> alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
That's actually the feature I've been looking forward to. As I moved vom Android to iOS, I lost _all_ message histories from all messenger apps that use E2EE (Signal, WhatsApp, Threema, etc). The only one that "just worked" was Telegram due to not being encrypted. WhatsApp had a migration app that has to be done when setting up the iPhone, but it failed due to some bug. Signal had backups, but they didn't seem to be compatible between different OS versions.
This looks brilliant. I just hope they make it easy to do test restores. In particular, I want to test restore without perturbing my main device. Let me restore using the secret key on a new device.
When I install Signal on a computer it won't show me message history. Will backups allow me to view _all_ my message history on a computer? A big screen is very helpful for browsing lots of messages.
@Signal devs: any reason that the only two options for backup are now "locally" (flexible, but only solves for some use-cases) or "to Signal's special servers" (not flexible; might be legally impossible for many users to enable)?
Because it seems to me that, for much of Signal's (often paranoid) audience, they'd much rather use one of the backup/sync providers they've already verified trust of, than have to additionally trust some new backup service provider.
And it also seems to me that, now that Signal has the architecture to support this, it'd be pretty easy to add additional backup-sync providers.
E.g. in the codebase for the iOS Signal client, you could implement a provider that does incremental backup sync against iCloud (i.e. CloudKit for messages + iCloud Drive for attachments) — allowing the user to use their (perhaps already paid-tier) iCloud account storage.
Same with Android and Google Drive (though Google Drive doesn't have an equivalent to CloudKit, so this might be fiddly; to get good amortized write costs, you might have to e.g. buffer row-like writes in a local replication journal, and then flush them through bulk local key inserts in a locally-partial-fetch-cached set of LevelDB files, where the updated files in the set then get flushed as single whole-file overwrites to GDrive.)
---
Note that in all cases, Signal could/should still fully encrypt this data before pushing it to the provider; the backup wouldn't be expected to be "legible" to the user.
But where, with backups synced to Signal's servers, users need to trust that Signal's E2E backups encryption works perfectly to be able to believe that Signal themselves can't then have access to your backed-up data; it's much less scary to sync to literally any other provider, who won't specifically know that they've got chat data on their hands / won't have any potential to (perhaps after a bad acquisition by a PE firm) begin thinking of themselves as a "data company" who would love to have "chat data" as an asset.
Backing up Signal on Android for free and offline was ~always possible. The app creates a multi GB backup file on the phone memory under the Signal folder that you can just copy out and back on a new phone.
The file is encrypted with the passcode and the database can be extracted.
> Once you’ve enabled secure backups, your device will automatically create a fresh secure backup archive every day, replacing the previous day’s archive.
So IIUC backups will not be incremental and I will have to re-upload my 15 GB backup archive every day? Why is that? What's the security risk here? (Obviously I'm not suggesting encrypting & uploading each message & media file individually but splitting things up into same-sized chunks, like e.g. borgbackup does.)
> At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. This key is different from your Signal PIN, which serves different purposes.
Both recovery key and Signal PIN seem to serve the exact same purpose, though, namely restoring data (conversations, contacts, account, …)? Why not unify them?
I moved phones before Signal backups were available. My old phone has years of Signal chat and photo history. I can scroll through the conversations, but since I activated Signal on my new phone, my old phone will not let me export a backup any longer. Is there a safe sequence of operations to let me recover the data?
It would be really useful to have more client-side control over media storage. That way, I could better manage storage growth without wiping entire threads.
For example, being able to see all media across chats, sort by file size, and optionally group by conversation would make it much easier to clean things up.
Creating signal backups for iPhone users is _really_ hard. The only way to do it is to get a backup from the Signal Desktop app, which is also non-trivial because in recent versions of the desktop the decrypt key is also encrypted and store in keychain.
I had to install sqlcipher, find my encrypted key stored locally, find the decrypt key in apple's keychain, decrypt it using Signal's format, etc. This took a lot of trial and error, and reading a lot of existing source (special thanks to https://github.com/bepaald/get_signal_desktop_key_mac but unfortunately it did not work OOTB for me)
This is really great. I've managed to convert a few people to talk over Signal and while I am backing up my chats to my home server (I see you will be offering something like this in the future), this wasn't really an option for the people I converted over to Signal, so they were constantly afraid that they might lose the pictures or the chats if something happened to their phone.
