I have been using Signal for two years now and I love it.
However I really, really hope they can work on a good backup and restore process as losing my message history because I have to reinstall the app on my desktop[1] or have to reset my phone is a horrible experience.
Just build an encrypted blob and zip it up and pop it on my iCloud or Google Drive or leave it local and let me deal with it but I need something. As my Signal use moves from just messages with friends and family to business contacts I need a reliable way to backup my messages!
[1] I should state I mean losing the desktop copy as it starts "fresh" and does not import any messages from the phone.
Edit: I should probably clarify I am talking about the iOS/macOS applications as these are what I use. iOS does have a migration feature but that doesn't help if your phone is lost/damaged. I need a proper backup and restore process as well as the ability to import messages from the phone to the desktop app.
> However I really, really hope they can work on a good backup and restore process as losing my message history because I have to reinstall the app on my desktop[1] or have to reset my phone is a horrible experience.
I've tried to report bugs and talk to developers about this but there's one fundamental problem here - the Signal team fundamentally does not value chat history the same way a lot of people do. They think that destroying all chats is a reasonable thing to do when things get hard - which is the exact opposite to many WhatsApp users, which deeply value images and texts sent to them on that platform.
As such, they've been very very resistant at making the backup process for Signal easy for people. This is also why deskop app regularly happily just trashes all its state and fails to resync. This is why they will never let you make the backup process easy and portable.
It's not a technical issue - they just think you're wrong when you want to keep your conversations.
Unfortunately that's can also be a significantly bigger issue than privacy for a lot of people.
I think it's astute of you to point out that the Signal developers do not value chat history the same way many people do, but I am not sure I track with this:
> It's not a technical issue - they just think you're wrong when you want to keep your conversations.
as much.
When you are treating security as a number one priority I think there are a lot of things that become technical issues which aren't typically. Transferring or backing up history between disparate devices, which become trusted at different times, is one of those things that I think _is_ difficult to do without sacrificing security.
For example, in the classic case when a user adds a new device and wants history to be available on both you can't let the devices controlled by one person simply sync with one another. To do so would be making a security concession to the other members of the chat in that they no longer verify every destination of their message. If you are unwilling to make a security concession everything in this area becomes magnitudes more difficult. I wouldn't say it is impossible, but it's definitely not trivial.
My gut reaction is also that it is difficult to _guarantee_ history in this type of security first mindset. If you add a new device and someone doesn't approve/verify/trade encryption keys with the additional client then there isn't much you can do besides not make that data available no? So I don't think it unreasonable for developers to hold the mindset that history is not a priority for a security first application.
I mean what is the point of obsessing about the security of the messages if you don't value the messages themselves?
Some people[1] clearly value message history far beyond the transfer point to chat itself, and making people choose between being spied upon and not having message history, I think many people will choose trusting that they won't lose their messages.
[1] Myself included. I check with Signal[2] every six months to see if they have a backup option, then switch back to WhatsApp when I see they don't. Phones die. My messages are more important than my phone.
He actually seemed annoyed that everyone insisted on using it for everything :-)
If you need bulletproof cryptographically verifiable encryption - use Signal.
If one wants to plan dinner, use whatever fits your bill.
(And if in addition to the same supposedly bulletproof encryption as Signal you also want NSA^HGoogle to back up your messages and Facebook to know who you talk to and when so they might better customize their ads^H^H^H your experience you can also use WhatsApp :-)
The downside of that attitude is that if a chat program is only used for what governments consider subversive activities then it will be targeted to be shutdown. It is much better to have a general-purpose, secure chat program that IS mainstream making it more difficult for oppressive regimes to target.
There is still value in being able to securely communicate in the present even if you are not able to maintain a permanently searchable log of all activity.
There's value, that's why some niches migrated to Signal.
But the general population seems to think they are losing features, instead of gaining, that's why they don't migrate/are upset and surprised when they lose history
I think it is fair to expect Signal to support a solid encrypted backup/sync mechanism. They can allow users to manage the encryption keys out of band. Users can use a password manager (or a piece of paper) to save the encryption key.
