[HN Gopher] Signal WhatsApp Chats Import ___________________________________________________________________ Signal WhatsApp Chats Import Author : janisz Score : 619 points Date : 2021-01-08 16:18 UTC (6 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | alecco wrote: | I want more features but first I donated. Also they are | struggling with the sudden spike so their costs must be climbing. | I couldn't add an attachment last night but they managed to fix | it later. | | https://signal.org/donate/ | Aissen wrote: | Since this is a feature request, it would be nice to the project | to change the link to their community feature request: | | https://community.signalusers.org/t/migrate-from-whatsapp/10... | tsjq wrote: | but . . . what about WhatsApp's End-to-End Encryption ? :( | evgen wrote: | The person doing the import is one of the ends in that E2E | chain... | pmlnr wrote: | Heh? | | Your - your device - is one of the "End" in End-to-End | Encryption. | beefee wrote: | Why does Signal require a phone number, after all these years? | It's a gigantic red flag that they unnecessarily require a tie-in | to the primary governmental communication surveillance system. | I've seen multiple attempted explanations, but nothing | convincing. | twobitshifter wrote: | I think it's for contact discovery. I agree that it would be | better to have it not be tied to another system. However, | sharing your new ID is a source of friction for messaging apps | and everyone wants to grow their app as quickly as possible. | sim_card_map wrote: | Signal is not an open alternative. | | It's not federated, but most importantly, they don't allow 3rd | party clients: | | https://github.com/LibreSignal/LibreSignal/issues/37#issueco... | | So you are stuck with their Electron junk without any options. | | Matrix should be promoted as an open alternative instead. | dopu wrote: | Are these things so important that we should give up the easier | maintainability (and potentially, security) that comes from | centralization and the standardization of user clients? I | absolutely think projects like Matrix are worthwhile, but it | seems foolish to me to argue that there are no benefits that | come from doing things the way Signal does. Besides, as sexy as | decentralization is, in the wild it is not really practiced. | Mastodon is decentralized, but last I heard ~50% of users were | on 3 nodes [0]. I'm assuming it's a similar situation for | Matrix. | | [0]: https://rosenzweig.io/blog/the-federation-fallacy.html | Asraelite wrote: | In my opinion an ideal position is somewhere between the two | extremes - promote the use of a single official client and | server and let 99% of users use just that, but allow the | development of alternatives for those that want them. | | There are more possible stances than just "we disallow third | party clients" and "we strongly encourage third party | clients". | fsflover wrote: | Federation is not an extreme, it's the only choice | sustainable in the long term. Where will Signal get money | to support, say, 1 billion people? It's just another walled | garden. Telegram is already starting to show ads for this | reason. | juniperplant wrote: | Which is what Telegram does. | | Still, I would like to see proper use of encryption by | Telegram. Secret chats have no meaning if no one uses them. | Evidlo wrote: | > Mastodon is decentralized, but last I heard ~50% of users | were on 3 nodes | | I would argue that the user distribution does not matter. | What's important is eliminating network effects, which you | get with federation. | | I think most people would consider email a successful | federated service, and yet far more than half of users are | only on the biggest three servers. | | https://www.zdnet.com/article/whos-the-biggest-u-s-e-mail- | se... | FreakyT wrote: | The issue with Signal that annoys me most is the complete lack of | any meaningful backup/export on iOS. I lost my entire chat | history when I got a new phone because their bizarre "proximity | based" solution failed. | tdons wrote: | Why is keeping a chat history important? I don't take notes of | IRL conversation I have, they're ephemeral. | | Not trolling, honestly curious :-) | qznc wrote: | Still annoying is that all groups disappear. Only once | someone else writes something, they are available again. | colordrops wrote: | I believe it's because they are not stored on a server. | They only disappear if you delete all the messages. I | suppose it could keep an index of groups locally to the | phone though. | Lutger wrote: | Some people use chat software for more than just chitchatting | and want the history as a memory. | | This is the reason why mattermost exists - the devs lost | their chat history of some enterprise solution and thought: | never again. So they created mattermost. | beezle wrote: | This. Signal devs should understand that different people | have different use cases as well as different tolerances | for (theoretical) secrecy/privacy. Some convos/groups are | worth keeping history for, others probably not. Signal does | not have anyway to know which so should let the user decide | and allow for an easy(ier) backup/restore option. | solstice wrote: | You imply that they don't understand this. Are you sure | this is the case? It could be that their priorities are | simply elsewhere. Things will take time, even with | funding because any crypto/security mistake will be so | incredibly more damaging for them than for any other | software shop. This goes especially for conversation | backups. | jonahx wrote: | > I don't take notes of IRL conversation I have, they're | ephemeral. | | Fairer analogy: If you could search transcripts of your IRL | conversations at no additional cost (no notetaking), would | you? | | I think most people would say yes. | tonyztan wrote: | That is a liability. Imagine if every word you have ever | uttered to anyone is permanently recorded and can be used | against you any time in the future, forever. | godelski wrote: | Take Twitter and remove even more context from a 10 year | old comment. | eat_veggies wrote: | They're different mediums with different expectations of | ephemerality. Chat history sits somewhere between speaking | IRL and sending letters (but to be clear, is not a simple | combination; it's its own thing) and nobody burns their | letters when they move to a new house. | | People _do_ burn their letters for valid reasons (or use more | naturally ephemeral media like phone calls, talking IRL, or | Signal 's disappearing messages) but those reasons are | orthogonal to moving house or getting a new phone. | | In any case, if people want to save chat history, the | appropriate response is to support that requirement rather | than to tell users that no, we've decided that they actually | do not want to do that. | officeplant wrote: | >nobody burns their letters when they move to a new house | | Actually that's usually when I finally make the effort to | burn old mail that I can't just throw away. (insurance | payment paperwork, credit card bills, etc) | | Maybe I should invest in a shredder. | saurik wrote: | ... particularly given that Signal _does_ have this feature | --maybe not as smooth or easy as it should be, but still | totally functional--on Android; so it isn 't even a | consistent argument that "we've decided they actually do | not want to do that"! | FreakyT wrote: | I see it like more like email history (I don't really delete | emails either) -- if someone sent me something, I like to be | able to reference it later. It's not something I do super | often, but it's nice to be able to do. | smarx007 wrote: | I actually try to take paper notes of almost all IRL/online | meetings I take part in :) | godelski wrote: | Serious question, really? Like when you're just having | beers with your friends? Why? Does it make your friends | feel uncomfortable? What's the benefit to you? | smarx007 wrote: | I mean work/project meetings, not "social gatherings". | Essentially, when an encounter serves more that just a | social purpose and information is shared, I either want a | record of that meeting (information) to be kept or for | that meeting not to take place at all if there is nothing | noteworthy (again, does not apply to meetings that have a | predominantly social function). | godelski wrote: | Okay that I get, but I don't understand recording every | text since that's more akin to recording social | gatherings and private conversations. | toomuchtodo wrote: | Accountability and history. I have decades of email history, | I'd like the same for my chats. | karakanb wrote: | For me, they literally mean "history". Some conversation with | a friend who passed away, chats with an ex-lover, remembering | school years, tons of memories. I believe at this point those | messages are an important part of my past. | | In other words, if I had a chance to record, search and | navigate through real life conversations, I would have done | that too; it is way better to have records than to try to | remember things. | solstice wrote: | I totally understand what you mean and I also frequently | look up older conversations to enjoy again the in-jokes, | banter and actually useful information of my chats. | | However to avoid 1) having to manually delete things and 2) | accumulating