I know, you can download media and save it through something else, but most people just opt-in whatever is default. I think my only suggestion would be to make it real clear or even maybe have some sort of counter that says something like "39 images are no longer backed up" or "8374 media items are NOT being backed up, 507 are in backup, 29 will be removed tomorrow". This could be directly on the backup page, I'm not currently running the beta build as I installed the apk, but if it's already on there, scratch the feedback!
Thank you again for all your hard work on this, it really is appreciated (financially too!)
I don't get this. The local-only backup option is already encrypted. Why can't they include an option for me to upload it somewhere of my choosing, like Google Drive, or even using Android's built-in backup system, so I can do it for free (my current backup file is well over a GB)? I already donate $5/mo to Signal Foundation; building a paid-only backup solution gives me a bad taste.
I even wrote a small Android app to do GDrive uploads of the encrypted backup file, watching the local backup directory for new files. (It broke with an Android version update and I haven't gotten around to fixing it.)
This is so incredibly important! I am very happy to see this, the fact that you could not do a backup on iOS and you would lose everything in case your device dies is the biggest drawback of Signal.
I still do not quite understand why I can't have the option to just back things up to iCloud (I do understand the security implications and I'm fine with it), but ANY backup solution is better than "your data is gone, tough".
Oh, now having reread the article I do understand why I can't have any other backup options. Paid subscription. Of course.
Hiding relevant info behind "..." all over the post is annoying. Instead of reading through it like normal one has to read and click those little dots a dozen times.
I'll save you the trouble:
- Even if you choose not to back up your chats, someone you are talking to can do it, and your messages to them will be saved in their backup.
- 100 MiB of message storage is free.
- Last 45 days of media storage is free.
- Beyond that you have to pay $1.99 per month, and get 100 GB of storage.
I have unfortunately lost signal history on various devices. Most recently I lost my iOS history when I restored from a backup without following the right procedure to keep Signal history. I have the full history on my desktop macOS signal though.
Can I use this to restore my macOS signal backup to my iOS phone, so I once again have access to all my old messages on the phone?
Are they still refusing to do anything about their painful 30 day device unlinking policy? If they can support full backups, surely they can accomplish this.
I'd much rather be able to simply rsync the data folder for all apps on my phone without having the hardware KeyStore breaking backups installed on another device.
If Signal is offering pay-for-media-storage, it would be nice to be able to pay to send full-resolution media. I’m a photographer and every image sent via Signal that isn’t zipped first is TOTALLY DESTROYED by silent recompression.
Also, the donation spam in Signal doesn’t let me donate Mobilecoin from the wallet right inside Signal. What’s the point of having a payments feature if I can’t use it to pay you?
Please allow payments to Signal to be done in Signal’s native payment system.
I would love to subscribe to Signal in a privacy-preserving way.
The main way I specialize messages at this point is basically 'Am I going to want this later'? If the answer is yes, I use email. If not I use Signal. It's interesting this was the most requested feature... it wouldn't be for me even though I love Signal.
Why do people want logs of conversations for years and years?
All of my Signal chats are set to 4 week expiry. Any media I want to keep, I save to the device.
I don’t audio record my conversations with close friends and family; why would I keep chat logs?
I don’t understand why people demand this feature. It wasn’t until the iPhone that people got accustomed to keeping every text for all time.
I don’t think it’s a healthy approach. For most of human history, you didn’t get a permanent record of private conversations you had with people. It feels like a type of hoarding, given how often people actually use/access their old (>4 weeks) chat logs.
Am I still required to add a phone number to use signal? What's the point of that. Every single person in the USA (and probably world) is quickly and trivially de-anonymized with a phone number.
> Losing it means losing access to your backup permanently, and Signal cannot help you recover it.
Oof... That's going to be tough to explain to normal users. "Sorry you've been paying for backups all this time, but you should have written down this code that you will only ever use once somewhere safe and remembered where it is. All your data is gone."
I know plenty of people who have inadvertently lost their entire messaging history because their phone broke or was lots and they couldn't transfer messages directly from the old phone to the new one. Signal allows you to export backups of messages to a file, but only on Android - the iOS version does not. This is a great feature not only for users who are less technically inclined than the average HN reader, but for any user who doesn't want to go through the tedious process of manually backing up their messages periodically but doesn't want to risk losing their message history if their phone has one unfortunate encounter with gravity.