Anyone who is security/privacy conscious to use Signal is also using a solid password manager and not reusing passwords as well as following good secure data backup practice, I hope.
> For example, in the classic case when a user adds a new device and wants history to be available on both you can't let the devices controlled by one person simply sync with one another.
> To do so would be making a security concession to the other members of the chat in that they no longer verify every destination of their message.
You can't "verify every destination" with Signal anyway. Maybe the message is going to my phone, maybe it's going to my phone and my desktop - the sender can't tell.
Sure, if you are trying to add an entirely new recipient to a conversation, then of course you can't send them the entire conversation history - but nobody is asking for that.
What people want is the ability to add a new device for an existing recipient, and have the history sync across.
With Signal I can already add a new device and continue existing conversations without the other participants being notified that I've added a new device. Adding conversation history doesn't diminish anything from a security perspective.
> With Signal I can already add a new device and continue existing conversations without the other participants being notified that I've added a new device.
Just today I had a group chat notification that said:
"More than one member of this group is no longer marked as verified. Tap for options"
Tapping brought me to a menu that said:
"Safety Number Changes -- The following people many have reinstalled or changed devices. Verify your safety number with them to ensure privacy"
At which point I was given the option to re-verify (e.g. via a provided QR code), but also the option to manually mark "verified". That is to say something does notify participants of changes to recipient devices.
Signal still had a single primary device, your phone. What you describe happens when someone installs Signal on a new phone (or reinstalls on the current one).
Linked devices are different. There is no notification when someone adds a new linked device. That's because the only way to add a linked device is to scan a QR code on the device with your phone, then confirm you want to add the device. The device is implicitly trusted, because only a trusted device can add it. (It is also possible to trigger the re-verification from the desktop manually by clicking "reset secure season" in the conversation menu, but that's separate from adding a device.)
Aside: Implicit trust like this is a great trade-off, because otherwise you'd have to verify each of their devices from each of your devices, which means approximately nobody will ever do it. Ask anybody who used Matrix/Element E2EE prior to a couple months ago ;D.
> the Signal team fundamentally does not value chat history the same way a lot of people do
This is the core problem as why many projects don't get mainstream. They have 2 options: they can focus on what they think is a priority, or on what the public thinks is a priority.
I'm not saying Signal is wrong on doing what they are doing, as they are being successful among some niches (i.e: tech). But to grab Whatsapp users, they need feature and UX parity, at least to some level
I fundamentally distrust any program which claims E2E encryption and is capable of recovering my chat history onto a new device. This means that Telegram is technically able to recover my chat history, making the "E2E" bit of the encryption smoke-and-mirrors.
I can be wrong, but on Telegram E2E is not default. Those are used only in 'secret chats', which I believe are not recoverable.
So you can use regular texting for everything you don't care much about, like sending youtube videos and memes to your friends, and use the secret chat to things that re more sensitive. That's great for most people that currently use Whatsapp
* normal ppl care about chat history more than encryption, and telegram can be accessed from many devices without tethering from one (a la whatsapp). If you want E2EE anyway, you can use E2EE chats.
* Whatsapp is closed source, so you can't tell if the encryption is true anyway (what if they are transmitting your private key?). Telegram has open source implementation and API.
* Facebook will not have your metadata. The subject of these events is basically FB having too much of data about you.
In my case, I care more about being able to use it without depending on my phone, than E2E. The single thing I hate the most on any messenger is my phone having to be on and online, for me to send/receive messages on my computer
I am unaware of Telegram's implementation, but this is not necessarily true. The app could use a secret you provide and only you know (most obviously, your password) to store and restore chat history.
> I fundamentally distrust any program which claims E2E encryption and is capable of recovering my chat history onto a new device.
I would expect a Signal implementation of this to allow recovering chat history if you restore a backup onto the new device and if you re-enter your PIN.
Your pin is not your key, even through a KDF. That would allow guessing with only 10**4 guesses. Signal exports an unencrypted backup to a formatted text file, which can then be imported by another signal instance.