hundreds of megabytes of messages and 3) to | not be swamped by months and years of "can you call?", | "alright, see you later" and other ultimately meaningless | stuff, I have conversations in Signal with my frequent | interlocutors set to expire after a month. | | To save things, I currently simply screenshot the relevant | parts of the conversation or forward them to my "Notes to | myself" thingy for later. It's a bit manual, but at least | it's simple to remember: what I don't actively save | disappears. Screenshots leave out audio messages and gifs | (to a certain extend) but it is at least something. (And I | just realised that with Signal it's actually possible to | download individual audio messages and video so that a | later reconstitution is possible if tedious.) | | However, what would be great is to indeed have a way to | backup messages including stickers, audio, videos etc. in a | more high-fidelity way to relive important converations. | godelski wrote: | Personally all I want is a way to save specific messages. | Like my friend recently sent me a recipe. That's nice to | save. Everything else I'm fine cutting off at like 500 | messages or something. I guess a lot of this saving | doesn't bother me because back in the T9ing days you | couldn't save many messages and no one batted an eye. I'm | surprised at the major paradigm shift, but also most | communication happens through text now which is also | interesting. | costsNall wrote: | As someone who has saved no chat logs, and just deleted | pics, letters, and such from a long gone marriage; IMO, | they're not that important. | | In fact, shedding that memory shed cognitive distraction I | did not know I had. | | If I want to connect to people I do it here and now. | Talking to the past in my head is unhealthy. | [deleted] | Forbo wrote: | I vouched for your comment, because your experience is | still a valid data point. | | As a counter to that, I lost a close friend to suicide. | It was really good to be able to reflect back on the | conversations we had and relive the lighter moments we | shared together. I agree that dwelling on those things | can be unhealthy, but they can also be a valuable part of | the healing process. | costsNall wrote: | Sorry to hear that. | | I went through the same in my 20s, grieved and moved on. | | For what ever reason, reconnecting to it just makes me | mad and depressed now. He's not dealing with | environmental collapse, political unrest, economic | inequality, racism... | | I find leaning into my anger over reality now leads me to | be more productive than ennui over people no longer | around to concern themselves with those issues. | Daniel_sk wrote: | Same here. Emails are much more important to keep. | saurik wrote: | Great for you. I happen to have spent my life talking to | people using messaging apps instead of email, including | business contacts and family. If you think your email is | somehow valuable and my instant messaging logs aren't, | that feels quite a bit insulting. | eat_veggies wrote: | The key is that the decision (and timing) to move on and | delete those pics and letters should be the user's | choice, not the platform's. | lotsofpulp wrote: | I just saved an hour or more of work by looking up a | conversation I had in Oct 2020. | m463 wrote: | It depends on what type of person you are. | | Some people are nostalgic and find great comfort in something | like a chat history or a photo album (sometimes they're | almost one and the same) | | Nobody really needs it. Arguably it might be a burden or an | impediment to growth. | grishka wrote: | I just never delete messages. Chat histories are an integral | part of my past, and my past is what makes me, me. | | That said, I deleted my WhatsApp account today just because | some organizations assumed that this was an acceptable and | convenient way of reaching me if I gave them my phone number. | Didn't use it much anyway. | nelsonenzo wrote: | a ton of useful conversations and media from my wife while we | were waiting for her US Visa, and other family matters. | AnonC wrote: | Do you take photos and keep those around or you just don't | use cameras? If you do preserve photos, why? Before cameras | were invented, most people (who couldn't paint or pay a | painter) had experiences and events only in their memories. | You could follow that for photos and videos too. Or get a | camera that shows the photo you took for a few seconds and | then erase it permanently. | | I'm not trolling either. The point is not whether you value | something to look back on in the future or not. It's that a | lot of people value that and would use a service that aligns | with those needs. Chats can also have photos and videos that | someone else shared. It's not easy or clear to many people | that they should save or offload those from an (unreliable) | chat app if they want to look back at those later. | prophesi wrote: | What went wrong with their local device transfer solution? | Asking as I'm on iOS and have yet to get a new phone. | noja wrote: | Nothing is wrong with it. There was a bug and they fixed it: | https://github.com/signalapp/Signal-iOS/issues/4623 | FreakyT wrote: | Their solution (as documented here: | https://support.signal.org/hc/en- | us/articles/360007059752-Ba...) requires that you place the | devices "nearby" and wait for them to detect one another. For | whatever reason, neither phone ever "saw" the other one | (despite them being on the same network and physically next | to one another). I tried this about 10 times before I finally | gave up. (iPhone SE / iPhone 12 Pro) | | What made it more irritating was that you only get one "phone | detection" attempt per account transfer process, and you're | rate-limited on the server side, so I got soft-banned for 24 | hours after several attempts. | tricolon wrote: | Have you contacted their support? I did, and they informed | me they'd fixed the bug in the app update that was | published _the next day_. It might have been a coincidence, | but at the very least they were responsive and | knowledgeable. | | (I had the same issue migrating from an iPhone SE to an | iPhone 12 mini.) | moxie wrote: | Yeah, bummer. There were some iOS 14 changes that made this | stop working as reliably, which was unfortunately right | around the time people were getting new devices. It should | be better now, and we're working on more stuff in this | area. | pgalvin wrote: | With respect, as I otherwise feel you've made an amazing | app on Android and iOS, why do you allow local backups to | internal storage on Android but not iOS? | | Enabling a backup on iOS, even if buried in advanced | settings, that lets me export an encrypted .zip (for | example, similar to Android) to my internal storage via | the Files app would be tremendous. As it stands, I lost a | very large amount of message history when an old iPhone | broke. | | I totally understand your reasons for not enabling iCloud | backup, but why not a local encrypted backup via the | Files app, just like Android? | | Even if you feel this goes against your ethos, though I | do not understand why that would only apply to iOS, it | would be far better to go through a few warning messages | and back up my messages than to lose years of | conversations with a friend or partner who passed away. | There's hundreds upon hundreds of anecdotal stories where | people value this or were burned by Signal on iOS, so | clearly it is important to a large part of your existing | and also potential userbase. | gaius_baltar wrote: | I'm just curious why this feature exists in Android, but not | iOS. Maybe due to some stupid Apple Store rule? | proactivesvcs wrote: | From what I've read on the forums, by the developers, is that | the backup and restore process on Android has been a | technical nightmare for them and it's fragile as it is. I | presume that since they have limited resources they can only | put so much effort into adding the feature to iOS (and | improving it on Android) and have been concentrating on | improved groups, group calling, Desktop calling, user name | support, etc. | saurik wrote: | There definitely isn't an App Store rule against making your | content backup-able: almost all other apps--and notably | WhatsApp--have support for this in some way (if not the | standard way). (If anything, I am surprised that Apple | doesn't make "backup and restore via at least an iTunes | encrypted backup correctly replicates your data" a | requirement, given how it hurts their ability to sell new | phones and undermines their own work making this seamless.) | alerighi wrote: | Really, this. And this is the problem that I have also with | WhatsApp: i lost all my messages when transitioning between | Android to iOS since the backup of Android (that is just a dump | of the database) is not compatible to the one of iOS. | | At the other side there is Telegram, where the conversation are | saved on the cloud, which is great, but everyone can delete or | edit a message even years after it was sent! And thus even on | Telegram you need backups (with is inconvenient, but can be | avoided with a script that exports all your conversation | scheduled to run every once in a while) | | I would actually use Signal (or whatever other application) if | they would