Signal Secure Backups

Posted by keyboardJones 4 days ago

982 points | 440 commentspage 3

djrj477dhsnv 4 days ago|

I'd much rather be able to simply rsync the data folder for all apps on my phone without having the hardware KeyStore breaking backups installed on another device.

subarctic 4 days ago||

So close to finally being able to use signal again! I stopped using it when I switched from android to ios and didn't want to lose my message history

sneak 4 days ago||

If Signal is offering pay-for-media-storage, it would be nice to be able to pay to send full-resolution media. I’m a photographer and every image sent via Signal that isn’t zipped first is TOTALLY DESTROYED by silent recompression.

https://sneak.berlin/20210425/signal-is-wrecking-your-images...

Also, the donation spam in Signal doesn’t let me donate Mobilecoin from the wallet right inside Signal. What’s the point of having a payments feature if I can’t use it to pay you?

Please allow payments to Signal to be done in Signal’s native payment system.

I would love to subscribe to Signal in a privacy-preserving way.

daveoc64 4 days ago||

Have you changed the image quality settings in the app to "High" - I see no mention of that in your blog post.

sneak 4 days ago||

Yes, though IIRC the setting didn’t exist until after I wrote that blog post.

Even “High” is still total shit. I frequently contemplate hacking the client app and recompiling it to remove image recompression entirely.

alance 2 days ago||

> Signal doesn’t let me donate Mobilecoin from the wallet right inside Signal. What’s the point of having a payments feature if I can’t use it to pay you?

"Grift for thee, but not for me"

rogerkirkness 4 days ago||

The main way I specialize messages at this point is basically 'Am I going to want this later'? If the answer is yes, I use email. If not I use Signal. It's interesting this was the most requested feature... it wouldn't be for me even though I love Signal.

tkel 4 days ago||

It's important for Signal groups, because on a new device without a backup the groups you were in don't show up until someone sends a message in the group. Say if you were the only admin in an announcement-only group, no one else can send a message in the group, so that group is now lost to you.

sudahtigabulan 4 days ago|||

The contact list on a linked desktop client will show all groups you're in, even though your main device doesn't.

On Android, if you know the group's name, you can search in the contact list, and the group will "magically" show up, even though it wasn't in the list.

Not the greatest UX.

ectospheno 4 days ago|||

This is the only backup feature I’m interested in. I use signal for the expiring chats.

Marsymars 4 days ago|||

I like this idea, but I don't think I'd ever be able to convince my wife to run that analysis on any particular message before she decides whether to email or to message me on Signal.

prmoustache 4 days ago|||

so do you email yourself messages/conversations you want to keep?

Also unless everyone use gpg, email isn't very secure nor confidential.

I tend to use notes on my smartphone for information I want to keep that are encrypted and synchronized on my desktop when reaching home. Having said that I often forget to copy a message to a note because it is a manual process and it is sometimes not trivial to anticipate that an info will be important enough in the future that you need it again.

noman-land 4 days ago||

You can imagine even the same person having some conversations they would want to keep and some they wouldn't.

prism56 4 days ago||

Finally installed signal. I have 220 phone contacts and 1 had it installed. Uphill battle here. WhatsApp and imessage are so prevalent in the UK

internet_points 4 days ago||

Meanwhile in Norway, of 520 phone contacts (of which many are things like cabs, restaurants, realtor from way back when) – 83 are on signal. And it's not like I have particularly privacy-conscious friends, that I know of.

prism56 3 days ago||

That is an interesting datapoint. I'm going to keep it installed, hopefully then if somebody I know does install it they will see i'm a user.

ThePowerOfFuet 4 days ago||

Be the change you want to see in this world.

prism56 4 days ago||

Yup. That's my plan from now.

paride5745 4 days ago||

I think the option to pay for more than 45 days backup is a smart way to get some cash. Kudos Signal for this.

sneak 4 days ago||

Why do people want logs of conversations for years and years?

All of my Signal chats are set to 4 week expiry. Any media I want to keep, I save to the device.

I don’t audio record my conversations with close friends and family; why would I keep chat logs?

I don’t understand why people demand this feature. It wasn’t until the iPhone that people got accustomed to keeping every text for all time.