I don't mean a network backup. I mean a device-to-device data transfer, for which the device passphrase and the Signal PIN together should be sufficient.
(Also, your Signal PIN can be an alphanumeric passphrase.)
That's ok. I care about data hygiene. Signal cares about data hygiene. I don't want old data lying around and ready to be used by nefarious third parties at any point in the future. I'm sticking with Signal as long as they stay true to their values. I don't need it to be #1.
I don't either, but a chat app is useless if I can't use it to chat with people and almost nobody I know will consider Signal. It's either WhatsApp, Telegram, or SMS (horrible).
Telegram is really good for this, in my experience, and similar to Signal.
But you're right, Signal is designed for secure communication between parties. Allowing messages to be exported or archived should at worst leave only your own messages (and remove all others including media) and at best not exist at all.
Sure, let me just single handedly backup our conversation and send it to the HK police...
You should be aware that if you can read messages on the screen with an open source app they can be exported. There's no way around this, if the app is closed source it might be initially harder to export but just as possible.
>...the Signal team fundamentally does not value chat history the same way a lot of people do.
Keeping around old messages more or less negates the value of forward secrecy. The Signal Protocol is obsessively forward secret. So it would be reasonable for those that have put so much work into getting rid of old messages for good would not value them.
It's not reasonable to expect it to be a defacto messenger if you can't save chat history. Full stop.
If I want a conversation to be private, I set expiring messages, for the rest of it, I want to be able to go back and reference things all the time. Whether it be digging up a song link I sent a buddy, or looking up the address someone sent me a week in advance.
If they can't operate or are unwilling to operate under those guidelines then they just aren't ever going to replace whatsapp with the general populace and the community should start work on something else or agree that telegram is "good enough" (I don't think it is).
This really miscomprehends what forward secrecy means. PFS prevents an adv who obtains the keys from decoding previous messages -- even with access to your unlocked phone (and the long lived keys) they couldn't obtain cleartext on any message you had deleted, even with the ciphertext. Also, having a plaintext message does not confirm it was a particular ciphertext.
But it really isn't available to the software author to know how long we want to keep a message for. If I want I can set a disappearing message timer.
Honestly I personally just want the ability to save specific messages. My friend sends me a recipe? Save. Just shooting the shit? Don't save. I don't understand why people want to save their whole chat history but I do understand why you'd want to save specific messages, and that's a big missing feature.
I don’t always know which are important messages until a while later. Someone mentions a useful service or name, so I search WhatsApp to find it. Moved phones recently, iOS backup was screwed up, and I lost some great covid memes and was looking for a specific one. Had to ask the sender to resend it to me.
The idea is to save all messages and have a good search option, so you'll only ever see the good posts when looking back into your history. No need to tag them beforehand.
Honestly I don't want all messages saved. I don't see that as useful. Not only is that noise but just makes me feel uncomfortable in the same way I would if someone pulled out a tape recorder while we were shooting the shit over beers. Then you think about how cultures change and people make a fuss over things from years ago on Twitter even when the person has changed opinions? No thanks. Not everything needs to be recorded. That's the premise of too many dystopian sci-fi stories.
You can simply keep those messages in an encrypted backup. Who knows how valuable they will be in 20+ years. And maybe you will be able to apply (local) AI to them and find out interesting things about yourself.
> I don't understand why people want to save their whole chat history
Valuable messages and conversations can happen too often that it's a hassle to save them manually. This is probably more common in group chats where lots of people occasionally share valuable stuff.
The thing is: your use case and wants seems to be different than like, 90% of Whatsapp users, as they expect to never lose their history. So... Signal is not a replacement to Whatsapp
That's fine with me. I was just pointing out that those two requests are not really related.
I don't know much about WhatsApp, and I've never lost any message in Signal, so I am not sure I am well equipped to discuss whether it's fit for that purpose. But I would certainly love to save individual messages in some sort of vault, as well.
>Keeping around old messages more or less negates the value of forward secrecy.
Why? Can you please explain as my understanding of perfect forward secrecy is that should not matter. I'm not a crypto expert so perhaps I've overlooked something?
