Honestly, the one and only feature I'm missing in Signal that would let me use it and recommend it to everyone without reservations (rather than exclusively for ephemeral-only communication) is the ability to keep identity and full message history when moving to a new device.
Today, on iOS, you can't move your Signal history to a new device, and on Android you can only do so by manually making an encrypted backup file and writing down a 30-digit passcode, completely separate from the normal Android process of moving to a new device.
People keep long histories of messages, going back a decade, containing pictures and memories that aren't stored anywhere else. Message history is valuable data.
This doesn't seem like a "new cryptographic research" problem, this seems like a "well-established crypto (encrypted files) plus integration with standard device backup/migration" problem.
I really like Signal, I think they're doing things very well, and I wish I could use it without being constantly at risk of data loss. And this doesn't seem like an uncommon request, from what I've found.
Is there something I'm missing that makes this a hard problem? Or is it just a problem that nobody has prioritized?
Yes, there are a lot of us out there who use Signal and have this single missing feature as our largest pain point. My previous phone (iOS) would have been donated or sold to someone who could make better use of it, had I been able to actually get years and years of Signal conversations (with media) and memories out of it. But I can't (without prohibitive amounts of manual work), so it lies unused in a drawer waiting for the day I might.
The Signal devs don't discuss their roadmap, as is their prerogative. The result is of course that no one knows if such features are even planned, let alone worked on. Half a decade (?) of sad and frustrated forum posts and GitHub issues attest to that. I scan through them from time to time to see if there's any word.
But! There was actually a tweet from Moxie just a few weeks ago in a thread started by Matthew Green, I think, hinting that they might be working on it. It did make me a little happier. But yes, five years is a long time to wait for this feature, and we don't know for sure if or when it's coming. Me, amidst all the frustration I am very happy for the software they are giving me almost for free (I've donated a little bit).
By the way, Josh, props to you for your patience and professionalism in the debian-devel thread about librsvg the other day.
Oh, wow. I stumbled over the thread just the other day and mechanically just read the month and day... Since it was November I somehow assumed it was recent without reacting. Thanks for the correction! Well, belated props to you then. =o)
I converted several non-technical people to Signal, and a few were devastated to learn that getting a new phone meant that they lost their message history. They refuse to use it ever again.
The other sticking point is the phone number requirement. A (female) friend shared her “Signal” contact info with a professional acquaintance who doesn’t understand boundaries. After ignoring him on Signal, that led to unwanted SMS messages and even phone calls. For such a privacy-focused app, I don’t know why they are not more interested in protecting phone numbers.
I just had the experience with a friend whom I got to use Signal who was shocked that she lost her message history when switching phones. Our conversation about it was kind of awkward because I was thinking something like "mud puddle test" (https://blog.cryptographyengineering.com/2012/04/05/icloud-w...) and she was thinking something like "missing basic feature".
There is no way to move messages from one iOS device to another (such as a new phone). My girlfriend recently got a new iPhone and wanted to transfer our Signal message history from her old iPhone onto the new one. She said it wasn't possible, and then I spent an hour or two reading about it figuring there must be some hacky awful way to accomplish it. I couldn't find one. This has been an open issue for years [0][1].
Android has an inconvenient backup flow (that involves randomly generated 30 digit PIN and manual transfer of file), but that's infinitely better than the total lack of options on iOS. I do wish Android (and iOS) had a method to download all message history to decrypted plaintext (or JSON) for use with other apps. If I own my data, decrypting it should be my choice.
I regret recommending to my girlfriend that we use Signal, and won't recommend Signal to more people after this.
I actually going in the other direction with Signal
I turned on timer (1 week) for all of my conversation.
Nothing stays more than a week and I do not keep any backup.
It's not for security or privacy reasons. I feel like I don't need a full history of all my conversations with everyone from the beginning of time.
This fits more to the real life model of having a conversation with someone. I don't record my conversations with people so why do I need to do it in chat apps?
My Whatsapp is the same. Don't need all the massive amount of chat history...
Interesting that that model works for you, but that doesn't mean it works for everyone.
Persistent history that lasts many times longer than the lifetime of any one device is a required feature to fully replace chat apps that have such history.
BUT I've heard a lot of people request the feature of porting messages. I didn't realize people care about this till they started telling me (I have convinced a good number of my friends to switch to Signal). So I'd say that because the market is asking for it, implement it. (I do notice that it is only iPhone users asking me about how they can do this. Might be selection bias)
BTW, you can do this! [0] I'd think the easiest thing to do (I don't know iOS or Android at all) would be to create a backup to iCloud or Drive that will hold an encrypted file. Then a function for the reverse. Since I don't do anything remotely near mobile, is this not fairly easy to implement? Encrypted backup is one of the top requested features [1] and seems one of the easiest to implement.