My only concern reading this is that I hope they don't remove the manual export feature once this is rolled out. I know that that feature has been technically complicated to support, but it's important for users to preserve the option to maintain control over their backups, if they want to manage backups themselves, alongside the option of having a more convenient, automated approach.
It's a real shame they aren't implementing this on iOS in beta before the new iPhone launch. Android has had backups for a long time, just locally. iOS users have been SOL so if anything goes wrong with the transfer and sync on your new phone, you're screwed.
> If securely back up all* of your text messages and the last 45 days’ worth of media for free.
> If you want to back up your media history beyond 45 days, as well as your message history, we also offer a paid subscription plan for US$1.99 per month.
So after so many years of having a serious design flaw this poor substitute of a backup where you can't even save all your text for free is all they've managed to come up with?
> The reason we’re doing this is simple: media requires a lot of storage, and storing and transferring large amounts of data is expensive.
Easy fix: let the user choose his own local/cloud storage location? (at least it's planned, maybe in just another decade)
This is overcomplicated to collect money IMHO. All modern OSs can happily backup app files. It is a well-solved problem. If you find this backup method not secure enough (as Signal authors do), fine, encrypt the backup with a special key, exactly as described in TFA, and leave the resulting archive in a location for my chosen phone OS to back it up as it would. All the goals are accomplished, and without charging me money or limiting how many days of media are stored.
Do not get me wrong. Signal is great software and i'd gladly pay for it. Honestly. But not via this underhanded nonsensical way
It's a self inflicted problem. Rather than using some standard message format for backups (like eml / RFC 822), and putting them in a standard encrypted container if so desired, Signal chose to use some proprietary database format. Also they apparently changed encryption formats some time ago, and the current version can no longer decrypt the old messages.
After moving devices I can no longer access/decrypt my oldest image/video messages, they failed to import properly.
I would love if they implemented a feature to prune media files larger than ~10MiB from the existing backup file. This way the file size would not grow to astronomical proportions so quickly.
What is the reason for saving the end-to-end encrypted backup files on Signal backup servers instead of iCloud or Google backup service, as most of us are already paying for this storage?
This seems to be an unfortunate case where a feature has a misleading name.
You already had secure and encrypted backups on your phone, which you could copy and restore, if you remembered to copy them, and write down a very long password.
The new feature is apparently a way for signal to sell cloud services.
I do think cloud based backups are very useful for less technical people. But it does not really matter if your (properly encrypted) signal backup lives on a google drive/apple cloud, or on a cloud service managed by Signal.
While we are on the topic of Signal, does anyone know if it's possible to have a lock/PIN to open the Signal app itself that's different than your device lock/PIN?
Threema has this feature and it's reassuring to know that people can't open my chats when I hand my phone to someone. Or if I give the device lock/PIN to someone I trust for backup purposes but don't want them to have access to chats themselves.
Last I checked this was not possible with Signal (at least on Android).
The key is 64 characters? Even if that key is made out of decimal digits that works out to 212 bits. That seems quite excessive for a symmetrical key you are hoping to have a user deal with directly. It appears that the usability of this scheme could be significantly improved by simply using a shorter key.
I appreciate Signal and that the Signal developers provide a very useful service to the community for free.
I also know a large number of people who won't use it because it locks your messages up in its own walled garden. People use apps like this precisely because they want to have control over their own communications without any third parties interfering! I have never understood what kind of threat model they think they're protecting against by not letting people take their own backups and store them according to their own preferences. Whatever the reasons it is clearly a deterrent to wider adoption.
This announcement might seem like progress but I doubt it will convince any of the people I know who won't use it because at the end of the day it's still a walled garden. If and when the promise of the comments near the end of the announcement is realised and we can back up our own messages and media freely from our own devices to our own (presumably also secure) backup facilities then it will be much more interesting.
Since phones have a lot of storage, then why not constantly backup locally and overwrite it for newer versions (opt in of course)? Signal already has large operating cost, so a cloud backup with the very low subscription cost is concerning. It would help Signal to get rid of sms registration and move to something less costy.
Signal is known for its cutting-edge cryptographic protocol, but this feature has the effect of throwing that out the window and replacing it with a single static key. If a device with this enabled goes through the whole advanced protocol to receive a message (double ratcheting etc), then turns around and uploads it back to Signal’s servers with a static key, isn't that a roundabout way of replacing all of signal's protocol and its forward secrecy with a static key that has no forward secrecy?