I mean, from the perspective of the crypto it doesn't matter. But it defeats the point of building a forward-secret system.
Think of it like this: if I'm an attacker that breaks into the forward-secret chat app on your device, and you have kept a perfect record of every conversation you've ever had using that crypto system in _the same place you keep your identity keys_, then does it really matter whether the messaging system was "protected" by a forward-secret system? You might as well just have scrapped all that complexity and had non-forward-secure messages if you want to keep a perfect, eternal record of your conversations.
I actually think the Keybase guys did a great job at this. They have non-forward-secure chats by default (so that you never lose chat history), but exploding messages (which delete themselves after a short time by design) are forward-secret, since then it actually makes a difference.
I suppose it depends on your "threat model..." How do you want to use your chat system?
Chat history isn't immediately at odds with PFS. As I see it PFS first and foremost is for protecting messages in transit. This is to prevent dragnet-style surveillance.
Chat history means giving up some measure of at-rest security, but it has no impact on the in transit part. Personally I also think some compromise of at-rest is a reasonable trade-off for a lot of consumer contexts because physical capture of your device already is basically game over.
But PFS is specifically about including "my adversary may, at a later date, compromise my private key" in your threat model without giving up plaintext. If we assume that calculating a private key from the public key is ~impossible (which I hope you agree we can do), and we further assume the private key never leaves the device, then forward secrecy is what lets us know the only way to get plaintext is by stealing it from an endpoint. Maybe I'm failing to see the adversary you're defeating with PFS if they're never going to access your device and siphon off private data...
I'm no expert, but if all you care about is transit security, I don't think you need PFS (in E2EE messaging! TLS is a different story, because you have to trust the server). Just protect your private key. But if you're carrying multiple device's worth of accumulated messages _right alongside_ your private key, then what's the point of rotating ephemeral keys after each message?
EDIT: I agree about a compromise on PFS/chat history being reasonable in most scenarios. But I also think that defaults are really important, especially as the contents of chat history can be leaked by other participants, whose chat backups you can't really control. It's a tough problem to solve for everyone.
> But PFS is specifically about including "my adversary may, at a later date, compromise my private key" in your threat model
I'm no crypto expert but that "later date" when talking about PFS is to avoid an external dragnet recording all your ciphered streams and then deciphering them once they have your non-PFS secret key.
I mean, in your definition basically all the messages should be ephemeral on your device and on each recipient device to have PFS.
In the first, a global adversary (say, NSA) records all your interactions via a chat service. This chat service does not use PFS. At a certain point, they capture the private key from one of your devices that uses the service, and is able to decrypt all your messages.
In the second, the same global adversary records all your messages, but this time from an otherwise identical service that DOES use PFS. The adversary captures your private key but can only use it to MitM attack you going forward. However, before discarding your device, they check your conversation history -- because your diligent backup and transfer of all your conversations since you signed up for the chat service, they now have all your messages. PFS did not help.
Now, you could change scenario #2 to where you don't have an option to back up and transfer message history (or simply choose not to), and that's essentially Signal. In that case, the adversary is pretty much hosed except for the messages your device just happened to have on it. Adversary steals message backup == adversary steals private key w/o PFS
This is what PFS is all about: it is about noticing that keeping your private key secret is really hard and admitting you're probably not going to be able to do it.
But even so, when it leaks, the attacker won't be able to use it to unlock the ciphertexts of all your previous conversations that he meticulously recorded. This property is PFS.
There is no need for the attacker to have access to your device in order to execute this attack against systems which don't have PFS.
Sorry, I'm probably explaining myself poorly. I much prefer chat systems with PFS because it mitigates the blast radius of a key leak, I get that. What I'm saying is, if you store a message history that contains the plaintext that Mallory wants, and it's stored in the same way the identity key is, PFS doesn't get you much.
The attacker who has all your ciphertexts needs the decryption key to get the plaintext (which she wants). Now, with a PFS scheme the key gets deleted as soon as I receive and decrypt the message, so the attacker is out of luck, basically (even if she gets my long-term key). However, PFS only moves the target to my plaintext message database...which is stored the same way my key is (as I understand it). So really, unless I purge my message history with some regularity (I do), then the stakes are the same -- don't let the attacker get access to the device.