- Not being tied to a phone number, or a way to add a user without a phone number
- domain fronting (... thanks Amazon... )[2]
I think both are in the spirit of what Signal is trying to do and would specifically help protestors in authoritative countries. That they can decrypt their phones and not reveal others in the group chats. But I understand that these requests are much more difficult than asking for encrypted backup.
I'm with you on that. Maybe it's just me, but I believe that a communication system (be Signal or email) is not designed for long term storage, it's just not efficient to keep structured data and not made for that purpose.
If a fragment of a conversation is useful, I'd store it somewhere else safe just in case (Password Manager, as a secure note).
I think maybe we have different definitions of "useful".
I'm pretty stubborn about preserving my chat history; it goes back across several phone upgrades. When my dad died earlier this year, I was glad of it. I get to scroll back and see what we talked about.
If my choice was between secure comms and keeping history, I'd take keeping history. Surely many people are in the same boat. So if Signal wants to be truly ubiquitous (which increases security for all users), they really have to solve common user needs.
I did the same. Only one person voiced their annoyance due to messages disappearing. I never used chat history as a data store, I move appointments or things I need to know into my agenda/wiki, but it seems some use chat history+search for that.
Since I really dislike using chatlogs, and rather not keep any (and ever since the 90ies, I never have), I really like the 1 week timer on Signal.
I've been putting the same 1 week timer on all chats; it's a breath of fresh air. Very happy that these chats are ephemeral. It feels far more natural.
(Not a "it works for me it should work for you", just wanted to share an anecdote :) )
I've written a little Android app that watches the Signal backups directory and uploads new files to Google Drive when they appear. For a new phone, it can download your latest backup and put it where Signal will find it when you first run the app. I want to polish it and put it on the Play Store, but of course the last 20% is 80% of the work.
I'm also reluctant to release it publicly because I'm worried about the support burden, because, while I've made the experience as easy as possible, it's still not a great experience considering how Signal works. I expect to see a lot of angry users who don't realize (despite documentation) that they need to download the backup to their new phone before running the Signal app for the first time. And then I expect people who lose their backup encryption key to blame me that their backups are unrecoverable.
I guess at the very least I could open source it at some point, but the setup is a pain since you need to create a Google Cloud project authorized to use the GDrive APIs.
Signal really needs this built-in. It puzzles me that it hasn't happened yet, since I built this little app in under ten hours (and I hadn't touched Android development in a good 7 years and had no experience with the GDrive APIs).
> Is there something I'm missing that makes this a hard problem?
Yes. Pretty much the entire security model of Signal underpinned by this UX compromise. The way signal works at the moment, you sign up for an account with your phone number, your device generates a secret, and that secret is used to secure all your communication. You can pass that secret around devices (as long as you have a device that has it - or just the original phone, I can’t remember). You are also responsible for making sure the people you talk to are really who they say they are. When you first add a contact, it’s up to you to make sure they’re not an imposter, and if they have to reset their account their secret changes, and you have to verify who they are again. If somebody takes over their phone number on a new device, they have to generate a new secret, and while they may succeed in impersonating the person (depending on how vigilant their contacts are), they at least won’t get access to the message history.
To allow for recovery of message history, you have to escrow the secret somewhere. If you give it to the service provider, then the security model is thrown out the window, and you just invented FB Messenger. If you give it to the user to escrow, then you’ve just kicked the can down the road, because a consumer is just as likely to lose a secret as they are their device, and the ways they may choose to store it will make the whole system less secure for essentially no UX gain.
This is an unavoidable trade off. If you want the service provider to be able to recover your account, then they (or at least somebody in addition to you) has to have access to your secret. If you want your messages to be private, then you can’t allow for a 3rd party to be able to recover your account.
> To allow for recovery of message history, you have to escrow the secret somewhere.
You seem to be missing the point here: this isn't even about storing your data on someone else's computer with some kind of key escrow, this is about local backups not even working. Apple only recently implemented iMessage "sync", but before that (and still now), iMessage data was backed up to your Mac and accessible in your backup, without any concern about it being on some server or key escrow issues. Signal is simply missing the ability to get your own data out of the app on iOS. (And like, to really underscore how this is not a fundamental issue with Signal, their Android app does have a data export feature. They just don't think this is important enough to prioritize for some crazy reason.)
Yeah that’s true. They should allow encrypted backups to be stored in iCloud backups (they intentionally exclude this for some reason). But even then, this is a feature that will only ever be used by highly motivated individuals. The Android backups are useless if you lose your 30 digit secret. I agree their position on this is shit, but I can’t imagine it’s a barrier to mainstream adoption.