have a simple way to export and also import | messages. Best thing would obviously be to make a standard | interoperable, at least shared by open source applications, | like is done with the mailbox format for emails, so you can | take your chat, export them, and import them on another system | if you want to migrate from one to another. | amelius wrote: | They could use Whatsapp's Web interface to extract the data | (including images/videos). A browser extension or a bookmarklet | could do the actual work. | antirez wrote: | That's funny. People use Whatsapp because outside US and Asia is | the worldwide de facto standard for messaging. The new TOS does | not state that Whatsapp is going to read your messages, actually | even the non-techo-savvy population in Europe _knows_ that | Whatsapp uses end-to-end encryption (they just know that "it | cannot be intercepted"), so they use it for good reasons, and | will continue to do so, because 99% of people don't give a shit | about Facebook sealing your profile image and list of contacts or | stuff like that. So it's not going to happen that there is a mass | move outside of Whatsapp anytime soon. I also find very curious | that people are concerned with that, but not with the fact that | Facebook and Twitter can decide who can talk and who not, to te | extend that one person can be the president of US but not writing | his thoughts on social networks. You will hardly find somebody | more against Trump than me, but that's not the point, the point | is that is a lot more concerning that social network owners can | decide what "free speech" is. | simonebrunozzi wrote: | > So it's not going to happen that there is a mass move outside | of Whatsapp anytime soon. | | I (sadly) agree with you on this. (Ciao Salvatore) | | I'm surprised you're being downvoted, is it possibly because of | the reference to the current POTUS being "silenced" on Twitter | (despite you later state that you're anti-Trump)? | | Anyway, I believe you're incorrect on your stance on the new | TOS, but I'm studying it more now because I am also a bit | confused and I've read conflicting interpretations. | | Edit: part of the confusion might stem from the fact that TOS | in Europe do not include the data-sharing part with Facebook, | which is instead included elsewhere [0] | | (HN user antirez is based in Europe, not in the US) | | [0]: | https://twitter.com/NiamhSweeneyNYC/status/13471849630163394... | actuator wrote: | Regarding your other point, while you are theoretically right | that this is a dangerous precedent. | | But I think this week's events were extraordinary. At the end | of the day humans are running these platforms and it becomes | very hard to ignore developments like these. As much as I love | free speech we have seen throughout the world that there is a | real human cost to not censoring these things. | antirez wrote: | I agree that it was extraordinary and extremely worrying, | but: | | + Trump is not running out of channels to speak, just who | supports him will believe he is censored and will develop a | deeper attachment to him. Democracy works when you are able | to understand somebody is fool even if you can read what they | write. | | + Twitter censored his tweets partially even before what | happened recently. When he claimed he didn't lost elections. | | + This time we believe it was acceptable because our | political views here in HN, mostly are aligned with the ones | of folks running social platforms. Next time it may be | different. | dragonwriter wrote: | > This time we believe it was acceptable because our | political views here in HN, mostly are aligned with the | ones of folks running social platform | | There's different types of acceptable that get confused | (for some people they may be equivalent, but the problem is | that they fail to recognize that for other people they are | distinct, and also that they fail to realize that making | them equivalent is the essence of totalitarian control), | specifically: | | "Is it right that the private actor makes this decision?" | | vs. | | "Is it right that the private actor _is free_ to make this | decision?" | | Twitter has made several curation decisions I thought were | not acceptable in the first sense, because my political | views _are not_ aligned with Twitter 's, such as deciding | to lift the rules applicable to most participants from | those that met a new leadership position test in response | to widespread complaints about Trump's routine violations | early in its term. | | But I don't find those decisions unacceptable in the | _second_ sense because I believe in freedom.of speech and | the press, which exactly means that Twitter ought to be | free to decide on what content it will carry, including | whether and how to take the social position of the source | of the content into account. | actuator wrote: | > Trump is not running out of channels to speak, just who | supports him will believe he is censored and will develop a | deeper attachment to him. Democracy works when you are able | to understand somebody is fool even if you can read what | they write. | | Yeah, but what we have seen in social media is that the | discourse gets polarized. Everyone hangs around in | groups/channels/subreddits/blogs that are of the side they | identify with. They are echo chambers which shape their own | reality in many ways. So people often tend to believe one | version of the events. Over the years we have seen | fractures between ideologies grow deeper. So, I am not sure | if this strategy works. | | > This time we believe it was acceptable because our | political views here in HN, mostly are aligned with the | ones of folks running social platforms. Next time it may be | different. | | Completely agree on this. It is definitely dangerous. | dotdi wrote: | My dude, the new TOS stipulate that "you grant WhatsApp a | royalty-free, transferable license to use, reproduce and derive | works from data you upload, send, ..."[0], which makes no sense | at all if WhatsApp/Facebook did not have a way to decrypt the | things people send via WhatsApp. | | [0]: | https://twitter.com/FSFTamilnadu/status/1346864102698754050 | antirez wrote: | I think that the TOS is just terribly written and opaque, and | that in the next weeks we will receive clarifications about | the fact messages are protected. Otherwise if it will be the | case that FB can read messages, the matter will be very | different and I will agree on the switch. But so far to imply | this looks far fetched. | dotdi wrote: | Even without that, all the metadata which is now shared | with FB and Cambridge Analytica Friends is as sensitive as | the actual transferred data. Contact lists and phone | numbers are going to be correlated to Facebook profiles, | messaging patterns mined, etc. | | It's about time people rise up and oppose this | exploitation. | temptemptemp111 wrote: | One can reliably scroll to the bottom of the comments section | to get higher quality comments. Thanks censorship for ordering | the world (albeit inverted;) | LolTwo wrote: | That is DEFINITELY a serious problem. | | Personally, I want to see more people using Matrix because it | solves that exact problem, but before that can happen I think | we need a really, really good, easy to use client for it that's | less like a Slack/Discord clone and more similar to something | like FB Messenger, WhatsApp, Signal, Etc. | actuator wrote: | Just a correction antirez. WhatsApp is extremely big in Asia | too, specially South Asia. | antirez wrote: | Thanks! I was still thinking that Line and Wechat entirely | dominated the Asian market. | kondu wrote: | You were partially correct: wechat is big in China, | Whatsapp is big in the Indian subcontinent | simonebrunozzi wrote: | And really big in SE Asia, AFAIR. | angry_octet wrote: | Spending the weekend building Signal for iOS so I can try to dump | message contents before I send an iPhone in to Apple. Just | astounding that there is deliberately no way to backup messages | (which has be available on Android for some time). Definite love- | hate relationship with users, which I fully reciprocate. | | So great job getting WhatsApp import working. But too bad you | can't export anything from Signal. Dark patterns ahoy. | faitswulff wrote: | It's not working. This is just a link to renewed discussion on | a closed issue. | elaus wrote: | It's really annoying that WhatsApp chat export isn't available in | Germany. I used to export my chats as backup and for creating fun | stats for group chats with friends, but that feature got removed | about a year ago. | | I haven't found a way to circumvent this restriction. There were | some tricks like installing a modified Russion WhatsApp APK but | that risk didn't seem worth it. | 4814 wrote: | Faced the same problem a couple weeks ago. I ended up paying | for this chrome extension which crawls them from the web client | and worked for me: | https://chrome.google.com/webstore/detail/backup-whatsapp-ch... | | A shame that WhatsApp had to remove that feature. | plibither8 wrote: | Was there any reason provided for the removal? I think it | should in fact be essential in EU where they must follow. GDPR | regulations and allow users to export their data easily. | looperhacks wrote: | Chat history isn't