But most people prefer to have all their chat history available and searchable, at which point individual decryption keys don't matter and therefore PFS doesn't, in my opinion, help much.
> you have kept a perfect record of every conversation you've ever had
The other side of this coin is deniability. If you break into my secure location and steal my chat logs, but you can't tell which are real and which are fake, you've still got work to do.
The Signal protocol has you covered, here. After the fact (ie, as long as you don't watch me receive the message), there is no way to cryptographically prove which of the two participants wrote the message[0]. Thus, it is technically possible to forge a bunch of chat history, or claim that someone else's is forged. Cryptographically, the "spirit of forward secrecy" is secure.
That said, this is far out of the reach of the average person. Even if the only evidence is a screenshot, that conversation probably happened. So in practice yes, you've got a point. That's why I think it would really behoove Signal to add a "forge a conversation" feature. Make it trivial for either person to add a message to their local history that looks like it came from any of the participants, at a specific date/time. Now you've got practical deniability, too.
> But it defeats the point of building a forward-secret system.
Such thinking defeats the actual purpose of the program: to serve users. I don’t want to delete at least some of my history. It’s like Windows, which know better than the users what they want.
I might see why they think that way, but I'll have a harder time sympathizing when the parent's use case starts being more prominent: what happens when your app grows in usage, gets out of the "niche curiosity" category for the mass public, and people start wanting to use it for "serious" matters?
Not being able to back some conversations up is not an option. It would be very ironic if the answer to this was "well, then don't use Signal, because we don't care", and people who cared about the WhatsApp stuff ended up being pushed into Telegram (which seems to be the only other popular alternative, by a wide margin).
I originally didn't write "mass public" but ended adding it to somehow convey that currently is already being used for "serious business", no doubt, but it has been far from widespread adoption so far.
Interesting piece of information. I'm one of the people that values the chat history. Mostly as there are often occasions where I would look up something like a product or a website someone sent me. Also for nostalgia.
It would be perfectly fine if exporting/importing chat history would be a manual process via encrypted files and if it was disable by default. But not having it at all is an issue for me.
That said: It isn't exactly easy with other messengers. WhatsApp does have some backup/restore. But afaik it is limited to the platform you are using (Android or iPhone). The export is limited and cannot be imported again. Telegram has all the messages on their servers... which... ah well, let's just leave it at that.
Makes me think that I need some private third party database that just ingests and consolidates all my chat data for me. With something like that it might be okay just having a few days worth of chat history on the phone.
Signal's devs, for better or worse, are very opinionated. If you don't do it moxie's way then you're doing it wrong. I was once shut down on HN by the Signal posse because I said that I'd like to have a Signal client library that I could use to write my own custom lightweight client. Apparently I'm not worthy and clearly incapable of writing secure code. Meanwhile I have to use that crappy, gigantic official electron app that cost them at least one serious security vulnerability in the past (JS injection, if memory serves).
If you want to make a nerdy niche chat client that's probably a good mindset, but if you hope to appeal to the masses you'll have to put some water in your wine eventually. I managed to convince a couple of my groups to migrate away from WhatsApp lately, but unfortunately always towards Telegram. Signal is just not there yet if you want a drop-in replacement.
> I'd like to have a Signal client library that I could use to write my own custom lightweight client.
You already have that. Signal-cli is based on a standalone Java library distributed as part of the Signal codebase. Of course it is an unofficial client and the Signal team would really prefer you not use it, but if the Signal-cli team can develop something from that library, you probably could too.
This right here is the definition of a technicality -- so much so, that (on second thought) I wonder if this was meant to be tongue in cheek. If so, bravo.
Nope, and that’s the biggest blocker for me. I own multiple smart phones (work and personal), iPad, and two computers (windows and Mac). So far Facebook messenger is the only reliable way to do messaging across all of them, which is a shame because I hate Facebook and I don’t particularly like messenger. But I have not found a single other solution that works cross-device and cross-platform. It also helps that basically everyone is on Facebook messenger, but I’d be willing to put effort into trying to migrate people to other chat solutions if there was literally anything else out there that works well on multiple devices.