As a messaging service, it’s certainly not ‘unusable’. You’re claiming that the ability to permanently archive message history is an absolute minimum requirement for consumers (and that a service that does not offer this is ‘unusable’). I’m going to put a big citation needed on that.
With passwords lol. When the weakest link in your chain is some terrible password your user picked, then all your fancy crypto is pointless. (It also still allows a user’s message history to be destroyed when they inevitably forget your password)
The best solution I’ve seen for this is the BIP39 mnemonics that crypto wallets use (because they face exactly the same problem - making the user the ultimate custodian of the keys). But it’s still terrible and barely usable.
You can also do the 1Password approach and have other users that you trust store all or part of your key material. But all any of the solutions mentioned in this comment do is spread the problem around a bit, not solve it.
I don't see the issue as dramatic as you do as I probably don't change my device so often. Writing down a 30-digit code once every 2-3 years isn't that hard. I assume people for whom this is too much do already use whatsapp and wouldn't switch over because they don't care about the reasons for why you have to write down this 30-digits code.
> Writing down a 30-digit code once every 2-3 years isn't that hard.
If you know that Signal needs a special backup procedure. If you don't, you've lost your data.
Also, that process applies to manual backups and recoveries, such as for device-to-device transfer from a working device. It doesn't work nearly as well for performing regular backups of a working device in case it abruptly becomes a non-working device.
Maybe the concern is exfiltration? Making it easier to move phones may also make it easier for a hacker to exfil your data from a local hack or your phone's cloud (i.e., just hack your Icloud and trigger restore to a new phone)
Unencrypted data/keys should never be in the backup, only data encrypted to some passphrase. It's perfectly fine (and necessary) to require a passphrase to recover backed up logs on the new device.
Signal has had the ability to export chat backups for a long time. I'm not sure why people would complain other than the export is local and you have to manage migration to new device by copying files instead of it being saved on a server and uploaded to your new device after you lose an old one.
Also, identity is persistent since you're using a phone number and signal attaches the name you list to that phone number with a registration passcode that must be entered intermittently to keep receiving messages.
I think I'm an exception in this instance, but I don't understand what value there is in message history. How often do you find yourself reminiscing by going back through a messaging log?
If there are photos that should be kept then there are other ways to back them up. Is there valuable context in the conversation that was had around the delivery of the photo?
Are messages backed up and restorable for other messaging systems, and have you ever needed to go through a restore process to look back through a conversation?
If it's for the purposes of software project development team discussion and history needs to be kept for legal reasons then I think Signal is intentionally not aiming at that demographic.
I get that there are special moments in life but, for me, the textual conversations around them are very secondary to the moments themselves. But then, in discussions I've had with other people, my opinion seems to be the exception.
I have all my Signal messages set to auto delete after 7 days (or less). And I'm pretty happy with how that works. If I thought people at a bar were recording every conversation they had or could overhear forever, I'd talk less freely (and go to different bars).
Not everybody wants ephemeral chat. But I suspect more people _think_ that's what they've got - but in reality do not have...
I'm going to keep digging this hole for myself because I think there is some amount of treasure to be found. I'm also interested to see how far out of touch I am.
There are tiers of conversation. Letters between famously literate people or during times of war have a value proposition on an entirely different scale to group chat messages.
It's about the value that the individual assigns to the content of the conversation (this is almost arguing against my stated position). But if that conversation is never re-visited anyway, the value is the status of Schroedinger's cat.
What content that is worthy of "Letters of note" is a) to be found in chat history? b) not already been saved elsewhere due to it's noteworthiness? c) going to be re-discovered by going back through hundreds or thousands of lines of conversation text on a mobile device screen? d) worth trawling back through hundreds or thousands of lines of conversation text on a mobile device screen?
Again, I'm aware that I'm an exception, but I think it's potentially natural human laziness to want to keep 'everything' in case it might be useful or valuable in a few years' time. Electronic hoarding.
I've recently setup an instance of NoteSelf to more easily track links to interesting articles and my own thoughts and ideas and various other things that I think are worthy of keeping. This is my form of targeted electronic hoarding. I'm in control of it, and it's robust enough to survive a mobile device theft, breakage, or some other kind of failure. Prior to that I write things down in journals, or other systems, some of which have been totally lost, but I don't find myself missing it or 'wondering what could have been'.
It feels as if the point that I'm trying to make is that mindful archiving is a better solution than to just 'keep all the things' - for me, primarily, it's the far improved wheat / chaff ratio.