stored server side, so gdpr doesn't apply | here. | Aachen wrote: | I always wondered about that. If a closed source app keeps | my data in their silo, but I own the hardware their | software runs on, I can't do anything with GDPR? Aren't | they the controller if they run the software? | plibither8 wrote: | Exactly. We're not owners of that data, they are. Should | be an extension of the regulations IMHO. | Aachen wrote: | That's also my "HO" but I was more wondering how to | interpret this from a legal perspective. I've read large | parts of the GDPR law but don't (at least off the top of | my head) remember anything that would say either way. | elaus wrote: | There is a pending patent dispute with Blackberry and a | German court ordered them to remove the chat export for | German users. | Merman_Mike wrote: | For anyone curious, some googling found me this: | | https://github.com/signalapp/Signal- | Android/issues/1014#issu... | | > This feature is unavailable in Germany due to patent | concerns: | | > https://www.teltarif.de/whatsapp-chat-exportieren- | iphone/new... (article in German) | kangalioo wrote: | For anyone wondering about the specifics: | | "For example, there was a dispute about whether Whatsapp | uses a technology that Blackberry holds a patent on when | sending a chat history to a third party via email." | | (translated via Deepl, source https://t3n.de/news/gericht- | verbietet-apps-whatsapp-1231364/) | | The actual legal claims are in this document: | http://docs.dpaq.de/13322-031127684372.pdf | gaius_baltar wrote: | > There is a pending patent dispute with Blackberry and a | German court ordered them to remove the chat export for | German users. | | A patent on backup up files?! Oh frak this system is broken | beyond repair... | IkmoIkmo wrote: | It was just the last 10k lines right? That used to just be a | few months of backup chats with my girlfriend. I'd have to have | made about 20 different backups (and somehow time them right) | over time and pieced them together to get a full picture. And | then it'd still be text-only. | huangc10 wrote: | Can this import my friends as well? | princevegeta89 wrote: | I have a UI issue with signal, but other than that I think the | app is rock solid. I openly write and send passwords and credit | card numbers to my wife from time to time. | | The interface can look better, and it would be great if it can | automatically backup all messages and media to the cloud and | encrypt it. There is also this annoying "verify pin" popup that | shows up once in a while. | soneca wrote: | It is cool that this exists, but losing WhatsApp chat history is | common enough (changing from Android to iOS, failing to keep | backup up to date then buying new phone, losing, having it | stolen, etc) that I don't think it is a relevant barrier for | changing apps. | plibither8 wrote: | I seriously can't understand why a billion dollar company with | hundreds of engineers can't and won't prioritize the abilitynto | seamlessly transfer messages cross-OS. Its been years since the | need for such a "feature", when it shouldn't even be a | "feature" in the first place, it should be baked in! | soneca wrote: | I agree. It should not be that seamless since it needs | explicit consent to break end-to-end encryption. But to force | you to use iCloud or Google Drive for backup is weird. They | should have a proprietary format and hosting for it. | juniperplant wrote: | There's even a third-party software that is able to do this: | https://www.backuptrans.com/android-whatsapp-to-iphone- | trans... | | I've used it myself. | dddw wrote: | That looks pretty dubious | moxie wrote: | A lot has changed since 2014, and this might actually be possible | now. It could be tough to do this right and figure out what to do | with the edge cases like importing a WA conversation that | overlaps with an existing Signal conversation, or handling things | like quoted replies, but this could be a fun project if anyone | here wants to take a shot at coding it up. | dribblecup wrote: | There are lots of ways to export like this | https://github.com/SoftwareArtisan/signal-backup-exporter | FreakyT wrote: | Seems like that only works on older versions? (The readme notes | "55 or prior") | satysin wrote: | I have been using Signal for two years now and I love it. | | However I really, _really_ hope they can work on a good backup | and restore process as losing my message history because I have | to reinstall the app on my desktop[1] or have to reset my phone | is a _horrible_ experience. | | Just build an encrypted blob and zip it up and pop it on my | iCloud or Google Drive or leave it local and let me deal with it | but I need _something_. As my Signal use moves from just messages | with friends and family to business contacts I _need_ a reliable | way to backup my messages! | | [1] I should state I mean losing the desktop copy as it starts | "fresh" and does not import any messages from the phone. | | Edit: I should probably clarify I am talking about the iOS/macOS | applications as these are what I use. iOS does have a migration | feature but that doesn't help if your phone is lost/damaged. I | need a _proper_ backup and restore process as well as the ability | to import messages from the phone to the desktop app. | FreakyT wrote: | Exactly! The lack of this feature is completely baffling. | bertmuthalaly wrote: | On iOS now, if you're setting up a new device, Signal will | prompt you to transfer your messages from your old device. | | Not exactly a backup feature but it covers one use case (I | don't want to lose my chat history when I switch devices). | codetrotter wrote: | I dont use Signal myself so I'm not inclined to put in the | work for that but just wanted to point out that given what | you said and the fact that Signal is open source [0] it | should then be possible to figure out how they do transfers | and adapt that code in order to sync data from Signal on | iOS onto your computer. Unless it ties into some feature of | iOS itself that provides data transfer between phones in | which case it will be more difficult to work out. | | [0]: https://github.com/signalapp/Signal-iOS | saurik wrote: | Putting aside the complaints people have that this feature | was flakey and didn't really work, this one use case isn't | sufficient, as I usually switch to a new phone because my | old one was destroyed... and I imagine this is the _only_ | reason people poorer than me get a new phone. Users need | the ability to do non-transfer backups (which it sounds | like this feature doesn 't support). | | The reality is that my iTunes (encrypted) backup should | include my chat message history. That the Signal client on | iOS (and maybe even on Android, as while it has backup I | think it is a bespoke backup) has decided that somehow | Signal chat message history isn't something one can backup | at all (much less do using the user's standard backup and | restore process) is kind of ridiculous. | AnonC wrote: | It won't be baffling but appalling to see how the Signal team | (moxie in particular) have responded to requests for a backup | and restore feature. They're user hostile and prefer to do | things their way. On iOS, Signal has always prohibited its | data from being backed up with iTunes (doesn't matter whether | your iTunes backup is encrypted and protected by a password | or not). Even now there's only a recent "transfer data" | feature from one phone to another in real time. | parliament32 wrote: | Why would you want this? You don't save history for other types | of chats, like in person conversations or phone calls (even | though you could, with your phone recording in your pocket or | call recorder apps). If something important comes up, like an | address or recipe, copy/paste it into your notes app. Otherwise | set your messages to expire after a month and be done with it. | | I used to be a message-hoarder too, but I recently realized it | was all utterly useless and the cost of maintaining and | transferring that history around everywhere wasn't worth the | twice-a-year I actually wanted to search for something. | | Signal isn't email. | tinus_hn wrote: | Why would I want you to decide for me if I should keep my | messages or not? | dividedbyzero wrote: | > You don't save history for other types of chats, like in | person conversations or phone calls | | There are more than a few conversations I would absolutely | love to be able to revisit, but I can't. Like those small, | ordinary moments with my Grandma, of which I remember just | very little, I didn't think much of them at the time. With | those people I've lost who did leave chatlogs, they have been | helpful at times. | | I find it also can be very insightful to be able to drop into | ten-years-ago me's life, just to find how much I've changed | in some respects - or how little. It's a great source of | self-reflection for me. | | If keeping chat logs is something you personally don't value, | that's great, you do you. But keep in mind that people are | wildly different and lots will have needs, preferences and | principles that are the opposite of yours, and just as valid. | kitkat_new wrote: | that's why I love Matrix | beezle wrote: | How about multimedia? Photos, videos? Docs that I may not | wish to read now but have