I use Element (Matrix) on Ubuntu, Windows 10, and Android. It works great so far, with a few exceptions such as sharing videos from reddit, for example.
Unlike WhatsApp, the desktop app receives messages when the phone is off. Also unlike WhatsApp, messages received on the phone before you paired the desktop app do not get transferred to the computer.
The Signal protocol is forward-secret. I don't know the nitty-gritty specifics of the protocol, but the essence is this:
You don't want someone getting access to your account two years from now to be able to access every old message. Consider every message a separate object that gets encrypted. The keys are changed/updated each time a new device is added to an account. That new device only knows the new key(s), and thus can only decrypt new messages.
>You don't want someone getting access to your account two years from now to be able to access every old message.
The messages I don't want people getting ahold of are either created with expirations or I manually delete them. I couldn't care less if someone 2 years from now can read a chat log between me and my mom if it means that I can actually read them 2 years and multiple devices away from now as well.
What I don't want is to be forced to message with one app for secure chat and something completely different for daily driving. It's a pain, and nobody in my circle is willing to do it (and I don't blame them).
Neither you nor any Signal dev knows what I want (i.e., what security vs convenience tradeoffs I am willing to make). I will choose the tool that allows me to use it in the way I want to use it.
I wanted to use Signal as my primary messenger. I really did. But I had a ton of sync problems between my phone and my desktop client, tried to report them, and the developers didn’t care. Then one day I got a new phone and discovered I’d lost my old Signal identity and there was no way to export my messages from my old phone. And the developers didn’t care about that, either.
They always had some excuse for why it was the “right” behavior and the user’s fault. For example: clients just can’t sync more than 1000 messages, and if you go this long without using your desktop client, well, you’re out of luck, and you should have realized this.
I just can’t recommend a platform on which the developers don’t care about usability.
Matrix has this. You can save your recovery key somewhere to recover your chats on a brand new device.
You can actually just use another logged-in device (e.g. your desktop) to recover your chats by scanning a QR code to trust the new device. Recovery key is just in case this isn't an option.
Signal has a method to backup chats, at least on Android. It's under Settings > Chats and media > Chat backup. Baffling if this feature isn't available on iPhone.
As mentioned elsewhere in the discussion they now provide a way to migrate data from one iPhone to a another, but that's assuming that you have the old device still.
I have an old device which I have saved because the messages on it are emotionally important to me, but that device is too old to transfer to my new device.
Main problem being you don't have access to the file structure on an iphone. So you can't simply drop a backed up folder in there like you can on Android. You are stuck needing the previous device.
Since iOS 12 or so, iPhone has a built in files app. Every app can integrate with that. So when I create a file (let’s say chat backup) in app A, I can put it in the files app. Then in app B (or app A on a new phone) I can easily open that file from the same files app.
iOS has had a Files app for years, locally. You could easily export an encrypted .zip from Signal and save it locally, just like how Signal on Android saves it to your internal storage.
For some reason, the Signal devs won’t even acknowledge this possibility and continue to say “we can’t enable iCloud backup” - which is fair enough, but nobody is asking for that and they’re simply putting their fingers in their ears.
It's super hacky but this [0] bit of code I adapted from some other hacky code will let you export to MarkDown/HTML. No hope of getting the messages back on my phone, but at least I have an archive of messages and media.
Why would you want this? You don't save history for other types of chats, like in person conversations or phone calls (even though you could, with your phone recording in your pocket or call recorder apps). If something important comes up, like an address or recipe, copy/paste it into your notes app. Otherwise set your messages to expire after a month and be done with it.
I used to be a message-hoarder too, but I recently realized it was all utterly useless and the cost of maintaining and transferring that history around everywhere wasn't worth the twice-a-year I actually wanted to search for something.
Because I have repeatedly dug out useful information from chats, days, weeks, months, or years later.
> If something important comes up, like an address or recipe, copy/paste it into your notes app.
