Backing up Signal on Android for free and offline was ~always possible. The app creates a multi GB backup file on the phone memory under the Signal folder that you can just copy out and back on a new phone.
The file is encrypted with the passcode and the database can be extracted.
There are a couple of problems with the existing backup:
1. It is non-incremental. This means you'll need about as much free space on your phone as your Signal database takes, and it may take many hours to make if your database is large (mine is 18GB). I used to wake up to find my phone had not even fully charged because it had been so busy writing Signal backups.
2. Once you have it on disk, how do you get it away from your phone? Especially after SyncThing disappeared from Play Store (because it was basically a non-Android app behind a thin Android shell that couldn't easily be upgraded to more modern native APIs), there's nothing super-obvious here.
I would have loved a better solution for local backups, but realistically, $2/month for cloud backup is really cheap, and a pragmatic solution.
whatevaa · 2m ago
On Linux KDE connect can mount your phones filesystem as FUSE filesystem and then you can use desktop file explorer like dolphin. It's even integrated and automatically apears as an option. Quite convenient, I would say. Performance is pretty good too.
The $1.99/m is not for the up front work of fixing what sucks about current backups though, it's just bundling those fixes in with YACSS (Yet Another Cloud Storage Subscription) is the only way to get people to pay their "reasonable" recurring fee.
People here seem to want to answer the question of how to copy data most directly, but only because that's how the problem was phrased. I'm not convinced "users had no way to sync data on their phone" was/is a real problem worth paying for YACSS for in the first place.
autoexec · 24m ago
> Once you have it on disk, how do you get it away from your phone?
plug your phone into a computer? Install Termux and use one of the countless command line programs designed to transfer bits over a network?
aftbit · 8m ago
I would use scp under Termux to copy the backup away personally.
jcynix · 10m ago
> Once you have it on disk, how do you get it away from your phone?
On Android? Easy, Termux app and then rsync to my Desktop/Laptop. Or via Solid Explorer. Or E-Mail via Blitzmail.
Non incremental is a suboptimal design decision, backups should be incremental, e.g. monthly if automated or with from-to dates.
nottorp · 32m ago
> Once you have it on disk, how do you get it away from your phone?
adb pull no worky? At least for HN readers.
Sesse__ · 31m ago
Any backup that needs manual intervention is no backup.
dmesg · 18m ago
Even automatic backups run at intervals to cause less server load. The article says you absolutely have to write down your restore key too (They say notebook or PW manager).
It may seem obvious now, but I know most people will forget and be puzzled if their phone suffers physical damage. A lot about this has mandatory manual steps.
nottorp · 26m ago
Thought people are talking about backups without a "cloud" involved. So you'd need to manually connect your phone to something...
Sesse__ · 18m ago
What? My phone has a perfectly working 802.11 chipset, which is able to talk to my very own machines that are not in a cloud, no manual connection needed. This is purely a software/ecosystem issue.
dmesg · 11m ago
Imagine we could run the backup server backend self-hosted and FLOSS. Like Vaultwarden, the upstream bitwarden client API.
bmicraft · 20m ago
Foldersync is a great app
growse · 45m ago
Personally, I find that having orchestrate and regularly schedule the exporting of that file off my device to somewhere else, and then look after it there to be not "free".
The new offering is reasonably priced imo.
_heimdall · 40m ago
Agreed. I prefer setting it up myself and have had Signal backing up to my home server for a few years now, but for most users an opt-in with a basic free tier and cheap enough paid plan makes a lot of sense.
Glad to see they're finding potential revenue streams that don't compromise their focus on privacy and security.
paxys · 5m ago
Hiding relevant info behind "..." all over the post is annoying. Instead of reading through it like normal one has to read and click those little dots a dozen times.
I'll save you the trouble:
- Even if you choose not to back up your chats, someone you are talking to can do it, and your messages to them will be saved in their backup.
- 100 MiB of message storage is free.
- Last 45 days of media storage is free.
- Beyond that you have to pay $1.99 per month, and get 100 GB of storage.
- Backups happen once a day.
IshKebab · 3m ago
> Losing it means losing access to your backup permanently, and Signal cannot help you recover it.