Conversation is connection. Yes. But recorded conversation is just a reminder of connection, not the connection itself. I think my argument falls down when it comes to someone that's passed away, and keeping their flame alive to some extent. I don't work like that, but I wouldn't expect it of others.
Second, time helps ("we were talking about it around this time of year").
Third, you don't necessarily know how valuable the conversation is when you first have it.
And fourth, pictures and video and similar.
> It feels as if the point that I'm trying to make is that mindful archiving is a better solution than to just 'keep all the things'
I used to carefully archive every email in an appropriate folder. Now I only have one folder, "Archive", which contains all mail, and I use search to find what I'm looking for. (Search is all I used back when I had folders, too.) That requires far, far less work at the time of receiving a message.
Consider the time taken to carefully file something away, the difficulty of keeping such things organized manually, the ease of just automatically storing everything organized by time and people, and the likelihood of you successfully predicting in advance what you'll want later.
> There are tiers of conversation. Letters between famously literate people or during times of war have a value proposition on an entirely different scale to group chat messages.
Only in retrospect. At the time, it's impossible to know. We happen to have (some of) Picasso's childhood artwork. What might it be like if we had da Vinci's and Bosch's and that of the Lascaux Caves artists?
Destroying information now is expressing 100% confidence that nobody will have use for it later.
> It feels as if the point that I'm trying to make is that mindful archiving is a better solution than to just 'keep all the things' - for me, primarily, it's the far improved wheat / chaff ratio.
Depends on the cost of storage and retrieval, really. That was certainly true for, say, paper letters. But as the cost of storage and retrieval goes steadily down, manual archive selection becomes less and less worth it. Hoarding is only a problem IRL because it becomes expensive and unsafe. But my digital archives grow much more slowly than Moore's Law, so the cost to me of keeping all my email, photos, etc, is effectively zero. When I replace my backup drives every few years I spend about the same amount of money, and I keep having more and more space left over.
> Destroying information now is expressing 100% confidence that nobody will have use for it later.
Or an acknowledgement that it might have the capability to be used against you later.
Would you be happy for every word you ever said, in public or private, to be recorded and transcribed and searchable just in case it becomes an "important source to historians", or just as likely "an important source of parallel reconstruction data for $yourCountry{'nsaEquivalent'}"???
We never got a record of Pepy's bar discussions, only what he chose to record in his diary. I'm not sure we need my Signal messages stored for posterity either. Read my blog or Reddit posts, other stuff was intended and should stay private.
There's a good reason a bunch of interesting bars banned Glassholes...
Sure! Don't store them if you don't want to. I'm not sure how you take me as saying we should live in some sort of totalitarian fantasy you have constructed. I'm trying to help somebody understand why other people want to voluntarily save things.
> It feels as if the point that I'm trying to make is that mindful archiving is a better solution than to just 'keep all the things'
On the topic of plain text things (such as text messages) - how much data are you actually hoarding?
Let's say you type 100 words per minute for the next 40 years (and each word is 10 bytes). No sleep, no breaks, just 40 years of typing. Congratulations, you just produced 21GB of data. This fits on an SD card (<$30) or in the cheapest tier of cloud backup like Dropbox or Google Drive.
You can search your 40 years of typing in well under a minute. If you remember the year you typed in, you can grep the data from that year in under a second.
I don't like the term "hoarding" for this. Hoarding has a negative connotation. Storage of plaintext is so incredibly cheap (and search so fast) that I feel that option value of retaining the text is almost always greater than the miniscule cost of storage and slower retrieval.
I don't think are any valid analogies between storing physical items and digital items, as digital storage and search is orders of magnitude cheaper. Consider the same experiment where one writes with pen and paper for 40 years, and then wishes to search for the name "George".
Making a decision of what to keep must be more expensive and time-consuming than just keeping everything.
I remember searching for something in Hangouts at work for a tidbit of info that I should have noted elsewhere. It was useful, but I wouldn't say it's a must.
An email thread is useful and somewhat readable, and endless conversation between an individual or a group is less so.
Today, on iOS, you can't move your Signal history to a new device, and on Android you can only do so by manually making an encrypted backup file and writing down a 30-digit passcode, completely separate from the normal Android process of moving to a new device.
People keep long histories of messages, going back a decade, containing pictures and memories that aren't stored anywhere else. Message history is valuable data.
This doesn't seem like a "new cryptographic research" problem, this seems like a "well-established crypto (encrypted files) plus integration with standard device backup/migration" problem.
I really like Signal, I think they're doing things very well, and I wish I could use it without being constantly at risk of data loss. And this doesn't seem like an uncommon request, from what I've found.
Is there something I'm missing that makes this a hard problem? Or is it just a problem that nobody has prioritized?