| ▲ | derefr 7 days ago |
| @Signal devs: any reason that the only two options for backup are now "locally" (flexible, but only solves for some use-cases) or "to Signal's special servers" (not flexible; might be legally impossible for many users to enable)? Because it seems to me that, for much of Signal's (often paranoid) audience, they'd much rather use one of the backup/sync providers they've already verified trust of, than have to additionally trust some new backup service provider. And it also seems to me that, now that Signal has the architecture to support this, it'd be pretty easy to add additional backup-sync providers. E.g. in the codebase for the iOS Signal client, you could implement a provider that does incremental backup sync against iCloud (i.e. CloudKit for messages + iCloud Drive for attachments) — allowing the user to use their (perhaps already paid-tier) iCloud account storage. Same with Android and Google Drive (though Google Drive doesn't have an equivalent to CloudKit, so this might be fiddly; to get good amortized write costs, you might have to e.g. buffer row-like writes in a local replication journal, and then flush them through bulk local key inserts in a locally-partial-fetch-cached set of LevelDB files, where the updated files in the set then get flushed as single whole-file overwrites to GDrive.) --- Note that in all cases, Signal could/should still fully encrypt this data before pushing it to the provider; the backup wouldn't be expected to be "legible" to the user. But where, with backups synced to Signal's servers, users need to trust that Signal's E2E backups encryption works perfectly to be able to believe that Signal themselves can't then have access to your backed-up data; it's much less scary to sync to literally any other provider, who won't specifically know that they've got chat data on their hands / won't have any potential to (perhaps after a bad acquisition by a PE firm) begin thinking of themselves as a "data company" who would love to have "chat data" as an asset. |
|
| ▲ | jimkleiber 7 days ago | parent | next [-] |
| Perhaps they will? > Our future plans include letting you save a secure backup archive to the location of your choosing |
| |
| ▲ | _aavaa_ 7 days ago | parent [-] | | A backup option has been missing for years. Future plans on this particular topic seem to take forever. | | |
| ▲ | jimkleiber 6 days ago | parent | next [-] | | I built a micro-journaling app back in the day and wanted it to be highly secure. Backups seemed to be one of the most vulnerable surfaces for that. I imagine their delay might have been a combination of a technological and ideological worries, as that's what I experienced. | | |
| ▲ | _aavaa_ 6 days ago | parent [-] | | How did you encrypt the data at rest and why was that also not good for the backup? | | |
| ▲ | jimkleiber 5 days ago | parent [-] | | SQLcipher, and i believe the tech was good but at the time, because it asked for a password every time the app open, i figured most people would put a very short and simple password and an encrypted db with a short password was a lot more hackable, especially on Android, if the file got outside the app sandbox. I suppose now i could do some combination of PIN plus passkey, and have to figure out how to make the database recoverable if people forget their PIN (or lose their passkey?) without me having to store it for them or it being easy to access. I'm no expert on this, just think the complexity can be a lot more when taking this all into consideration. |
|
| |
| ▲ | crtasm 6 days ago | parent | prev [-] | | It's been backing up to my SD card for years, I've not set up a script to transfer it off-device though. | | |
| ▲ | _aavaa_ 6 days ago | parent [-] | | That only works on android. The same basic functionally, even backing up to a place on the phone, has been missing. |
|
|
|
|
| ▲ | nar001 6 days ago | parent | prev | next [-] |
| I'm confused, what's stopping you from using one of the backup services you already have on the file after it's done? Since Signal would backup to a file in your phone? Couldn't you just point your service to it and automatically sync every day for example? |
| |
| ▲ | daveoc64 6 days ago | parent | next [-] | | The existing backup feature on Android doesn't do an incremental backup. I just ran a backup, and it was 850MB. So having my phone upload something of that size every day would be a bit annoying. Most of the major cloud storage platforms don't offer sync on Android. It's not really a good fit for how the filesystem is used by Android apps. I currently only do a Signal backup every few months (when I remember), and manually upload it to OneDrive. I'm not going to pay for their new service - I already pay for too many storage services. | | |
| ▲ | styanax 6 days ago | parent [-] | | > I just ran a backup, and it was 850MB. So having my phone upload something of that size every day would be a bit annoying It may be inconvenient but this can be solved by using the features in the app to review your storage and save those thousands of images/audio/file sequestered inside the app out to the filesystem, then delete them from the app. You're not backing up "chats" you're backing up your image library being stored inside a chat app. (yes I get the argument that you need to store them "in context" so save those and do the rest. there's no way 100% of that 850MB is "must have saved inside the app in chats" data, I'll bet $10 USD on it) | | |