They’re calling it "opt-in," but it doesn't look like that's actually true? You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it. In group chats, it looks like a single person turning it on eliminates signal protocol for everyone in the chat.
Based on this post, the only way to actually opt out of this is to force disappearing messages to be enabled for a time under 24 hours for every chat, which is pretty frustrating.
Signal already lags other messengers in reliability, speed, and features. The reason people use it is for its uncompromising security. Shipping something that weakens that foundation undermines the reason people use Signal.
I know many people are of the opinion, paid features are a guarantee that you're not the product. I fear a slippery slope for money, it's premium features first, then essential features, then money tops security. Or replaces everything else, like with Firefox.
Shoutout to Signal team for another fantastic achievement!
As a fun evening read I'd like to remind everyone of Pavel Durov's gaslighting on how their approach of everything-leaks-to-server was the right way to implement "cloud backups" for Telegram.
Do backups get pruned over time? Is there an expiration? I don't think folks want old lost-key backups sitting around forever for quantum to catch up, right?
I wish they'd done that for all the other data they collect and permanently store in the cloud (name, photo, phone number, signal contacts, etc.) since you can't even opt-out of that data collection.
I wonder if now signal will finally update their privacy policy which still opens with the outright lie: "Signal is designed to never collect or store any sensitive information."
They need to add some free way to backup to my own server. I have my own raid array with backups sitting in my basement. I'll back up to that. I do not want to pay them for cloud storage.
Right now, theoretically, I can do this by backing up to my phone and then copying the file over. But, this has many issues. Firstly, it is manual, so it will happen way less. Secondly, it is not differential, so the storage requirements will explode. Thirdly, if my signal message archive is bigger than the free space on my phone (especially if it takes more than 50% of total space) then I'm just fucked — there's no way to back it up anywhere else. Fourthly, the backup system is EXTREMELY buggy, to the point that it takes me HOURS babysitting it every time I make a backup.
A good solution would be let me put FTP/FTPS/SFTP/SCP/WebDav/SMB/etc. credentials in the Signal app and have it do periodic differential backups to there. Let me decide if I want it to be encrypted or not based on my threat model. Tell my contacts if this is enabled and let me exclude and/or encrypt specific chats if you want to let other people apply their security model too.
Only supporting any reasonable (meaning automatic and convenient) backup system with their paid cloud and not supporting my own server smells like a money grab to me. This is utterly unacceptable in a supposedly non-profit app. I have no problem with their paid cloud being an option, to be clear.
Another problem with Signal is that they only provide an official Linux package for Debian-based distributions. This forces people using other distributions to either do repeated manual effort to pull it out of their .deb files or build it themself (which is made way harder than it should be), or rely on sketchy third parties for packags. Given how much privatea information goes over Signal, such third party packages are an extremely tempting target for anyone from criminals to national spy agencies. This lapse in security due to not packaging for any Linux except Debian-based Linux (or even providing an ideally auto-updating portable binary!) is a much larger security lapse than letting me backup to my own server conveniently. So, their cries of security concerns relating to backups ring hollow.
Overall, it's quite a shitty app. I only use it because the alternatives are worse.
That's great they are doing a paid feature, but I really just want my desktop to back up my phone.
They clearly think people have bad desktop security, and still don't want this to happen. Patronizing...
Edit on
> Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
That's good, but they've said that before. I feel a bit burnt on this.
perhaps said too much on a whim, but why should I backup my Signal... or WhatsApp, or any other communications.
live in the moment. let things pass. there is probably no fortune hidden in it anyway...
FTA: “This is the first time we’ve offered a paid feature. The reason we’re doing this is simple: media requires a lot of storage, and storing and transferring large amounts of data is expensive”
Those costs are for doing backups to their servers. If this supported making encrypted backups to Google drive/OneDrive/iCloud/etc, they wouldn’t have those costs, and, AFAICT, that would not be less secure, given (also FTA):
“At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. Your recovery key is the only way to “unlock” your backup when you need to restore access to your messages. Losing it means losing access to your backup permanently, and Signal cannot help you recover it.”
⇒ I think it’s more of “we were looking for a new revenue stream, and picked this as a way to get that”
There’s nothing wrong with that, but presenting it as “to get secure backups, we have to make costs” is disingenuous.
Great article not mentioning local backups were already available and what this is about. The state of affairs in iOS vs Android of the past feature and the next one. Details of all the kind are missing. WTF.
