- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Signal has announced new functionality in its upcoming beta releases, allowing users to transfer messages and media when linking their primary Signal device to a new desktop or iPad. This feature offers the choice to carry over chats and the last 45 days of media, or to start fresh with only new messages.
The transfer process is end-to-end encrypted, ensuring privacy. It involves creating a compressed, encrypted archive of your Signal data, which is then sent to the new device via Signal’s servers. Despite handling the transfer, the servers cannot access the message content due to the encryption.
With the introduction of a cross-platform archive format, Signal is also exploring additional tools for message transfer to new devices or restoration in case of device loss or damage. Users can begin testing this feature soon, with a wider rollout expected in the coming weeks.
You must log in or register to comment.
So is there a signal alternative that is fully open source and not under control of one single company?
Bett as I understand it, it’s still from a company and still locked to the whims of a CEO and I’m done with that.
What’s the best alternative?
Simplex chat is a great alternative. I use both signal and simplex simultaneously
Matrix as a protocol, and the official client is Element.
I’m baffled Signal didn’t support transferring chats… I thought it was supposed to be easier than Matrix
deleted by creator
Finally I can transfer my one and only chat to my PC
I know right. I wish more people used it. It’s nice and simple. No fuss in the way. And especially now with chat transfers. Should be Gucci.
Holy shit no way, basic functionality needed at absolutely all times, in my signal? More likely than you think!
Kudos to the Devs! Maybe time to give this app another shot!
deleted by creator
I think you might be a bit lost
Wrong thread! Oops.
Wrong thread! Oops.
Thanks, I love Signal, but can we get Android tablet linking?
Molly has it.
What’s Molly in this context?
in this context? haha
See the other response to justify that part, heh.
A hardened Signal fork that works with Signal’s servers and adds features I like that Signal doesn’t support.
I heard signal dislikes forks using its server, did molly get approval to do so, or is this based on generosity until signal can ban them?
I heard that too…1ish years ago and Molly still seems to work okay. I would assume by now that Signal knows they exist, so hopefully they’ll keep playing nice.
TIL. Thank you!
A good time 🌚
That’s why “in this context”!
Still a good time in that context 🤭
Fair enough.
I’m still waiting for the day that I can make a full backup of my chats and save it on an external hard drive so that I won’t lose all of my message history when I lose my phone.
I still wait for an option to officially use signal without having to have a proprietary operating system running 😆🥲
And I am waiting for a way to use Signal without it ever touching a smartphone) Right now I have a Graphene phone so I can trust it (so Molly works), but before that my phone (like most phones) did not support any degoogled OS. While the laptop (like most laptops can) was running Linux easily. Yet, you have to either use an Android VM or a frustrating command-line client to register!
Yea, that was what I meant to say with my comment 😄 linux phone gang rise up!
You can on Android. If you have an iPhone you can link using the molly signal fork on an android device and then backup using that.
Oooh interesting! Could you please elaborate / share any resources about this?
Here’s a link to their website https://molly.im/ It also links to their GitHub. If you’d want to backup what you’d do is link molly to your iphone signal instance and then the Android client or molly android client of signal allows you to make local backups on device.
Restoring it back to the iPhone won’t be possible but there’s a backup at least. Or rather maybe with that recent change the article talks about it might be possible in the future but not currently afaik.
This is wonderful, thank you so much!
I’ve been holding off from switching to Android (and getting a GrapheneOS x Pixel phone) because I have 5 years’ worth of messages on Signal on my iPhone… I’ll look into this method for sure
I just set up molly today, along with mollysocket and an ntfy server. Liking it so far, just need to get my friends to migrate…
That’s always the hard part.
You can already do it. I have Signal create daily backups, sync it to my NAS using Syncthing with versioning enabled.
Oh fucking shit, setting this up today
Yeah I’ve been doing this
Unfortunately it seems like some people think that that is neutral.