| ▲ | daveoc64 6 days ago | parent [-] | | Reducing the size of the backup would solve one problem, but it's really the lack of automation of the process that's the annoying part. | | |
| ▲ | styanax 6 days ago | parent [-] | | We're partially there, under Storage is an option allowing you to set how long to keep messages and I've set mine to one year. Possible: forever (default), 1y, 6mo, 30d - and it works, my old chat messages (not the whole chat, just individuals) are properly culled over time. Edit: in context, Google Messages has none of these features and I have friends still married to Google Voice who send me tons of pics. Culling SMS requires using a third party tool to export and re-import etc. leagues behind Signal. None of it's backed up without the same third party tools as well and no built in image management. |
|
|
| |
| ▲ | hackmiester 6 days ago | parent | prev [-] | | Well, just to be clear, signal for iOS did not support ANY backup before this. |
|
|
| ▲ | Silhouette 6 days ago | parent | prev | next [-] |
| Note that in all cases, Signal could/should still fully encrypt this data before pushing it to the provider; the backup wouldn't be expected to be "legible" to the user. That seems like an unhelpful limitation for a lot of people. For me - and as far as I know literally everyone I communicate with using Signal - the reason to use it is the E2EE for the messages. Once we have the messages or media on our own devices we're fine with having control over them ourselves. By all means also provide an option to create a secured archive for those who want it. But as long as the data can only be read using a specific app on a specific device then whatever you're creating isn't really a backup for a lot of practical purposes. |
| |
| ▲ | varenc 6 days ago | parent [-] | | Agree with the sentiment, but I can understand why they don't offer this. Rational or not, people will feel less safe if all their messages can just be easily exported to plaintext. A few scenarios where this might matter like the 'evil maid attack' where someone briefly has access to your unlocked phone. But I just use this project to export my signal messages to plaintext: https://github.com/tbvdm/sigtop I have it auto run periodically and it's great. Makes for easy full text searching of my message history. | | |
| ▲ | Silhouette 6 days ago | parent [-] | | Rational or not, people will feel less safe if all their messages can just be easily exported to plaintext. IMHO the point is that it's not rational. Signal is as vulnerable to the analogue hole as any other messaging platform that displays the messages on a phone screen. There was never any credible way to prevent someone who has received your message from keeping or passing on the information it contained. The idea is as unrealistic as the "disappearing message/photo" applications when confronted with any cheap phone or camera separate to the one showing that message/photo. Ultimately if you don't trust the recipient of your information to treat it as you would wish then your only choice is not to send them the information in the first place. | | |
| ▲ | varenc 6 days ago | parent [-] | | People aren't rational/perfect and Signal wants to keep them feeling safe? ¯\_(ツ)_/¯ (and IMHO there are edge case scenario where the additional friction in exporting messages provides some protection. Particularly when your threat model involves imperfect actors) edit: here's an example. Let's say I use 4 week disappearing message with everyone I chat with. That's imperfect of course, but let's say right now only about 5% of the people I chat with are proactively backing up/screenshotting my disappearing messages and the rest let messages expire. If Signal rolled out an "export all messages to plaintext" feature, then suddenly that 5% might become 50%. And now a lot more of my messages which used to disappear, are being preserved. If everyone I chat with is a perfect 'threat actor' that always backups up every message they ever receive, then there's no difference at all. But most people aren't, so practically there's a big difference because now exporting to plaintext (and bypassing time restrictions) is trivial for the masses. |
|
|
|
|
| ▲ | barbazoo 5 days ago | parent | prev | next [-] |
| > Because it seems to me that, for much of Signal's (often paranoid) audience, they'd much rather use one of the backup/sync providers they've already verified trust of, than have to additionally trust some new backup service provider. I wonder if those folks are the ones actually asking for backups. Personally I couldn’t give a shit about my messages from more than a week ago and part of that has to do with privacy. People concerned with privacy might also be more likely to have disappearing messages on which is the exact opposite of a backup. I honestly wonder who this is for exactly. From reading other threads, are people using this as their primary media backup basically? |
| |
| ▲ | kdmtctl 5 days ago | parent [-] | | This. The former core user base would prefer the definitive history destruction to a reliable backup. But this audience doesn't grow this fast anymore. |
|
|
| ▲ | purpleidea 6 days ago | parent | prev | next [-] |
| The signal org does some sketchy things. Like for example, why won't they release all of their infra automation backend code. There's no reason this and all the other tiny bits should be kept a secret! |
|
| ▲ | palata 6 days ago | parent | prev [-] |
| Did you read the article? |