available at a later date if | needed? Most of those I would rather leave 'archived' in | context than pick and choose which to download to device | storage and then have to further sort and annotate. | tonyztan wrote: | Exactly. Keeping message history is a liability. There is no | need to keep all old messages beyond one week. If there is | something specific worth saving, there are apps for | taking/pasting notes. | benhurmarcel wrote: | Well for example here Whatsapp is the main communication | medium with your landlord. It's useful to keep that full | communication history in case any disagreement comes up. | pgalvin wrote: | I can think of many reasons full message history is | valuable. | | - a friend says something that you don't realise is | important until months later and need to reference | | - a friend or partner dies and you wish to revisit old | times by reading your messages | | - a couple wish to nostalgically re-read random | conversations from their early time together | | - a group chat for work or students shares valuable | resources that you wish to reference, but is impractical to | make copies of the dozens of messages | | - legal reasons if somebody accused you of saying or doing | something you did not do | | - you're going to an address (for example) that somebody | sent you a week prior, but you forgot to save it | | People are forgetful, people are emotional and nostalgic, | and people are argumentative. All very good reasons for a | chat history. Disappearing messages are simply always opt- | in precisely because most people do not want it. | FalconSensei wrote: | > There is no need to keep all old messages beyond one | week. | | Based on what use case? Many times I searched old personal | and group chats, to find what I wanted in a message from 1 | year before | JoshTriplett wrote: | > Why would you want this? | | Because I have _repeatedly_ dug out useful information from | chats, days, weeks, months, or years later. | | > If something important comes up, like an address or recipe, | copy/paste it into your notes app. | | You're assuming that 1) you know what's important at the | time, rather than realizing later, and 2) you want to take | the time, at the time, to figure out somewhere to file it. | | > I used to be a message-hoarder too, but I recently realized | it was all utterly useless | | That's your choice, but that doesn't make it the right choice | for everyone. Your preferences are not universal. (And | descriptions like "hoarder" deride the choices of others.) | | > Signal isn't email. | | People advocate using Signal in place of email, for security. | | I _cannot_ advocate Signal to anyone I know until it learns | to treat user data as incredibly valuable and irreplaceable. | | If people _want_ to mark their messages as transient, or even | mark _all_ their messages as transient, so be it; that 's | their choice. But if a message is _not_ marked as transient, | it must be possible to securely and _easily_ preserve that | message for longer than the lifetime of any one device. | skrowl wrote: | Multiple devices / reinstall works flawlessly on Telegram. | | I can't walk my mom through the archaic Signal backup/restore | all the time. | diebeforei485 wrote: | Agreed. I don't understand why iCloud backup is not a thing. | When I broke my phone and needed a replacement, I lost all my | groups. | | It's not even the message history I care about. It's the fact | that people sent me texts in the group while having no idea I | was no longer receiving them. If there was a way to back up | just the group memberships, that would be great. | unicornporn wrote: | Not a solution for the average user, but this works: | https://github.com/bepaald/signalbackup-tools | pgalvin wrote: | Unfortunately that's for the Android app. Signal iOS has no | way of backing up your messages, at all. | Evidlo wrote: | Matrix has this. You can save your recovery key somewhere to | recover your chats on a brand new device. | | You can actually just use another logged-in device (e.g. your | desktop) to recover your chats by scanning a QR code to trust | the new device. Recovery key is just in case this isn't an | option. | WC3w6pXxgGd wrote: | I've always wondered why Matrix and Riot never blew up in | popularity. | colordrops wrote: | This already exists in Android. | ngrilly wrote: | Yes, but it's only local, not cloud, as far as I understand. | izacus wrote: | Existing and being usable are not the same thing. | | Try to have your mom restore Signal backups after her old | phone dies and you'll quickly see why. | wcerfgba wrote: | I'd at least settle for having the messages sync properly | between my devices. When I used Signal ~1 year ago on Linux | desktop and Android phone, if I had it open on my mobile I | would get the messages there, and then if I later opened the | desktop client I didn't get the same messages there. Sometimes | I purposefully move from phone to desktop because _typing on a | small touchscreen sucks_ and I want to type on a keyboard. But | fragmenting the message history just ruined usability for me. | Hopefully it is better now. | davemtl wrote: | Signal has a method to backup chats, at least on Android. It's | under Settings > Chats and media > Chat backup. Baffling if | this feature isn't available on iPhone. | Forbo wrote: | As mentioned elsewhere in the discussion they now provide a | way to migrate data from one iPhone to a another, but that's | assuming that you have the old device still. | Y-bar wrote: | I have an old device which I have saved because the | messages on it are emotionally important to me, but that | device is too old to transfer to my new device. | officeplant wrote: | Main problem being you don't have access to the file | structure on an iphone. So you can't simply drop a backed up | folder in there like you can on Android. You are stuck | needing the previous device. | leokennis wrote: | Since iOS 12 or so, iPhone has a built in files app. Every | app can integrate with that. So when I create a file (let's | say chat backup) in app A, I can put it in the files app. | Then in app B (or app A on a new phone) I can easily open | that file from the same files app. | tinus_hn wrote: | Even before that every app got a documents folder that | was shared between the app and iTunes | pgalvin wrote: | iOS has had a Files app for years, locally. You could | easily export an encrypted .zip from Signal and save it | locally, just like how Signal on Android saves it to your | internal storage. | | For some reason, the Signal devs won't even acknowledge | this possibility and continue to say "we can't enable | iCloud backup" - which is fair enough, but nobody is asking | for that and they're simply putting their fingers in their | ears. | thekyle wrote: | Buy why can't they enable iCloud backup? What's so bad | about uploading an encrypted blob to the cloud. | jl6 wrote: | Yeah I just looked into switching to Signal away from WhatsApp | after the recent data sharing announcement - but not being able | to export/archive messages is a dealbreaking misfeature. | | I will not enter important data into any system that I cannot | get it out of. | fsflover wrote: | Telegram solves it and at least the client is open source. | Matrix is less developed, but it's distributed, so I choose | it. | cesarb wrote: | Doesn't Signal already have backup? IIRC, when enabled it once | per day saves all messages (encrypted with a backup key, which | you have to write down somewhere) to /sdcard/Signal, and you | can then use Syncthing or something similar to copy it to a new | phone. If you put that /sdcard/Signal folder there _before_ | starting Signal for the first time, it 'll ask to restore from | that backup. WhatsApp has an identical local backup and restore | flow (except that it gets the backup key from their servers, | instead of requiring you to write it down). | saurik wrote: | You are using the Android client. This feature is missing in | iOS. | [deleted] | izacus wrote: | It's a backup which demands that you WRITE down a very long | numeric code, then manually copy files off and then hope your | family doesn't lose all of it. | | It's a horrible user hostile process which isn't even | implemented for iOS. | FalconSensei wrote: | Considering my wife keeps resetting her passwords on | websites because she just forgets it, I have to agree this | is not usable | vinay427 wrote: | To be fair (to iOS users, not to Signal), the device | transfer procedure on Android is somewhat more cumbersome | as a result. | | iOS gets the smooth new device-to-device direct transfer of | the backup while Android users need to copy the encrypted | blob (~2GB for me) to the new device and enter the | encryption key. Admittedly, it does still allow for more | flexibility than on iOS. | mystcb wrote: | It is nice that the iOS version has that, but it a major | pain say, if you are asked to reset your phone and | restore from backup. | | The recent issue with the Apple Watch not syncing health | data meant that to get anywhere I had to wipe my phone, I | had no where to transfer my Signal data too, thus - all | gone. | | It's not ideal when dealing with members of your family | who really don't want to lose data, and is probably one | of the few things that stops me in my own situation