Oof... That's going to be tough to explain to normal users. "Sorry you've been paying for backups all this time, but you should have written down this code that you will only ever use once somewhere safe and remembered where it is. All your data is gone."
Not the right security trade-off for most people.
iamtheworstdev · 1m ago
there are more than a few backup providers that do this security trade off with user acceptance of the risk. if this trade off isn't good for the user, they can use any other number of insecure backups.
akkartik · 1h ago
This looks brilliant. I just hope they make it easy to do test restores. In particular, I want to test restore without perturbing my main device. Let me restore using the secret key on a new device.
When I install Signal on a computer it won't show me message history. Will backups allow me to view _all_ my message history on a computer? A big screen is very helpful for browsing lots of messages.
greysonp · 24m ago
Hi there, Signal dev here. You can sort of do this! You can restore on your new device, and while you will be unregistered on your old device, all of the data is still there. So if you see that something is amiss on the new device, you could re-register on your old device and you'd be right back where you started. This is actually one of the ways we test the feature with our own personal data.
amluto · 1h ago
Wow, maybe as a side effect users will be able to migrate between Android and iOS without losing their message history.
Seriously, why is the migration protocol completely different on the two platforms?
greysonp · 29m ago
Hi there, Signal dev here. The new backup format is indeed cross-platform. I've successfully restored backups on an iPhone, we're just stabilizing things :)
If you're curious, the reason that Android's current local backups aren't cross platform is because it was made a long time ago, and it's literally a dump of all the sqlite statements that can be used to recreate Android's sqlite database (encrypted with a strong, random, local key). So not the most portable!
But this new thing is all cross-platform, and in the near future we'll even be making our local backups cross-platform.
crystaln · 1h ago
This is mentioned as a future feature.
antris · 1h ago
> Seriously, why is the migration protocol completely different on the two platforms?
Because they don't want to make jumping to the competitor too easy.
cosmic_cheese · 42m ago
This is the result of differing storage implementations in the app between platforms and has nothing to do with the platform itself. Painless cross-platform migration is possible but simply wasn’t factored into the original design. IIRC WhatsApp also has this problem.
gardnr · 5m ago
I am happy to see Signal charging for premium features.
From a product perspective, being able to switch between two iOS devices without a 3rd iOS device shouldn’t be a premium feature.
Please consider enabling local backup and restore for a single Signal instance on iOS.
georgeck · 1h ago
It would be really useful to have more client-side control over media storage. That way, I could better manage storage growth without wiping entire threads.
For example, being able to see all media across chats, sort by file size, and optionally group by conversation would make it much easier to clean things up.
chimeracoder · 1h ago
> It would be really useful to have more client-side control over media storage. That way, I could better manage storage growth without wiping entire threads.
> For example, being able to see all media across chats, sort by file size, and optionally group by conversation would make it much easier to clean things up.
I have good news for you: this already exists.
On Android:
Settings >> Data and Storage >> Manage Storage >> Review Storage
This allows you to view all of your media, files, and audio across all chats, sorted by the amount of storage used. You can also delete those files individually without affecting the rest of the chat.
You can also do the same thing within a conversation.
georgeck · 50m ago
Thanks, that’s helpful.
I’m also hoping similar media management options are available on iOS and desktop, since I use Signal across devices.
By the way, does Signal treat synced devices (like desktop or a second phone) as “replicas” vs a “primary”? If so, does this affect how storage or message history is handled between them?
Would appreciate any insight from folks familiar with the technical side of this!
wpollock · 23m ago
On my Samsung: Settings >> Device Care >> Storage
autoexec · 30m ago
I'm glad that this is opt-in (at least for now).
I wish they'd done that for all the other data they collect and permanently store in the cloud (name, photo, phone number, signal contacts, etc.) since you can't even opt-out of that data collection.
I wonder if now signal will finally update their privacy policy which still opens with the outright lie: "Signal is designed to never collect or store any sensitive information."
X-Istence · 45m ago
I already pay Apple for storage, please just back up my chats/media to iCloud.
vigilans · 41m ago
This BS is why I completely stopped donating to the signal foundation.