Original announcement: https://signal.org/blog/a-synchronized-start-for-linked-devices/
Blogs like these drive me fucking crazy: there’s a primary source out there, why not just link to that at the end of your (evidently pointless) opinion piece?
It’s almost like they know their commentary isn’t adding anything and they’re worried we’ll click away immediately.
Maybe OP is following said blog and got their info from there, then thought that it might be worth sharing?
I’m not harping on OP. If they thought it was worth sharing, great.
The people whom I take umbrage with are those who make a blog post that is reporting on a public announcement (E.g. Signal’s news post on their website) without linking to said announcement.
You’re not talking about world events with your reporter on the scene - your entire post is literally “someone else posted something to the internet!”; linking to it is the bare minimum required, if you ask me.
Yay Signal!
This may be out of date, since it’s been a while since I last tested this, but: will Signal on desktop still store media in an easily accessible folder where the only security is the use of random strings to identify each individual media file with the file type extension deleted? So, for example, if you’ve had the desktop Signal client synced with your account for a period of time and have running conversations that include sensitive media, that media can be accessed and viewed without even opening the desktop app (which also, last I tested it, lacks most of the locking/security mechanisms found in the phone versions of Signal).
Most media viewers can open the files without the need for adding the file extension to the end of the filename, albeit you would be browsing the files in a pseudorandom fashion if you didn’t try to sort by date or size.
It is quite a bit out of date luckily. Signal-Desktop already stores data encrypted for quite a while. However it used to store the decryption key right alongside it. Recently (a few month ago) Signal switched to storing the key within the systems keystore, greatly improving security. Also causing a flood of users complaining that the can’t just copy their .config to a new desktop and retain their chat history. This may have prompted the release of this new feature :)
😂and 98% do upvote this old news, it is crazy
Good to know!
Do they allow you to use it without a phone number yet?
You need a phone number to register but then you can create a username and choose to hide your number
Yes. For quite a while now.
Not when I created one a week or two ago. Still requested a phone number before moving to the next step.
Might be dependent on location?
Yeah looks like you still need a number to sign up for an account :(
Ah, sorry, I misunderstood. I thought you were asking if they had usernames that could be used in lieu of a phone number as a contact.
Why is backing up chats so important for people? I see it as an advantage that chat history evaporates eventually. Important information should be stored somewhere where it’s actually easy to find.
because believe it or not, sometimes important information gets mentioned in a normal conversation, and not everyone remembers to add it to their personal self-hosted wiki afterwards.
and some people, including myself, often go back a few years in a chat history to reference something, or reminisce.This the kinda guy who uses terminal history to go back 4 years instead of searching for the command on the arch wiki
I feel personally attacked.
What could actually be easier than CTRL+F the primary source?
People have different opinions about things. Why do you think it’s good to lose chat history?
No records means an adversary can’t pull off an entire lifetime of communication history if a device is compromised. Signal is not the medium in which I’m interested in keeping records.
I see. I just don’t have adversaries, and if they got hold of the memes and inane conversations I have about whose turn it is to pick up the kid from school then good luck to them.
Ehhh, that’s an easy thought.
But what about when your memes point to you being in a group that is now illegal, or oppressed? What if something you said a year ago is now being looked for as a sign of possible opposition?
It’s nice to think “I have nothing to hide”, and for the most part, most people don’t.
But that conversation about who’s picking the kids up from school is enough to help pin down where you’ll be at a given time, when you’ll be apart from your family, it gives an insight into family dynamics, it gives hints as to your personality, and your partner’s.
You stack that with exchanges about groceries, errands, etc, and now anyone who can get access to your measures messages can predict a lot more about you
Since fascism in particular is coming back with a vengeance, your can’t even predict what you’ll be targeted for.
Now, take all of that info, combine it with location data that’s even easier for a government to get, and you’re fucked.
Don’t forget that a woman was arrested because she helped her daughter obtain abortion pills. They got the info via Facebook, but with the messages being gone would have prevented that, or made it much harder.