going | over. | | I do understand that in some cases this is actually a | feature too, so I am not discounting it - just in my case | this specific reason makes it really hard to justify a | move over. | | Just annoying that there isn't really a viable | alternative anywhere at the moment :( | | If iOS had that same option of a encrypted blob option | then that would have solved my issue with the phone | restore! | DavidSJ wrote: | Exactly this. | | I wanted to use Signal as my primary messenger. I _really_ did. | But I had a ton of sync problems between my phone and my | desktop client, tried to report them, and the developers didn't | care. Then one day I got a new phone and discovered I'd lost my | old Signal identity and there was no way to export my messages | from my old phone. And the developers didn't care about that, | either. | | They always had some excuse for why it was the "right" behavior | and the user's fault. For example: clients just can't sync more | than 1000 messages, and if you go this long without using your | desktop client, well, you're out of luck, and you should have | realized this. | | I just can't recommend a platform on which the developers don't | care about usability. | dundarious wrote: | The lack of options to backup and restore from Android to | iPhone was extremely frustrating. I convinced my mother to use | Signal as her default SMS app on Android, and when I bought her | an iPhone, all her SMSs were lost (except to open up the old | device). Not the worst problem in the world, but it leaves a | very nasty taste. | | Never mind that transitioning between iPhones (we almost bought | her a new phone this year) has the same problem. That this is | not supported invalidates Signal as a replacement for SMS or | Whatsapp for many many non-technical users. | forgotmypw17 wrote: | >Just build an encrypted blob and zip it up | | Better yet, how about a zip of text files? | zapita wrote: | Same here. I used Signal a lot. Then it started crashing and I | lost all my message history. | izacus wrote: | > However I really, really hope they can work on a good backup | and restore process as losing my message history because I have | to reinstall the app on my desktop[1] or have to reset my phone | is a horrible experience. | | I've tried to report bugs and talk to developers about this but | there's one fundamental problem here - the Signal team | fundamentally does not value chat history the same way a lot of | people do. They think that destroying all chats is a reasonable | thing to do when things get hard - which is the exact opposite | to many WhatsApp users, which deeply value images and texts | sent to them on that platform. | | As such, they've been very very resistant at making the backup | process for Signal easy for people. This is also why deskop app | regularly happily just trashes all its state and fails to | resync. This is why they will never let you make the backup | process easy and portable. | | It's not a technical issue - they just think you're wrong when | you want to keep your conversations. | | Unfortunately that's can also be a significantly bigger issue | than privacy for a lot of people. | Lutger wrote: | Really? I can't believe that. | | I mean, in a sense, all software is just a vehicle for the | data it processes, and the actual value lies in the data - | not the software. | | That data is chats for Signal. If they think that's | worthless, even just the history of it, it means they don't | really value their own application. | | They are wrong. | herbstein wrote: | The Signal protocol is forward-secret. I don't know the | nitty-gritty specifics of the protocol, but the essence is | this: | | You don't want someone getting access to your account two | years from now to be able to access every old message. | Consider every message a separate object that gets | encrypted. The keys are changed/updated each time a new | device is added to an account. That new device only knows | the new key(s), and thus can only decrypt new messages. | hackmiester wrote: | Neither you nor any Signal dev knows what I want (i.e., | what security vs convenience tradeoffs I am willing to | make). I will choose the tool that allows me to use it in | the way I want to use it. | tw04 wrote: | >You don't want someone getting access to your account | two years from now to be able to access every old | message. | | The messages I don't want people getting ahold of are | either created with expirations or I manually delete | them. I couldn't care less if someone 2 years from now | can read a chat log between me and my mom if it means | that I can actually read them 2 years and multiple | devices away from now as well. | | What I don't want is to be forced to message with one app | for secure chat and something completely different for | daily driving. It's a pain, and nobody in my circle is | willing to do it (and I don't blame them). | FalconSensei wrote: | Completely agree with that. | | This whole 'I don't care about history' discourse can | change greatly for some people after a loved one dies, | for example. | j1elo wrote: | I might see why they think that way, but I'll have a harder | time sympathizing when the parent's use case starts being | more prominent: what happens when your app grows in usage, | gets out of the "niche curiosity" category for the mass | public, and people start wanting to use it for "serious" | matters? | | Not being able to back some conversations up is _not_ an | option. It would be very ironic if the answer to this was | "well, then don't use Signal, because we don't care", and | people who cared about the WhatsApp stuff ended up being | pushed into Telegram (which seems to be the only other | popular alternative, by a wide margin). | WaitWaitWha wrote: | Signal is used both in many governments, and by groups in | danger of punishment. | | In my opinion, Signal is not a "niche curiosity", and mass | public is rarely right. | j1elo wrote: | I originally didn't write "mass public" but ended adding | it to somehow convey that currently is already being used | for "serious business", no doubt, but it has been far | from widespread adoption so far. | the-dude wrote: | Pretty confusing to edit your post like that. | madeofpalk wrote: | I doubt they think you are _wrong_ - they just don 't value | it themselves personally, and lack empathy for their users | who have different values. | jstummbillig wrote: | This right here is the definition of a technicality -- so | much so, that (on second thought) I wonder if this was | meant to be tongue in cheek. If so, bravo. | simias wrote: | Signal's devs, for better or worse, are very opinionated. | If you don't do it moxie's way then you're doing it wrong. | I was once shut down on HN by the Signal posse because I | said that I'd like to have a Signal client library that I | could use to write my own custom lightweight client. | Apparently I'm not worthy and clearly incapable of writing | secure code. Meanwhile I have to use that crappy, gigantic | official electron app that cost them at least one serious | security vulnerability in the past (JS injection, if memory | serves). | | If you want to make a nerdy niche chat client that's | probably a good mindset, but if you hope to appeal to the | masses you'll have to put some water in your wine | eventually. I managed to convince a couple of my groups to | migrate away from WhatsApp lately, but unfortunately always | towards Telegram. Signal is just not there yet if you want | a drop-in replacement. | Mediterraneo10 wrote: | > I'd like to have a Signal client library that I could | use to write my own custom lightweight client. | | You already have that. Signal-cli is based on a | standalone Java library distributed as part of the Signal | codebase. Of course it is an unofficial client and the | Signal team would really prefer you not use it, but if | the Signal-cli team can develop something from that | library, you probably could too. | pbronez wrote: | I didn't know that existed. Is there some way to use that | to create a backup solution? | FalconSensei wrote: | > the Signal team fundamentally does not value chat history | the same way a lot of people do | | This is the core problem as why many projects don't get | mainstream. They have 2 options: they can focus on what they | think is a priority, or on what the public thinks is a | priority. | | I'm not saying Signal is wrong on doing what they are doing, | as they are being successful among some niches (i.e: tech). | But to grab Whatsapp users, they need feature and UX parity, | at least to some level | skrowl wrote: | This is exactly why Telegram is beating Signal. | | They're singularly focused on the user experience and what | users want. | | Uninstall / reinstall / multiple-devices works flawlessly. | freeone3000 wrote: | I fundamentally distrust any program which claims E2E | encryption and is capable of recovering my chat history | onto a new device. This means that Telegram is | technically able to recover my chat history, making the | "E2E" bit of the encryption smoke-and-mirrors. | cmeacham98 wrote: | I am unaware of Telegram's implementation, but this is | not necessarily true. The app could use a secret you | provide and only you know (most obviously, your password) | to store and