The messages are mine, not theirs, and yet they refuse to allow me to handle them how I deem fit.
teiferer · 20m ago
Have you read the article? They are working on it.
rPlayer6554 · 16m ago
Where does it say that?
declan_roberts · 4m ago
Am I still required to add a phone number to use signal? What's the point of that. Every single person in the USA (and probably world) is quickly and trivially de-anonymized with a phone number.
y7 · 1h ago
Without paying for remote backups, can I just manage my own backup on my own hard drive, and restore it when I want to?
jewel · 1h ago
Yes! That has been supported for a long while. At least on Android, go to Settings -> Chats -> Chat Backups. Set up a schedule and a passphrase and a folder, and it will export your chats every day.
I do that and then sync that folder with another computer using SyncThing.
Bender · 7m ago
I do not see anything like that in Android 14 uLefone Armor 24 is on 14 vendor build. I've had to use a dodgy app to back up messages.
joshjob42 · 58m ago
Only on Android, not iOS.
cherryteastain · 11m ago
It's not Signal's fault that Apple does not let you access the most basic feature of an operating system - the filesystem.
chimeracoder · 51m ago
> I do that and then sync that folder with another computer using SyncThing.
AFAIK SyncThing only monitors for changes between files with matching names, and Signal stores each backup with a separate (timestamped) filename. Are you storing every day's backup individually, or do you have some tool for deduplicating?
navigate8310 · 1h ago
>The technology that underpins this initial version of secure backups will also serve as the foundation for more secure backup options in the near future. Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
nairb774 · 1h ago
Yep. Local backup generation has been around for at least a few years. You can have signal make a backup for you every day. You just need to get it off the device. This looks to be adding a remote option for this existing feature.
gruez · 43m ago
Only on android, not ios
rogerkirkness · 1h ago
The main way I specialize messages at this point is basically 'Am I going to want this later'? If the answer is yes, I use email. If not I use Signal. It's interesting this was the most requested feature... it wouldn't be for me even though I love Signal.
tkel · 1h ago
It's important for Signal groups, because on a new device without a backup the groups you were in don't show up until someone sends a message in the group. Say if you were the only admin in an announcement-only group, no one else can send a message in the group, so that group is now lost to you.
ectospheno · 50m ago
This is the only backup feature I’m interested in. I use signal for the expiring chats.
Marsymars · 1h ago
I like this idea, but I don't think I'd ever be able to convince my wife to run that analysis on any particular message before she decides whether to email or to message me on Signal.
noman-land · 1h ago
You can imagine even the same person having some conversations they would want to keep and some they wouldn't.
rconti · 1h ago
Are they still refusing to do anything about their painful 30 day device unlinking policy? If they can support full backups, surely they can accomplish this.
Device queues need to expire at some point. At that point you aren’t “linked” anymore. What do you want them to do instead?
growse · 1h ago
Full message content seems to be free, with the option to pay £1.59pm for all media included (45 days of media included in the free tier).
Seems pretty reasonable?
joshjob42 · 59m ago
It's a real shame they aren't implementing this on iOS in beta before the new iPhone launch. Android has had backups for a long time, just locally. iOS users have been SOL so if anything goes wrong with the transfer and sync on your new phone, you're screwed.
mtzaldo · 19m ago
I would like to have the option to have chats without encrypting the media. It will nice to backup the media directly to a NAS.
netule · 10m ago
Do I get this for free if I’m a monthly donator?
IshKebab · 6m ago
Doesn't sound like it, but just decrease your donation and buy a subscription. Donations are donations.
withinrafael · 25m ago
Do backups get pruned over time? Is there an expiration? I don't think folks want old lost-key backups sitting around forever for quantum to catch up, right?
blintz · 20m ago
It’s symmetric keys, so quantum doesn’t matter.
jwr · 1h ago
This is so incredibly important! I am very happy to see this, the fact that you could not do a backup on iOS and you would lose everything in case your device dies is the biggest drawback of Signal.
I still do not quite understand why I can't have the option to just back things up to iCloud (I do understand the security implications and I'm fine with it), but ANY backup solution is better than "your data is gone, tough".