You're assuming that 1) you know what's important at the time, rather than realizing later, and 2) you want to take the time, at the time, to figure out somewhere to file it.
> I used to be a message-hoarder too, but I recently realized it was all utterly useless
That's your choice, but that doesn't make it the right choice for everyone. Your preferences are not universal. (And descriptions like "hoarder" deride the choices of others.)
> Signal isn't email.
People advocate using Signal in place of email, for security.
I cannot advocate Signal to anyone I know until it learns to treat user data as incredibly valuable and irreplaceable.
If people want to mark their messages as transient, or even mark all their messages as transient, so be it; that's their choice. But if a message is not marked as transient, it must be possible to securely and easily preserve that message for longer than the lifetime of any one device.
How about multimedia? Photos, videos? Docs that I may not wish to read now but have available at a later date if needed? Most of those I would rather leave 'archived' in context than pick and choose which to download to device storage and then have to further sort and annotate.
> You don't save history for other types of chats, like in person conversations or phone calls
There are more than a few conversations I would absolutely love to be able to revisit, but I can't. Like those small, ordinary moments with my Grandma, of which I remember just very little, I didn't think much of them at the time. With those people I've lost who did leave chatlogs, they have been helpful at times.
I find it also can be very insightful to be able to drop into ten-years-ago me's life, just to find how much I've changed in some respects – or how little. It's a great source of self-reflection for me.
If keeping chat logs is something you personally don't value, that's great, you do you. But keep in mind that people are wildly different and lots will have needs, preferences and principles that are the opposite of yours, and just as valid.
Exactly. Keeping message history is a liability. There is no need to keep all old messages beyond one week. If there is something specific worth saving, there are apps for taking/pasting notes.
I can think of many reasons full message history is valuable.
- a friend says something that you don’t realise is important until months later and need to reference
- a friend or partner dies and you wish to revisit old times by reading your messages
- a couple wish to nostalgically re-read random conversations from their early time together
- a group chat for work or students shares valuable resources that you wish to reference, but is impractical to make copies of the dozens of messages
- legal reasons if somebody accused you of saying or doing something you did not do
- you’re going to an address (for example) that somebody sent you a week prior, but you forgot to save it
People are forgetful, people are emotional and nostalgic, and people are argumentative. All very good reasons for a chat history. Disappearing messages are simply always opt-in precisely because most people do not want it.
I'm sympathetic to all of these, but I do remind myself that sentimental reasoning is probably as close to diametrically opposed to Signal's goals as you could be.
Well for example here Whatsapp is the main communication medium with your landlord. It's useful to keep that full communication history in case any disagreement comes up.
Doesn't Signal already have backup? IIRC, when enabled it once per day saves all messages (encrypted with a backup key, which you have to write down somewhere) to /sdcard/Signal, and you can then use Syncthing or something similar to copy it to a new phone. If you put that /sdcard/Signal folder there before starting Signal for the first time, it'll ask to restore from that backup. WhatsApp has an identical local backup and restore flow (except that it gets the backup key from their servers, instead of requiring you to write it down).
It's a backup which demands that you WRITE down a very long numeric code, then manually copy files off and then hope your family doesn't lose all of it.
It's a horrible user hostile process which isn't even implemented for iOS.
To be fair (to iOS users, not to Signal), the device transfer procedure on Android is somewhat more cumbersome as a result.
iOS gets the smooth new device-to-device direct transfer of the backup while Android users need to copy the encrypted blob (~2GB for me) to the new device and enter the encryption key. Admittedly, it does still allow for more flexibility than on iOS.
It is nice that the iOS version has that, but it a major pain say, if you are asked to reset your phone and restore from backup.
The recent issue with the Apple Watch not syncing health data meant that to get anywhere I had to wipe my phone, I had no where to transfer my Signal data too, thus - all gone.
It's not ideal when dealing with members of your family who really don't want to lose data, and is probably one of the few things that stops me in my own situation going over.
I do understand that in some cases this is actually a feature too, so I am not discounting it - just in my case this specific reason makes it really hard to justify a move over.