restore chat history. | FalconSensei wrote: | I can be wrong, but on Telegram E2E is not default. Those | are used only in 'secret chats', which I believe are not | recoverable. | | So you can use regular texting for everything you don't | care much about, like sending youtube videos and memes to | your friends, and use the secret chat to things that re | more sensitive. That's great for most people that | currently use Whatsapp | JoshTriplett wrote: | > I fundamentally distrust any program which claims E2E | encryption and is capable of recovering my chat history | onto a new device. | | I would expect a Signal implementation of this to allow | recovering chat history _if you restore a backup onto the | new device_ and _if you re-enter your PIN_. | gsich wrote: | Telegram only has E2E if you enable it. "Normal" chats | are not E2E encrypted. | natenthe wrote: | That's ok. I care about data hygiene. Signal cares about | data hygiene. I don't want old data lying around and | ready to be used by nefarious third parties at any point | in the future. I'm sticking with Signal as long as they | stay true to their values. I don't need it to be #1. | beebob wrote: | Interesting piece of information. I'm one of the people that | values the chat history. Mostly as there are often occasions | where I would look up something like a product or a website | someone sent me. Also for nostalgia. | | It would be perfectly fine if exporting/importing chat | history would be a manual process via encrypted files and if | it was disable by default. But not having it at all is an | issue for me. | | That said: It isn't exactly easy with other messengers. | WhatsApp does have some backup/restore. But afaik it is | limited to the platform you are using (Android or iPhone). | The export is limited and cannot be imported again. Telegram | has all the messages on their servers... which... ah well, | let's just leave it at that. | | Makes me think that I need some private third party database | that just ingests and consolidates all my chat data for me. | With something like that it might be okay just having a few | days worth of chat history on the phone. | xrisk wrote: | Off-topic but does Signal support independent multi-device | yet? Sorry I can't find reliable information about it online! | xiphias2 wrote: | It's open protocol and source though, so making a multi- | device version wouldn't be impossible | izacus wrote: | Nope. You can't even use it on a tablet without owning a | smartphone. | xrisk wrote: | So is the model similar to that of WhatsApp web? can you | receive messages on the desktop app if your phone is | switched off? | mauricioc wrote: | Unlike WhatsApp, the desktop app receives messages when | the phone is off. Also unlike WhatsApp, messages received | on the phone before you paired the desktop app do not get | transferred to the computer. | OkGoDoIt wrote: | Nope, and that's the biggest blocker for me. I own multiple | smart phones (work and personal), iPad, and two computers | (windows and Mac). So far Facebook messenger is the only | reliable way to do messaging across all of them, which is a | shame because I hate Facebook and I don't particularly like | messenger. But I have not found a single other solution | that works cross-device and cross-platform. It also helps | that basically everyone is on Facebook messenger, but I'd | be willing to put effort into trying to migrate people to | other chat solutions if there was literally anything else | out there that works well on multiple devices. | gomox wrote: | Telegram | nucatus wrote: | If history is not something to care about, then what is the | point of importing WhatsApp history? | upofadown wrote: | >...the Signal team fundamentally does not value chat history | the same way a lot of people do. | | Keeping around old messages more or less negates the value of | forward secrecy. The Signal Protocol is obsessively forward | secret. So it would be reasonable for those that have put so | much work into getting rid of old messages for good would not | value them. | Ericson2314 wrote: | Well then forward secrecy gets sacrificed for the greater | good. Too bad! | | Make a setting for those that care. Make it the | responsibility of users to make sure all their devices | agree on that setting. See? problem solved. | tw04 wrote: | It's not reasonable to expect it to be a defacto messenger | if you can't save chat history. Full stop. | | If I want a conversation to be private, I set expiring | messages, for the rest of it, I want to be able to go back | and reference things all the time. Whether it be digging up | a song link I sent a buddy, or looking up the address | someone sent me a week in advance. | | If they can't operate or are unwilling to operate under | those guidelines then they just aren't ever going to | replace whatsapp with the general populace and the | community should start work on something else or agree that | telegram is "good enough" (I don't think it is). | tigerlily wrote: | Be a cool feature if they let us _encrypt_ chat history | in a local file. | [deleted] | nmlnn wrote: | Am I missing something? That's how their backups work | currently | tw04 wrote: | The problem is it doesn't work at all on iOS, and there's | no way to sync between iOS >> Android or iOS >> PC. | topkeks wrote: | Settings -> Chats and media -> Chat backups | angry_octet wrote: | This really miscomprehends what forward secrecy means. PFS | prevents an adv who obtains the keys from decoding previous | messages -- even with access to your unlocked phone (and | the long lived keys) they couldn't obtain cleartext on any | message you had deleted, even with the ciphertext. Also, | having a plaintext message does not confirm it was a | particular ciphertext. | | But it really isn't available to the software author to | know how long we want to keep a message for. If I want I | can set a disappearing message timer. | beezle wrote: | >Keeping around old messages more or less negates the value | of forward secrecy. | | Why? Can you please explain as my understanding of perfect | forward secrecy is that should not matter. I'm not a crypto | expert so perhaps I've overlooked something? | KAMSPioneer wrote: | I mean, from the perspective of the crypto it doesn't | matter. But it defeats the point of building a forward- | secret system. | | Think of it like this: if I'm an attacker that breaks | into the forward-secret chat app on your device, and you | have kept a perfect record of every conversation you've | ever had using that crypto system in _the same place you | keep your identity keys_, then does it really matter | whether the messaging system was "protected" by a | forward-secret system? You might as well just have | scrapped all that complexity and had non-forward-secure | messages if you want to keep a perfect, eternal record of | your conversations. | | I actually think the Keybase guys did a great job at | this. They have non-forward-secure chats by default (so | that you never lose chat history), but exploding messages | (which delete themselves after a short time by design) | are forward-secret, since then it actually makes a | difference. | | I suppose it depends on your "threat model..." How do you | want to use your chat system? | upofadown wrote: | The way I like to think about it: | | If you had a way to keep your old messages safe then you | could of just used that method to protect your private | key. | fsflover wrote: | > But it defeats the point of building a forward-secret | system. | | Such thinking defeats the actual purpose of the program: | to serve users. I don't want to delete at least some of | my history. It's like Windows, which know better than the | users what they want. | dwohnitmok wrote: | Chat history isn't immediately at odds with PFS. As I see | it PFS first and foremost is for protecting messages in | transit. This is to prevent dragnet-style surveillance. | | Chat history means giving up some measure of at-rest | security, but it has no impact on the in transit part. | Personally I also think some compromise of at-rest is a | reasonable trade-off for a lot of consumer contexts | because physical capture of your device already is | basically game over. | KAMSPioneer wrote: | But PFS is specifically about including "my adversary | may, at a later date, compromise my private key" in your | threat model without giving up plaintext. If we assume | that calculating a private key from the public key is | ~impossible (which I hope you agree we can do), and we | further assume the private key never leaves the device, | then forward secrecy is what lets us know the only way to | get plaintext is by stealing it from an endpoint. Maybe | I'm failing to see the adversary you're defeating with | PFS if they're never going to access your device and | siphon off private data... | | I'm no expert, but if all you care about is transit | security, I don't think you need PFS (in E2EE messaging! | TLS is a different story, because you have to trust the | server). Just protect your private key. But if you're | carrying multiple device's worth of accumulated messages | _right alongside_ your private key, then what's the point | of rotating ephemeral keys after each message? | | EDIT: I agree about a compromise on PFS/chat history | being