I would love to switch over to Signal, but the video call quality pales in comparison to WhatsApp and FaceTime. Add to that issues with even sending pictures or videos on Android, and it's a really hard sell.
Are backups really necessary? I have always regarded texts (over Signal or SMS) as ephemeral. No one is or should be sending valuable information over Signal, and if you happen to receive something you want to keep, you can always do so manually.
Signal Secure Backups
(signal.org)979 points by keyboardJones 8 September 2025 | 440 comments
Comments
That's actually the feature I've been looking forward to. As I moved vom Android to iOS, I lost _all_ message histories from all messenger apps that use E2EE (Signal, WhatsApp, Threema, etc). The only one that "just worked" was Telegram due to not being encrypted. WhatsApp had a migration app that has to be done when setting up the iPhone, but it failed due to some bug. Signal had backups, but they didn't seem to be compatible between different OS versions.
When I install Signal on a computer it won't show me message history. Will backups allow me to view _all_ my message history on a computer? A big screen is very helpful for browsing lots of messages.
Because it seems to me that, for much of Signal's (often paranoid) audience, they'd much rather use one of the backup/sync providers they've already verified trust of, than have to additionally trust some new backup service provider.
And it also seems to me that, now that Signal has the architecture to support this, it'd be pretty easy to add additional backup-sync providers.
E.g. in the codebase for the iOS Signal client, you could implement a provider that does incremental backup sync against iCloud (i.e. CloudKit for messages + iCloud Drive for attachments) — allowing the user to use their (perhaps already paid-tier) iCloud account storage.
Same with Android and Google Drive (though Google Drive doesn't have an equivalent to CloudKit, so this might be fiddly; to get good amortized write costs, you might have to e.g. buffer row-like writes in a local replication journal, and then flush them through bulk local key inserts in a locally-partial-fetch-cached set of LevelDB files, where the updated files in the set then get flushed as single whole-file overwrites to GDrive.)
---
Note that in all cases, Signal could/should still fully encrypt this data before pushing it to the provider; the backup wouldn't be expected to be "legible" to the user.
But where, with backups synced to Signal's servers, users need to trust that Signal's E2E backups encryption works perfectly to be able to believe that Signal themselves can't then have access to your backed-up data; it's much less scary to sync to literally any other provider, who won't specifically know that they've got chat data on their hands / won't have any potential to (perhaps after a bad acquisition by a PE firm) begin thinking of themselves as a "data company" who would love to have "chat data" as an asset.
Seriously, why is the migration protocol completely different on the two platforms?
The file is encrypted with the passcode and the database can be extracted.
https://github.com/bepaald/signalbackup-tools
> Once you’ve enabled secure backups, your device will automatically create a fresh secure backup archive every day, replacing the previous day’s archive.
So IIUC backups will not be incremental and I will have to re-upload my 15 GB backup archive every day? Why is that? What's the security risk here? (Obviously I'm not suggesting encrypting & uploading each message & media file individually but splitting things up into same-sized chunks, like e.g. borgbackup does.)
> At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. This key is different from your Signal PIN, which serves different purposes.
Both recovery key and Signal PIN seem to serve the exact same purpose, though, namely restoring data (conversations, contacts, account, …)? Why not unify them?
For example, being able to see all media across chats, sort by file size, and optionally group by conversation would make it much easier to clean things up.
I had to install sqlcipher, find my encrypted key stored locally, find the decrypt key in apple's keychain, decrypt it using Signal's format, etc. This took a lot of trial and error, and reading a lot of existing source (special thanks to https://github.com/bepaald/get_signal_desktop_key_mac but unfortunately it did not work OOTB for me)
From a product perspective, being able to switch between two iOS devices without a 3rd iOS device shouldn’t be a premium feature.
Please consider enabling local backup and restore for a single Signal instance on iOS.
I know, you can download media and save it through something else, but most people just opt-in whatever is default. I think my only suggestion would be to make it real clear or even maybe have some sort of counter that says something like "39 images are no longer backed up" or "8374 media items are NOT being backed up, 507 are in backup, 29 will be removed tomorrow". This could be directly on the backup page, I'm not currently running the beta build as I installed the apk, but if it's already on there, scratch the feedback!
Thank you again for all your hard work on this, it really is appreciated (financially too!)
I even wrote a small Android app to do GDrive uploads of the encrypted backup file, watching the local backup directory for new files. (It broke with an Android version update and I haven't gotten around to fixing it.)