Oh, now having reread the article I do understand why I can't have any other backup options. Paid subscription. Of course.
jemiluv8 · 19m ago
Feels like a really good way to finally get Signal to start working towards sustainability. I see myself paying just to help this incredible product continue serving its mission
3np · 36m ago
> This is so incredibly important! I am very happy to see this, the fact that you could not do a backup on iOS and you would lose everything in case your device dies is the biggest drawback of iOS.
FTFY. It's originally Apple preventing its users from easily controlling their own data.
antirez · 56m ago
Great article not mentioning local backups were already available and what this is about. The state of affairs in iOS vs Android of the past feature and the next one. Details of all the kind are missing. WTF.
ipv6ipv4 · 39m ago
That Signal data doesn’t just transfer like any other data on iOS when upgrading phones is seriously dumb.
Wrap it in whatever security deemed necessary (or make migration/backup opt-in), but just let the blob copy over like every other app on the planet.
This cumbersome backup nonsense is a senseless no more secure bandaid for a problem that shouldn’t exist in the first place.
yapyap · 31m ago
haha, did they make this for the US gov ;)
komali2 · 1h ago
I'm confused, I've restored Signal from encrypted backups before. I did it like 4 months ago. What's this feature?
Marsymars · 1h ago
Cloud storage for your backup.
chimeracoder · 1h ago
> I'm confused, I've restored Signal from encrypted backups before. I did it like 4 months ago. What's this feature?
Those backups are stored locally, are platform-specific (Android-only), and there is no feasible way to automate their transfer to any other device, which means that either you have to manually manage them regularly, or you risk losing your entire message history if your phone suddenly dies (or is stolen, or broken beyond repair, etc.).
This is a true automated, off-site backup feature.
chimeracoder · 1h ago
I know plenty of people who have inadvertently lost their entire messaging history because their phone broke or was lots and they couldn't transfer messages directly from the old phone to the new one. Signal allows you to export backups of messages to a file, but only on Android - the iOS version does not. This is a great feature not only for users who are less technically inclined than the average HN reader, but for any user who doesn't want to go through the tedious process of manually backing up their messages periodically but doesn't want to risk losing their message history if their phone has one unfortunate encounter with gravity.
My only concern reading this is that I hope they don't remove the manual export feature once this is rolled out. I know that that feature has been technically complicated to support, but it's important for users to preserve the option to maintain control over their backups, if they want to manage backups themselves, alongside the option of having a more convenient, automated approach.
greysonp · 34m ago
Hi there, Signal dev here. We are absolutely keeping the local backup feature. More than that -- we'll be improving it to also be cross-platform and incremental, meaning it'll be much faster to both create the backup as well as sync it if you use a third-party folder-syncing solution (like syncthing or something).
lencastre · 1h ago
measuring the temperature of hell…
…
…
nope, still hot
elvisloops · 1h ago
I can't believe Signal is doing this.
Signal is known for its cutting-edge cryptographic protocol, but this feature has the effect of throwing that out the window and replacing it with a single static key. If a device with this enabled goes through the whole advanced protocol to receive a message (double ratcheting etc), then turns around and uploads it back to Signal’s servers with a static key, isn't that a roundabout way of replacing all of signal's protocol and its forward secrecy with a static key that has no forward secrecy?
They’re calling it "opt-in," but it doesn't look like that's actually true? You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it. In group chats, it looks like a single person turning it on eliminates signal protocol for everyone in the chat.
Based on this post, the only way to actually opt out of this is to force disappearing messages to be enabled for a time under 24 hours for every chat, which is pretty frustrating.
Signal already lags other messengers in reliability, speed, and features. The reason people use it is for its uncompromising security. Shipping something that weakens that foundation undermines the reason people use Signal.
Marsymars · 1h ago
> They’re calling it "opt-in," but it doesn't look like that's actually true? You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it. In group chats, it looks like a single person turning it on eliminates signal protocol for everyone in the chat.
TBF Signal already supports automated key-protected backup (and has for years), it's just stored on-device, but there's no way to know what the other party is doing with that on-device backup.
elvisloops · 1h ago
There's a big difference to me between storing it on device and someone else's servers.
