Comment by px43
2 years ago
So you're looking for a feature where someone can hit a button and get a clear text export of all the encrypted chat history on the phone? You do understand why that feature doesn't exist right? Backup utilities are regularly abused by criminals and other bad actors to harvest private data.
If you want to record all of your chat history with someone and keep it around forever, Signal is not the right tool. Signal is for private communications, and I'm glad that people on the other side of conversations with me can't just export everything with a button press. That would be a massive violation of trust.
That's just wrong. You can export your chats in a secure format, signal android even let's you do it on a schedule. Combine with a hosted file server like nextcloud or google drive and you have automatic fully encrypted backups
What I'd like is an incremental backup feature in Signal android.
Currently you pay 2x the phone storage space to make a backup, and then with something like Syncthing you've got to do even more to not just be storing hundreds of gigs of mostly the same data.
Yeah same, I additionally do nightly rsync copies of my nextcloud to a second server in a data center and cleaning out all of the signal backups gets annoying after a while
This might have been accurate if this feature didn't exist on Android. The simple solution is that the backups are encrypted.
>people on the other side of conversations with me can't just export everything with a button press.
Once any data is off your device and (decrypted) on someone else's, you must assume that they have full control over it, which includes backups. Anything else is poor privacy practice, security through obscurity.
In principle you're correct, but in practice, the lack of an export feature is enough to make sure that 99 out of 100 conversations don't get leaked to third parties. You don't know with perfect certainty which ones do get leaked anyway, but...
99 out of 100 conversations wouldn't be leaked to third parties even if there was an encrypted backup feature - which there is, is android. You're trading hostile inconvenience for basically zero benefit.
If "99 out of 100" is your acceptable threshold, Signal is probably too much encryption in the first place.
2 replies →
There are multiple tools to convert your backup db from Android to HTML and plain text as long as you have the backup passphrase.
You realize Signal chat history is stored in an unencrypted SQLite DB on desktop right?
If anyone is curious I highly recommend exploring the desktop app implementation. So many of security guarantees that Signal ostensibly provides are gone in desktop environments where any app you have installed can read ~/Library/Application Support/Signal to and see all your contacts and messages in using the encryption key stored in cleartext in config.json.
https://vmois.dev/query-signal-desktop-messages-sqlite/
Wow. Didn't know this. Signal's got a lot of user warnings when doing anything that breaks the security model. I don't remember Desktop giving a "Your chats are essentially unencrypted on this platform" warning.
If you can see a plaintext decoded message you should assume that it is system-readable if you don’t have some kind of guarantees about a memory-secure enclave. Use a secure system if you care about this.
Do you realize you can create an encoded backup yes? Like, protected by a password.
The arguments against backups are incredibly dumb