.
Signal already lags other messengers in reliability, speed, and features. The reason people use it is for its uncompromising security. Shipping something that weakens that foundation undermines the reason people use Signal.
The exfiltration of which is as easy as exfiltration of database on device. You're not running an IDS scanning 100% of your device LTE traffic in case that happens.
>isn't that a roundabout way of replacing all of signal's protocol and its forward secrecy with a static key that has no forward secrecy?
It's opt in. And again exfiltrating the backup key is as easy as exfiltrating your messages from your device.
>You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it
You can't know if you're talking to an informant or if your contact is running Android that's receiving security updates or if it's a zero-day on wheels, either. Tech doesn't solve human problems.
TBF Signal already supports automated key-protected backup (and has for years), it's just stored on-device, but there's no way to know what the other party is doing with that on-device backup.
I already sync my Signal backups to the cloud, because that's the most practical and time/cost-effective way to have a 3-2-1 backup system for my chats.
If you don't want them to have a history only communicate via disappearing messages.
At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. Your recovery key is the only way to “unlock” your backup when you need to restore access to your messages. Losing it means losing access to your backup permanently, and Signal cannot help you recover it. You can generate a new key if you choose. We recommend storing this key securely (writing it down in a notebook or a secure password manager, for example).
(a) is much simpler if there is a fixed identifier of a user, but that identifier doesn’t need to be the entire key or even part of it — it could be some derived material.
(b) isn’t strictly required but I would be very uneasy about allowing anyone who stole a user’s device to download even the ciphertext of that user’s future chats. Also, there’s an obvious issue that even the ciphertext reveals something about the amount of activity from the user.
(c) requires that the restoring user hold something like a private key, that said key can be derived using the restore code, and that the user’s device does not know the private key.
One straightforward-ish solution would be for the user’s device to generate, once, a key pair, a user ID, and a backup API key. (The ID and API key could be generated server-side.). The restore key is (user ID, private key). The device retains (user ID, API key, public key). To upload backups, the device establishes a secure session, sends the user ID, proves knowledge of the API key, uploads a backup, and receives a new API key. The old API key is revoked.
This means:
1. The device does not retain the ability to download future backups.
2. A clone of a device (say id the device leaks its secrets somehow) cannot be used to upload new backups on an ongoing basis without being noticed because of the API key rotation.
People already can export backups of the messages they receive, in plain text, and publish those on the Internet if they way.
Signal's threat model has never included "you are directly messaging an adversarial party and expect to retain control over redistribution of those messages".
On the contrary.
https://signal.org/blog/signal-doesnt-recall/?pubDate=202508...
Well, no, that doesn't contradict what I said at all. That link isn't about treating the recipient of your messages as an adversarial actor. The recipient can still choose to enable it, if they want to provide Microsoft access to the messages they receive.