Marsymars · 1h ago
Sure, but you already have no way of knowing which one the other parties in your chats are doing.
I already sync my Signal backups to the cloud, because that's the most practical and time/cost-effective way to have a 3-2-1 backup system for my chats.
elvisloops · 1h ago
There's a difference between someone in your chats acting adversarially and Signal supporting/encouraging adversarial behavior as part of the way the app works. If Signal published a change to the protocol that removed forward secrecy, we wouldn't consider it a non-event and say "well anyone could screenshot messages anyway," even though that may be true. They're calling this "secure backups," but in truth it appears to reduce security
joshjob42 · 55m ago
I don't think it's appropriate to call someone you're talking to with disappearing messages turned off making a backup of the conversation so they have the (non-disappearing) message history if they drop their phone in a lake as "adversarial behavior".
If you don't want them to have a history only communicate via disappearing messages.
elvisloops · 29m ago
This post says disappearing messages are included in the backups. You have to enable disappearing messages with a timer of less than 24 hours to ensure that you can opt out.
evbogue · 59m ago
I'd also wonder where this shared encryption key for message "backups" is stored. If it's available on all of my devices, I suspect it would be available on other devices as well?
brewdad · 17m ago
The article says it is generated on your device and they don't have a copy. Sounds like a public-private keypair where you are responsible for managing the private key.
evbogue · 8m ago
got it. doesn't Signal already have on-device keys with a session ratchet? why not back those keys up so one can decrypt the entire history on any device?
bilal4hmed · 36m ago
I mean it says so right in the blog post
At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. Your recovery key is the only way to “unlock” your backup when you need to restore access to your messages. Losing it means losing access to your backup permanently, and Signal cannot help you recover it. You can generate a new key if you choose. We recommend storing this key securely (writing it down in a notebook or a secure password manager, for example).
evbogue · 6m ago
i missed that paragraph, thanks for pointing it out. i wonder what algorithm they're using here, and if we could use third party tooling to decrypt these messages on a local computer? it might be a pathway to some cool experimental third-party Signal apps
fsflover · 1h ago
Why does it matter if everything is encrypted?
amluto · 1h ago
It seems plausible that the protocol could be designed such that the device doesn’t know the recovery key. The key serves three purposes: (a) identifying the backup when a user tries to restore it, (b) authenticating that user to the restore API, and (c) allowing the user to decrypt the backup.
(a) is much simpler if there is a fixed identifier of a user, but that identifier doesn’t need to be the entire key or even part of it — it could be some derived material.
(b) isn’t strictly required but I would be very uneasy about allowing anyone who stole a user’s device to download even the ciphertext of that user’s future chats. Also, there’s an obvious issue that even the ciphertext reveals something about the amount of activity from the user.
(c) requires that the restoring user hold something like a private key, that said key can be derived using the restore code, and that the user’s device does not know the private key.
One straightforward-ish solution would be for the user’s device to generate, once, a key pair, a user ID, and a backup API key. (The ID and API key could be generated server-side.). The restore key is (user ID, private key). The device retains (user ID, API key, public key). To upload backups, the device establishes a secure session, sends the user ID, proves knowledge of the API key, uploads a backup, and receives a new API key. The old API key is revoked.
This means:
1. The device does not retain the ability to download future backups.
2. A clone of a device (say id the device leaks its secrets somehow) cannot be used to upload new backups on an ongoing basis without being noticed because of the API key rotation.
chimeracoder · 1h ago
> They’re calling it "opt-in," but it doesn't look like that's actually true? You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it. In group chats, it looks like a single person turning it on eliminates signal protocol for everyone in the chat.
People already can export backups of the messages they receive, in plain text, and publish those on the Internet if they way.
Signal's threat model has never included "you are directly messaging an adversarial party and expect to retain control over redistribution of those messages".
3np · 27m ago
> Signal's threat model has never included "you are directly messaging an adversarial party and expect to retain control over redistribution of those messages".