This is the world we live in now. None of us are safe, none of us can rely on the rule of law. It’s rolling the dice as to what can be used against you.
Same topics here, which is exactly why I have no use for archiving chats.
Why? That stuff is literally your life, it’s absurd to toss it in the void.
If you don’t have adversaries then why not use SMS? Though this just ends up with the tired old “if you have nothing to hide” argument that I’m not really interested in repeating.
Those examples also don’t sound like things you’ll need to look up months or years down the line, either. So why not just let them fade away?
SMS is inconvenient and expensive and I can’t really send SMS messages from desktop. I use IM because it’s more convenient, not because it’s more secure, though it’s a neat bonus.
And why would you not be looking that up months or years down the line? Why would you want to trash it?
And why would you not be looking that up months or years down the line?
I use signal for real time communication. Which is mostly casual bullshit or organizing. What exactly would I want to look up beyond say a week’s time? In-person and phone conversations fade away all the same.
Why would you want to trash it?
Because I don’t want someone going over long-term records of my chats if my devices are ever compromised. I consider those conversations private and would rather they were forgotten than leaked.
What exactly would I want to look up beyond say a week’s time?
Uhm, anything and everything? Like what “casual bullshit” you were up to or what you were “organising”?
In-person and phone conversations fade away all the same.
So you don’t even wish you could preserve those?
That’s crazy to me how different some people’s idea of social relations is. Well you do you! Thanks for explaining!
I got a few people to switch from SMS to Signal because they’re on iPhones, I’m on Android, and they love sending me videos that end up totally unwatchable via MMS.
The “nothing to hide” thing is a bad argument, IMO. I’ve got nothing to hide, but I lock the bathroom door when I go in there.
Sometimes it’s been useful to go back through a chat history and find something someone said in the past. A group I’m in regularly rings up old references from a year before. I like it.
I’m a bit of a digital hoarder though. I keep blurry photos from years ago, no clue why.
They would have to have access to your account though? By that same logic whatever you do keep records in could be compromised all the same. Actually far more likely to just be lost due to hardware failure.
Should be, but sometimes it just isn’t. I’ve definitely had plenty of times where I was like, oh shit, the only place I have that information is in this chat somewhere.
Other people, kind of like me, are just data hoarders. Just because I can’t think of a use of the data now, doesn’t mean I won’t be able to think of one in the future! I have piles of old inboxes in my archives.
Convenience mostly, privacy needs to be convenient and easy for people, otherwise no one uses the tools.
This absolutely expands the threat surface in a few different ways though. It’s relatively low stakes, but it’s non zero. I have not dug into the implementation but I am curious how this doesn’t technically violate forward secrecy. A single session key will ostensibly be used to encrypt the entire session key database? Which means if that key is compromised in transit then the entire key history is compromised. Using the long term secret directly for data in transit is definitely not compliant either.
Surely when the chats are on-device they are not encrypted, or encrypted separately with an unrelated secret in storage which can be passed to another device?
You have no S.O. or friends you’d want to look back on chats with from 2-5 years ago to reminisce about how you met or something you did?
What do you even use messengers for then?
(I am genuinely curious this is not meant to sound so patronising)
No looking back.
On my side, messengers are used for daily communication, info, memes and such.
Memories are made in person or via video calls having coffee, drinking. My family and friends are scattered all over so we often drink via Signal, sync the music we listen to on both sides… All night long. 🪗 😁
Interested about video calls - do you record them as well for looking back?
No, I don’t do video calls personally other than at work.
But the vast majority of communication when not IRL to me is text so that makes sense to preserve, even info, daily communication and memes, just the kind of day to day stuff you wouldn’t “make memories” of but might want to look back on someday anyway.
I pretty regularly end up looking back on that stuff one way or another too, either just literally reminiscing or to check something or whatever.
It’s come in extremely useful, fun and has no real downsides. I can’t even imagine not doing it. Like going somewhere and not even taking a picture. What if you forget it ever happened?