I still do not quite understand why I can't have the option to just back things up to iCloud (I do understand the security implications and I'm fine with it), but ANY backup solution is better than "your data is gone, tough".
Oh, now having reread the article I do understand why I can't have any other backup options. Paid subscription. Of course.
I'll save you the trouble:
- Even if you choose not to back up your chats, someone you are talking to can do it, and your messages to them will be saved in their backup.
- 100 MiB of message storage is free.
- Last 45 days of media storage is free.
- Beyond that you have to pay $1.99 per month, and get 100 GB of storage.
- Backups happen once a day.
--or, of course, Joint Chiefs military coordination. I bet that was a fun surprise for the team.
Seems pretty reasonable?
Can I use this to restore my macOS signal backup to my iOS phone, so I once again have access to all my old messages on the phone?
https://community.signalusers.org/t/dont-unlink-devices-afte...
https://sneak.berlin/20210425/signal-is-wrecking-your-images...
Also, the donation spam in Signal doesn’t let me donate Mobilecoin from the wallet right inside Signal. What’s the point of having a payments feature if I can’t use it to pay you?
Please allow payments to Signal to be done in Signal’s native payment system.
I would love to subscribe to Signal in a privacy-preserving way.
All of my Signal chats are set to 4 week expiry. Any media I want to keep, I save to the device.
I don’t audio record my conversations with close friends and family; why would I keep chat logs?
I don’t understand why people demand this feature. It wasn’t until the iPhone that people got accustomed to keeping every text for all time.
I don’t think it’s a healthy approach. For most of human history, you didn’t get a permanent record of private conversations you had with people. It feels like a type of hoarding, given how often people actually use/access their old (>4 weeks) chat logs.
https://www.eff.org/deeplinks/2014/01/after-nsa-backdoors-se...
https://en.wikipedia.org/wiki/CLOUD_Act
Oof... That's going to be tough to explain to normal users. "Sorry you've been paying for backups all this time, but you should have written down this code that you will only ever use once somewhere safe and remembered where it is. All your data is gone."
Not the right security trade-off for most people.
My only concern reading this is that I hope they don't remove the manual export feature once this is rolled out. I know that that feature has been technically complicated to support, but it's important for users to preserve the option to maintain control over their backups, if they want to manage backups themselves, alongside the option of having a more convenient, automated approach.
And remember, Signal is a nonprofit. If you use it, and if you can, you should be donating.
So after so many years of having a serious design flaw this poor substitute of a backup where you can't even save all your text for free is all they've managed to come up with?
> The reason we’re doing this is simple: media requires a lot of storage, and storing and transferring large amounts of data is expensive.
Easy fix: let the user choose his own local/cloud storage location? (at least it's planned, maybe in just another decade)
this and completly useless multi-device support is the reason I don't use Signal... Telegram is not fully e2ee but it's way more convenient here.
Even XMPP with PGP would be lightyears ahead.
Hope they also may it easy to pay for family/friends, maybe similar to the "donate for a friend" they have already.
Do not get me wrong. Signal is great software and i'd gladly pay for it. Honestly. But not via this underhanded nonsensical way
After moving devices I can no longer access/decrypt my oldest image/video messages, they failed to import properly.
You already had secure and encrypted backups on your phone, which you could copy and restore, if you remembered to copy them, and write down a very long password.
The new feature is apparently a way for signal to sell cloud services.
I do think cloud based backups are very useful for less technical people. But it does not really matter if your (properly encrypted) signal backup lives on a google drive/apple cloud, or on a cloud service managed by Signal.
Threema has this feature and it's reassuring to know that people can't open my chats when I hand my phone to someone. Or if I give the device lock/PIN to someone I trust for backup purposes but don't want them to have access to chats themselves.
Last I checked this was not possible with Signal (at least on Android).
I also know a large number of people who won't use it because it locks your messages up in its own walled garden. People use apps like this precisely because they want to have control over their own communications without any third parties interfering! I have never understood what kind of threat model they think they're protecting against by not letting people take their own backups and store them according to their own preferences. Whatever the reasons it is clearly a deterrent to wider adoption.
This announcement might seem like progress but I doubt it will convince any of the people I know who won't use it because at the end of the day it's still a walled garden. If and when the promise of the comments near the end of the announcement is realised and we can back up our own messages and media freely from our own devices to our own (presumably also secure) backup facilities then it will be much more interesting.