I think the difference is that this is all happening in the app as a supported flow. If simply enabling a toggle in Signal (likely without understanding the implications) is now considered "adversarial," then I think that's a problem
The file is encrypted with the passcode and the database can be extracted.
https://github.com/bepaald/signalbackup-tools
1. It is non-incremental. This means you'll need about as much free space on your phone as your Signal database takes, and it may take many hours to make if your database is large (mine is 18GB). I used to wake up to find my phone had not even fully charged because it had been so busy writing Signal backups.
2. Once you have it on disk, how do you get it away from your phone? Especially after SyncThing disappeared from Play Store (because it was basically a non-Android app behind a thin Android shell that couldn't easily be upgraded to more modern native APIs), there's nothing super-obvious here.
I would have loved a better solution for local backups, but realistically, $2/month for cloud backup is really cheap, and a pragmatic solution.
People here seem to want to answer the question of how to copy data most directly, but only because that's how the problem was phrased. I'm not convinced "users had no way to sync data on their phone" was/is a real problem worth paying for YACSS for in the first place.
plug your phone into a computer? Install Termux and use one of the countless command line programs designed to transfer bits over a network?
On Android? Easy, Termux app and then rsync to my Desktop/Laptop. Or via Solid Explorer. Or E-Mail via Blitzmail.
Non incremental is a suboptimal design decision, backups should be incremental, e.g. monthly if automated or with from-to dates.
adb pull no worky? At least for HN readers.
It may seem obvious now, but I know most people will forget and be puzzled if their phone suffers physical damage. A lot about this has mandatory manual steps.
The new offering is reasonably priced imo.
Glad to see they're finding potential revenue streams that don't compromise their focus on privacy and security.
I'll save you the trouble:
- Even if you choose not to back up your chats, someone you are talking to can do it, and your messages to them will be saved in their backup.
- 100 MiB of message storage is free.
- Last 45 days of media storage is free.
- Beyond that you have to pay $1.99 per month, and get 100 GB of storage.
- Backups happen once a day.
Oof... That's going to be tough to explain to normal users. "Sorry you've been paying for backups all this time, but you should have written down this code that you will only ever use once somewhere safe and remembered where it is. All your data is gone."
Not the right security trade-off for most people.
When I install Signal on a computer it won't show me message history. Will backups allow me to view _all_ my message history on a computer? A big screen is very helpful for browsing lots of messages.
Seriously, why is the migration protocol completely different on the two platforms?
If you're curious, the reason that Android's current local backups aren't cross platform is because it was made a long time ago, and it's literally a dump of all the sqlite statements that can be used to recreate Android's sqlite database (encrypted with a strong, random, local key). So not the most portable!
But this new thing is all cross-platform, and in the near future we'll even be making our local backups cross-platform.
Because they don't want to make jumping to the competitor too easy.
From a product perspective, being able to switch between two iOS devices without a 3rd iOS device shouldn’t be a premium feature.
Please consider enabling local backup and restore for a single Signal instance on iOS.
For example, being able to see all media across chats, sort by file size, and optionally group by conversation would make it much easier to clean things up.
> For example, being able to see all media across chats, sort by file size, and optionally group by conversation would make it much easier to clean things up.
I have good news for you: this already exists.
On Android:
Settings >> Data and Storage >> Manage Storage >> Review Storage
This allows you to view all of your media, files, and audio across all chats, sorted by the amount of storage used. You can also delete those files individually without affecting the rest of the chat.
You can also do the same thing within a conversation.
I’m also hoping similar media management options are available on iOS and desktop, since I use Signal across devices.
By the way, does Signal treat synced devices (like desktop or a second phone) as “replicas” vs a “primary”? If so, does this affect how storage or message history is handled between them?
Would appreciate any insight from folks familiar with the technical side of this!
I wish they'd done that for all the other data they collect and permanently store in the cloud (name, photo, phone number, signal contacts, etc.) since you can't even opt-out of that data collection.
I wonder if now signal will finally update their privacy policy which still opens with the outright lie: "Signal is designed to never collect or store any sensitive information."
The messages are mine, not theirs, and yet they refuse to allow me to handle them how I deem fit.
I do that and then sync that folder with another computer using SyncThing.