How do you even build a narrative of your life? What do you do about things you forget or forget the details of like when it happened etc.?
Many times I thought something happened in e.g. January only to be proven wrong by looking up messages from that time and be proven wrong, naturally as human memory is pretty shite for the most part.
I find the idea of reminiscing over instant messages funny. Different strokes I guess.
Why?
Recently me and my gf were reminiscing about how we met and what we talked about first, since we have many common interests and we got along really well on our first date, it was interesting to go and actually look up what it was we talked about then because we couldn’t agree on what it was.
Was a shame we didn’t have our very very first messages from OkCupid but at least we had our WhatsApp and Telegram history.
On another occasion, a friend of mine was feeling nostalgic for a time we were playing through RE6 together, and I was able to go back in our chat history and find the memes we made about it at the time, full of in-jokes and whatnot and screencaps, which really cheered him up and was just fun to reminisce.
Another time I had an argument with some friends over which year we went to see A Wonderful Life in the cinema, and whether it was 2023 or 2024 and that was nice to have messages from that time to refer to and we ended up remembering a small adventure we had the same day and laugh about it.
Or what about a nice heart to heart you had? What about something kind a friend said that cheered you up you want to see again? What about some good advice someone gave you once that could come in handy now?
What about that one funny video you can only remember one bit from but you remember who you sent it to? or a song or whatever?
What about raising an issue with your partner over something bad they do and being able to directly quote examples?
Heck I used my messages from the time I moved to a new flat figure out what day I actually moved in, since the tenancy agreement was on some old portal I had no access to anymore and I needed to know the day I moved for address history on a visa application.
I guess if you’re older, you probably don’t have a lot of friends who have a phone/computer or text? To be honest I’m kind of baffled, what do you even reminisce on, if not experiences shared with others? Or do you just not like having a record of memories?
I use disappearing messages no longer than a week for all my Signal chats. Pretty surprised everyone’s out here keeping long records over this medium.
Why?
Being able to back up and then encrypt the messages on cold storage for when I may need to go back through an old conversation doesn’t negate something like disappearing messages.
It’s the best of both worlds, messages go away over time so if you lose your phone / it’s compromised, you don’t give up the goose, but you also have a nice safe stored version in the off chance you need it.
The danger imo isn’t in having the messages at all, it’s more about how, when they are just on your phone or whatever, they are generally not locked down.
When they gonna allow sign up without a phone number. Or allow federation with 3rd party signal severs. Or allow sign up without a phone number that’s linked to ur real identity by law in most countries.
The more I learn about signal the less I trust them.
The day security researchers say Signal is bad is the day I’ll stop using it. Until then, it’s the best option we have that both provides both great privacy and UX. The only thing that comes close - and it still has a ways to go - is SimpleX, but it’s basically a signal fork and it’s devs still support Signal.
SimpleX is not a Signal fork. It is it’s own protocol, service and app. It just utilizes Signal protocol for encryption like every good e2e encrypted messenger out there.
SimpleX allows anonymous identity, federation between servers and still a good UX.
You’re right! not sure why I thought SimpleX was a fork, it’s definitely just using the Signal protocol. Thanks for the clarification. That said, I would objectively state the UX needs some work to get to where Signal is at. SimpleX is oddly both easy to use but confusing and unreliable. I’ve been using it for a little over a year now and very often messages just stop getting delivered or received, forcing a fall back to Signal.
SimpleX is still very promising and more secure than Signal if your threat model necessitates it, but I continue to champion Signal for its ease of use, reliability, and security compared to more mainstream messengers.
Security researchers always look at a specific thing, usually the encryption only. The message encryption of Signal is great, the problem is all the rest of it that never gets scrutinized that closely.