Signal is known for its cutting-edge cryptographic protocol, but this feature has the effect of throwing that out the window and replacing it with a single static key. If a device with this enabled goes through the whole advanced protocol to receive a message (double ratcheting etc), then turns around and uploads it back to Signal’s servers with a static key, isn't that a roundabout way of replacing all of signal's protocol and its forward secrecy with a static key that has no forward secrecy?
They’re calling it "opt-in," but it doesn't look like that's actually true? You can’t know whether someone you’re talking to -- who may not understand the implications -- has enabled it. In group chats, it looks like a single person turning it on eliminates signal protocol for everyone in the chat.
Based on this post, the only way to actually opt out of this is to force disappearing messages to be enabled for a time under 24 hours for every chat, which is pretty frustrating.
Signal already lags other messengers in reliability, speed, and features. The reason people use it is for its uncompromising security. Shipping something that weakens that foundation undermines the reason people use Signal.
As a fun evening read I'd like to remind everyone of Pavel Durov's gaslighting on how their approach of everything-leaks-to-server was the right way to implement "cloud backups" for Telegram.
https://web.archive.org/web/20200226124508/https://tgraph.io...
Nice to finally see someone competent show how it's actually done :)
Wrap it in whatever security deemed necessary (or make migration/backup opt-in), but just let the blob copy over like every other app on the planet.
This cumbersome backup nonsense is a senseless no more secure bandaid for a problem that shouldn’t exist in the first place.
I wish they'd done that for all the other data they collect and permanently store in the cloud (name, photo, phone number, signal contacts, etc.) since you can't even opt-out of that data collection.
I wonder if now signal will finally update their privacy policy which still opens with the outright lie: "Signal is designed to never collect or store any sensitive information."
But their desktop app is built with electron.
It's extremely clunky (over 200 MB) very slow and probably inherits all electron's security issues.
I have noticed the same issue with desktop apps from Proton Mail.
Why is it that rich corporations with lots of money like shortcuts and don't care about the quality of thier software?
Right now, theoretically, I can do this by backing up to my phone and then copying the file over. But, this has many issues. Firstly, it is manual, so it will happen way less. Secondly, it is not differential, so the storage requirements will explode. Thirdly, if my signal message archive is bigger than the free space on my phone (especially if it takes more than 50% of total space) then I'm just fucked — there's no way to back it up anywhere else. Fourthly, the backup system is EXTREMELY buggy, to the point that it takes me HOURS babysitting it every time I make a backup.
A good solution would be let me put FTP/FTPS/SFTP/SCP/WebDav/SMB/etc. credentials in the Signal app and have it do periodic differential backups to there. Let me decide if I want it to be encrypted or not based on my threat model. Tell my contacts if this is enabled and let me exclude and/or encrypt specific chats if you want to let other people apply their security model too.
Only supporting any reasonable (meaning automatic and convenient) backup system with their paid cloud and not supporting my own server smells like a money grab to me. This is utterly unacceptable in a supposedly non-profit app. I have no problem with their paid cloud being an option, to be clear.
Another problem with Signal is that they only provide an official Linux package for Debian-based distributions. This forces people using other distributions to either do repeated manual effort to pull it out of their .deb files or build it themself (which is made way harder than it should be), or rely on sketchy third parties for packags. Given how much privatea information goes over Signal, such third party packages are an extremely tempting target for anyone from criminals to national spy agencies. This lapse in security due to not packaging for any Linux except Debian-based Linux (or even providing an ideally auto-updating portable binary!) is a much larger security lapse than letting me backup to my own server conveniently. So, their cries of security concerns relating to backups ring hollow.
Overall, it's quite a shitty app. I only use it because the alternatives are worse.
They clearly think people have bad desktop security, and still don't want this to happen. Patronizing...
Edit on
> Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
That's good, but they've said that before. I feel a bit burnt on this.
Those costs are for doing backups to their servers. If this supported making encrypted backups to Google drive/OneDrive/iCloud/etc, they wouldn’t have those costs, and, AFAICT, that would not be less secure, given (also FTA):
“At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. Your recovery key is the only way to “unlock” your backup when you need to restore access to your messages. Losing it means losing access to your backup permanently, and Signal cannot help you recover it.”
⇒ I think it’s more of “we were looking for a new revenue stream, and picked this as a way to get that”
There’s nothing wrong with that, but presenting it as “to get secure backups, we have to make costs” is disingenuous.
It‘s my fucking data!
(I‘m on iOS)