Just annoying that there isn't really a viable alternative anywhere at the moment :(
If iOS had that same option of a encrypted blob option then that would have solved my issue with the phone restore!
The lack of options to backup and restore from Android to iPhone was extremely frustrating. I convinced my mother to use Signal as her default SMS app on Android, and when I bought her an iPhone, all her SMSs were lost (except to open up the old device). Not the worst problem in the world, but it leaves a very nasty taste.
Never mind that transitioning between iPhones (we almost bought her a new phone this year) has the same problem. That this is not supported invalidates Signal as a replacement for SMS or Whatsapp for many many non-technical users.
For this and a few other problems I ran into with Signal early in its lifespan -- problems that burned not just me but people I persuaded to adopt it -- I'll never put my neck out for this software again.
Reliability and a lack of surprises are the absolute most important features for the 21st century extension of the good ol' Plain Old Telephone Service, and it's sad and frustrating that anyone delivered chat software without getting that first.
I'd at least settle for having the messages sync properly between my devices. When I used Signal ~1 year ago on Linux desktop and Android phone, if I had it open on my mobile I would get the messages there, and then if I later opened the desktop client I didn't get the same messages there. Sometimes I purposefully move from phone to desktop because _typing on a small touchscreen sucks_ and I want to type on a keyboard. But fragmenting the message history just ruined usability for me. Hopefully it is better now.
Agreed. I don't understand why iCloud backup is not a thing. When I broke my phone and needed a replacement, I lost all my groups.
It's not even the message history I care about. It's the fact that people sent me texts in the group while having no idea I was no longer receiving them. If there was a way to back up just the group memberships, that would be great.
It won’t be baffling but appalling to see how the Signal team (moxie in particular) have responded to requests for a backup and restore feature. They’re user hostile and prefer to do things their way. On iOS, Signal has always prohibited its data from being backed up with iTunes (doesn’t matter whether your iTunes backup is encrypted and protected by a password or not). Even now there’s only a recent “transfer data” feature from one phone to another in real time.
Putting aside the complaints people have that this feature was flakey and didn't really work, this one use case isn't sufficient, as I usually switch to a new phone because my old one was destroyed... and I imagine this is the only reason people poorer than me get a new phone. Users need the ability to do non-transfer backups (which it sounds like this feature doesn't support).
The reality is that my iTunes (encrypted) backup should include my chat message history. That the Signal client on iOS (and maybe even on Android, as while it has backup I think it is a bespoke backup) has decided that somehow Signal chat message history isn't something one can backup at all (much less do using the user's standard backup and restore process) is kind of ridiculous.
I dont use Signal myself so I’m not inclined to put in the work for that but just wanted to point out that given what you said and the fact that Signal is open source [0] it should then be possible to figure out how they do transfers and adapt that code in order to sync data from Signal on iOS onto your computer. Unless it ties into some feature of iOS itself that provides data transfer between phones in which case it will be more difficult to work out.
I also use Signal but the thing that kills me about it is the lack of RCS support. I love everything on the Signal side but there just is not a realistic way to get people to migrate to it unless they can seamlessly transfer over from Google Messages or the other OEM message apps.
Yeah I just looked into switching to Signal away from WhatsApp after the recent data sharing announcement - but not being able to export/archive messages is a dealbreaking misfeature.
I will not enter important data into any system that I cannot get it out of.
However I really, really hope they can work on a good backup and restore process as losing my message history because I have to reinstall the app on my desktop[1] or have to reset my phone is a horrible experience.
Just build an encrypted blob and zip it up and pop it on my iCloud or Google Drive or leave it local and let me deal with it but I need something. As my Signal use moves from just messages with friends and family to business contacts I need a reliable way to backup my messages!
[1] I should state I mean losing the desktop copy as it starts "fresh" and does not import any messages from the phone.
Edit: I should probably clarify I am talking about the iOS/macOS applications as these are what I use. iOS does have a migration feature but that doesn't help if your phone is lost/damaged. I need a proper backup and restore process as well as the ability to import messages from the phone to the desktop app.