Yeah. For me, Signal’s security benefits are counteracted by various other usability issues. Such as not being feature-complete on desktop and not even allowing registration there without workarounds - given that phones are very privacy-invasive by default and far from all can have a privacy-respecting OS installed (while Linux works on pretty much any random computer). Or even on mobile - pushing the user towards Google download with dark patterns, not being on F-Droid, or (at least in my experience) the official app not working at all on my Graphene device (Molly worked perfectly though). Also, from what I’ve seen, even if you don’t mind losing connectivity with other users and would only converse with people on your server anyway (like how I do with my family on XMPP), selfhosting Signal is really hard compared to XMPP, Simplex or even Matrix, even requiring modifying the client app.
the official app not working at all on my Graphene device
FWIW, I just installed Graphene on a Pixel 8a yesterday, downloaded the Signal apk from their website, and haven’t had any issues with it so far. I also learned that you can get it through Fdroid if you add the Guardian Project repository.
IDK if this has been fixed, but this summer I was unable to register - it was stuck in a loop warning about lacking Google services (even though it is supposed to work without them, so maybe a coincidence).
Also didn’t know about Guardian’s repo having it, that’s awesome!
Why not use SimpleX then? You mention it but provide no real reason to use Signal over SimpleX
Privacy and security is all about threat modeling. Signal meets 100% of the security needs of everyone I communicate with in my region of the world. There’s no need (especially now that you can hide phone numbers) for the added security benefits of SimpleX.
Additionally, my experience in using SimpleX over the last year+ is that message delivery is not reliable yet. This has forced me and the few people I’ve been testing it with to fall back to Signal multiple times. Because of these reliability issues and lacking UX, I don’t feel comfortable pushing it on others, knowing the tolerance level is low for message delivery failures and UX that isn’t yet up to par with other messaging apps.
I use Simplex and overall happy with it, but since it is so new, would rather not go all-in. It is VC-backed so might eventually enshittify to make a profit.
I thought it was open source? Presumably a FOSS project can’t go too bad.
Yeah, it absolutely is. But just being FOSS does not guarantee that its development would be forked in a sufficient way should something bad happen. Especially since they use Haskell, and I heard that it is not very common thus decreasing the survival chances. Sure hope it is cool enough to still warrant a fork, though.
Hey u still use signal I’m not saying to stop using it I’m simply saying just cos its better than the alternatives doesn’t mean we shouldn’t demand better.
The signal encryption is provably secure that’s what the researchers analyse. The metadata is a separate story.
I’m not bagging on signal, here, since I use it too. But what about xmpp? It does e2ee, right?
XMPP basically uses the same end to end encyption method as Signal, but due to it not being mandatory some things are easier but come with the footgun that you can accidentially disable it (but it is enabled by default in most modern xmpp clients).
Otherwise: since XMPP federates more servers can theoretically see some metadata, but since most servers are small and community run there isn’t a single big target like with Signal where you can siphon off all the metadata. So you can make arguments for both. XMPP: more meta data but decentralized, Signal: less metadata but all in one place.
XMPP has been an option for decades, if your contacts aren’t using it by now, they arent going to. And with communications tools, both parties have to agree on a tool. Even if one party doesn’t care about privacy or security.
Raw brute force security isn’t the point most of the time, and ease of use and simplicity of setup are going to be major factors in adoption. Signal is much easier to get started with for most people than XMPP.
Yeah. If the contact would be installing a whole new client to communicate with you anyway, why not make it an XMPP one? I got my mom to use it like this.
I did hear that the implementation of the encryption isn’t as good as in Signal (and most clients also use an older version of it), but from my understanding - not in any way critically so.
XMPP only does message encryption. Signal has spent tons of engineering time and effort to minimize the collection of metadata, not just encryption of message content.
Yeah, true! However, you also have to trust their server not to log what is available to them (including your whole social graph), while with XMPP you can SSH into your server and see that its retention is exactly as you expected. But yeah, the issue remains when interacting with other servers - tho even then there the data is more evenly distributed between different servers with different owners.
What about threema?