I don’t think it’s a healthy approach. For most of human history, you didn’t get a permanent record of private conversations you had with people. It feels like a type of hoarding, given how often people actually use/access their old (>4 weeks) chat logs.

declan_roberts 4 days ago||

Am I still required to add a phone number to use signal? What's the point of that. Every single person in the USA (and probably world) is quickly and trivially de-anonymized with a phone number.

throawayonthe 4 days ago||

nobody has access to your phone number from your account, and when subpoenad they are unable to provide it:https://signal.org/bigbrother/

'the point' is spam protection, alas

autoexec 4 days ago||

That article is out of date. It says things like "Signal still knows nothing about you", but Signal collects every user's name, phone number, photo, and a list of their contacts and permanently stores that data in the cloud.

That data is only protected by a pin (which can be brute forced) and SGX which has a history of being leaky. Researchers even demonstrated that data could be collected from Signal at one point. There are very likely side channel attacks that would allow Signal, or the government to collect the data stored in the cloud.

https://web.archive.org/web/20250117232443/https://www.vice....

https://web.archive.org/web/20230519115856/https://community...

seany 4 days ago|||

This is the number one thing that is missing IMHO. I would gladly take it over back up options

WhereIsTheTruth 4 days ago||

Whenever the US promises you that your data are "secure" with their tech, remind yourself of this story:

https://www.eff.org/deeplinks/2014/01/after-nsa-backdoors-se...

https://en.wikipedia.org/wiki/CLOUD_Act

maqp 4 days ago|

Ok smarty-pants. Explain exactly how the encrypted cloud backup leaks to NSA when the key to decrypt it sits on your device and safe alone?

IshKebab 4 days ago|

> Losing it means losing access to your backup permanently, and Signal cannot help you recover it.

Oof... That's going to be tough to explain to normal users. "Sorry you've been paying for backups all this time, but you should have written down this code that you will only ever use once somewhere safe and remembered where it is. All your data is gone."

Not the right security trade-off for most people.

tgsovlerkhgsel 4 days ago||

Absolutely the right security trade-off for Signal users. Anything else would devalue the entire product.

Whatsapp chose a different approach (which is reasonable for their user base) but that means that there is an escrow key. Regardless of your choices, messages that you sent may end up "end to end encrypted" but in reality stored in the cloud with a key escrowed to Meta...

The backup feature seems to be opt-in, i.e. the requirement to write the key down won't be too surprising.

elvisloops 4 days ago|||

The implementation feels uncharacteristically crude for Signal. Instead of seamless protections, you just get handed 64 characters you’re told to “store securely.” That’s not realistic: most people will screenshot it, and those screenshots will end up in unencrypted cloud backups.

fastest963 4 days ago||

Sure but the key is still in a separate location from the backup. Signal can't decrypt the backup and if Signal is hacked someone would still need to get your screenshot to decrypt the backup. Not perfect but far better than an unencrypted backup.

arccy 4 days ago|||

when you're shown the code, it has 2 buttons: copy to clipboard and save to password manager. if you choose password manager you should be relatively safe...

fastest963 4 days ago||

I have 1Password installed and it prompted to save in 1Password. Worked perfectly. It even let me paste from 1Password on the verification screen. It was the most seamless password manager experience I've ever had.

staplers 4 days ago|||

It's this way, or it's not encrypted. The whole premise of their privacy model requires this.

Signal opens themselves up to government coercion and ruined reputation otherwise.

iamtheworstdev 4 days ago|||

there are more than a few backup providers that do this security trade off with user acceptance of the risk. if this trade off isn't good for the user, they can use any other number of insecure backups.

kelnos 4 days ago|||

If you're using Signal, of all things, that's probably a reasonable security/usability trade off.

Granted, I'm sure there are a lot of people out there who just use Signal because one of their more security-conscious friends/family members told them to install it, and so you're probably right for those people.

But, frankly, I can't see how else they could do it. Offering an unencrypted option, or weakening the encryption (by storing a copy of the key on Signal's servers) would make Signal not Signal.

0x457 4 days ago||

If they were able to recover backups for you, then it wouldn't be secure. Right trade-off.

More comments...