AFAIK SyncThing only monitors for changes between files with matching names, and Signal stores each backup with a separate (timestamped) filename. Are you storing every day's backup individually, or do you have some tool for deduplicating?
https://community.signalusers.org/t/dont-unlink-devices-afte...
Seems pretty reasonable?
I still do not quite understand why I can't have the option to just back things up to iCloud (I do understand the security implications and I'm fine with it), but ANY backup solution is better than "your data is gone, tough".
Oh, now having reread the article I do understand why I can't have any other backup options. Paid subscription. Of course.
FTFY. It's originally Apple preventing its users from easily controlling their own data.
Wrap it in whatever security deemed necessary (or make migration/backup opt-in), but just let the blob copy over like every other app on the planet.
This cumbersome backup nonsense is a senseless no more secure bandaid for a problem that shouldn’t exist in the first place.
Those backups are stored locally, are platform-specific (Android-only), and there is no feasible way to automate their transfer to any other device, which means that either you have to manually manage them regularly, or you risk losing your entire message history if your phone suddenly dies (or is stolen, or broken beyond repair, etc.).
This is a true automated, off-site backup feature.
My only concern reading this is that I hope they don't remove the manual export feature once this is rolled out. I know that that feature has been technically complicated to support, but it's important for users to preserve the option to maintain control over their backups, if they want to manage backups themselves, alongside the option of having a more convenient, automated approach.
Signal is known for its cutting-edge cryptographic protocol, but this feature has the effect of throwing that out the window and replacing it with a single static key. If a device with this enabled goes through the whole advanced protocol to receive a message (double ratcheting etc), then turns around and uploads it back to Signal’s servers with a static key, isn't that a roundabout way of replacing all of signal's protocol and its forward secrecy with a static key that has no forward secrecy?
They’re calling it "opt-in," but it doesn't look like that's actually true? You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it. In group chats, it looks like a single person turning it on eliminates signal protocol for everyone in the chat.
Based on this post, the only way to actually opt out of this is to force disappearing messages to be enabled for a time under 24 hours for every chat, which is pretty frustrating.
Signal already lags other messengers in reliability, speed, and features. The reason people use it is for its uncompromising security. Shipping something that weakens that foundation undermines the reason people use Signal.
TBF Signal already supports automated key-protected backup (and has for years), it's just stored on-device, but there's no way to know what the other party is doing with that on-device backup.
I already sync my Signal backups to the cloud, because that's the most practical and time/cost-effective way to have a 3-2-1 backup system for my chats.
If you don't want them to have a history only communicate via disappearing messages.
At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. Your recovery key is the only way to “unlock” your backup when you need to restore access to your messages. Losing it means losing access to your backup permanently, and Signal cannot help you recover it. You can generate a new key if you choose. We recommend storing this key securely (writing it down in a notebook or a secure password manager, for example).
(a) is much simpler if there is a fixed identifier of a user, but that identifier doesn’t need to be the entire key or even part of it — it could be some derived material.
(b) isn’t strictly required but I would be very uneasy about allowing anyone who stole a user’s device to download even the ciphertext of that user’s future chats. Also, there’s an obvious issue that even the ciphertext reveals something about the amount of activity from the user.
(c) requires that the restoring user hold something like a private key, that said key can be derived using the restore code, and that the user’s device does not know the private key.
One straightforward-ish solution would be for the user’s device to generate, once, a key pair, a user ID, and a backup API key. (The ID and API key could be generated server-side.). The restore key is (user ID, private key). The device retains (user ID, API key, public key). To upload backups, the device establishes a secure session, sends the user ID, proves knowledge of the API key, uploads a backup, and receives a new API key. The old API key is revoked.
This means:
1. The device does not retain the ability to download future backups.
2. A clone of a device (say id the device leaks its secrets somehow) cannot be used to upload new backups on an ongoing basis without being noticed because of the API key rotation.
People already can export backups of the messages they receive, in plain text, and publish those on the Internet if they way.
Signal's threat model has never included "you are directly messaging an adversarial party and expect to retain control over redistribution of those messages".
On the contrary.
https://signal.org/blog/signal-doesnt-recall/?pubDate=202508...