reasonable in most scenarios. But I also think that | defaults are really important, especially as the contents | of chat history can be leaked by other participants, | whose chat backups you can't really control. It's a tough | problem to solve for everyone. | darkwater wrote: | > But PFS is specifically about including "my adversary | may, at a later date, compromise my private key" in your | threat model | | I'm no crypto expert but that "later date" when talking | about PFS is to avoid an external dragnet _recording_ all | your ciphered streams and then deciphering them once they | have your non-PFS secret key. | | I mean, in your definition basically all the messages | should be ephemeral on your device and on each recipient | device to have PFS. | godelski wrote: | Honestly I personally just want the ability to save | specific messages. My friend sends me a recipe? Save. Just | shooting the shit? Don't save. I don't understand why | people want to save their whole chat history but I do | understand why you'd want to save specific messages, and | that's a big missing feature. | [deleted] | amelius wrote: | The idea is to save all messages _and_ have a good search | option, so you 'll only ever see the good posts when | looking back into your history. No need to tag them | beforehand. | godelski wrote: | Honestly I don't want _all_ messages saved. I don 't see | that as useful. Not only is that noise but just makes me | feel uncomfortable in the same way I would if someone | pulled out a tape recorder while we were shooting the | shit over beers. Then you think about how cultures change | and people make a fuss over things from years ago on | Twitter even when the person has changed opinions? No | thanks. Not everything needs to be recorded. That's the | premise of too many dystopian sci-fi stories. | fsflover wrote: | You can simply keep those messages in an encrypted | backup. Who knows how valuable they will be in 20+ years. | And maybe you will be able to apply (local) AI to them | and find out interesting things about yourself. | jolmg wrote: | s/specific messages/& and conversations/ | | > I don't understand why people want to save their whole | chat history | | Valuable messages and conversations can happen too often | that it's a hassle to save them manually. This is | probably more common in group chats where lots of people | occasionally share valuable stuff. | hackmiester wrote: | Your point and use case are valid but unrelated. I agree | with the parent comment but not with your sentiment. | FalconSensei wrote: | The thing is: your use case and wants seems to be | different than like, 90% of Whatsapp users, as they | expect to never lose their history. So... Signal is not a | replacement to Whatsapp | hackmiester wrote: | That's fine with me. I was just pointing out that those | two requests are not really related. | | I don't know much about WhatsApp, and I've never lost any | message in Signal, so I am not sure I am well equipped to | discuss whether it's fit for that purpose. But I would | certainly love to save individual messages in some sort | of vault, as well. | godelski wrote: | Sure, conversations. But honestly I feel like saving | everything just generates more noise and makes it | difficult to find the signal. | fsflover wrote: | See my reply here: | https://news.ycombinator.com/item?id=25690699. | richardw wrote: | I don't always know which are important messages until a | while later. Someone mentions a useful service or name, | so I search WhatsApp to find it. Moved phones recently, | iOS backup was screwed up, and I lost some great covid | memes and was looking for a specific one. Had to ask the | sender to resend it to me. | gshulegaard wrote: | I think it's astute of you to point out that the Signal | developers do not value chat history the same way many people | do, but I am not sure I track with this: | | > It's not a technical issue - they just think you're wrong | when you want to keep your conversations. | | as much. | | When you are treating security as a number one priority I | think there are a lot of things that become technical issues | which aren't typically. Transferring or backing up history | between disparate devices, which become trusted at different | times, is one of those things that I think _is_ difficult to | do without sacrificing security. | | For example, in the classic case when a user adds a new | device and wants history to be available on both you can't | let the devices controlled by one person simply sync with one | another. To do so would be making a security concession to | the other members of the chat in that they no longer verify | every destination of their message. If you are unwilling to | make a security concession everything in this area becomes | magnitudes more difficult. I wouldn't say it is impossible, | but it's definitely not trivial. | | My gut reaction is also that it is difficult to _guarantee_ | history in this type of security first mindset. If you add a | new device and someone doesn't approve/verify/trade | encryption keys with the additional client then there isn't | much you can do besides not make that data available no? So I | don't think it unreasonable for developers to hold the | mindset that history is not a priority for a security first | application. | verytrivial wrote: | It's a bit of a cart before the horse issue, no? | | I mean what is the _point_ of obsessing about the security | of the messages if you don 't _value_ the messages | themselves? | | Some people[1] clearly value message history far beyond the | transfer point to chat itself, and making people choose | between being spied upon and not having message history, I | think many people will choose trusting that they won't lose | their messages. | | [1] Myself included. I check with Signal[2] every six | months to see if they have a backup option, then switch | back to WhatsApp when I see they don't. Phones die. My | messages are more important than my phone. | | [2] https://support.signal.org/hc/en- | us/articles/360007059752-Ba... | skinkestek wrote: | Signal isn't meant to be a mainstream one-size-fits-all, | even tptacek admits as much: | | https://news.ycombinator.com/item?id=22371316 | | He actually seemed annoyed that everyone insisted on | using it for everything :-) | | If you need bulletproof cryptographically verifiable | encryption - use Signal. | | If one wants to plan dinner, use whatever fits your bill. | | (And if in addition to the same supposedly bulletproof | encryption as Signal you also want NSA^HGoogle to back up | your messages and Facebook to know who you talk to and | when so they might better customize their ads^H^H^H your | experience you can also use WhatsApp :-) | Yeroc wrote: | The downside of that attitude is that if a chat program | is only used for what governments consider subversive | activities then it will be targeted to be shutdown. It is | much better to have a general-purpose, secure chat | program that IS mainstream making it more difficult for | oppressive regimes to target. | skinkestek wrote: | Or we can use a number of different programs for | different purposes like I do: | | - exchanging passwords? encrypted mail, Signal or | something else E2E-encrypted | | - work: whatever work says. Mostly slack. | | - discussions with friends and family: Telegram | | - online shouting competitions: twitter | | - showing off: Instagram | | - telling Facebook who my friends are and how often I | talk to them: WhatsApp ;-) | mandelbrotwurst wrote: | There is still value in being able to securely | communicate in the present even if you are not able to | maintain a permanently searchable log of all activity. | tinco wrote: | Yes, but less value. And most would say not enough value. | FalconSensei wrote: | There's value, that's why some niches migrated to Signal. | | But the general population seems to think they are losing | features, instead of gaining, that's why they don't | migrate/are upset and surprised when they lose history | vinay_ys wrote: | I think it is fair to expect Signal to support a solid | encrypted backup/sync mechanism. They can allow users to | manage the encryption keys out of band. Users can use a | password manager (or a piece of paper) to save the | encryption key. | | Anyone who is security/privacy conscious to use Signal is | also using a solid password manager and not reusing | passwords as well as following good secure data backup | practice, I hope. | k1t wrote: | > For example, in the classic case when a user adds a new | device and wants history to be available on both you can't | let the devices controlled by one person simply sync with | one another. | | > To do so would be making a security concession to the | other members of the chat in that they no longer verify | every destination of their message. | | You can't "verify every destination" with Signal anyway. | Maybe the message is going to my phone, maybe it's going to | my phone and my desktop - the sender can't tell. | | Sure, if you are trying to add an entirely _new recipient_ | to a conversation, then of course you can 't send them the | entire conversation history - but nobody is asking for | that. | | What people want is the ability to add a _new device_ for | an _existing recipient_ , and have the history sync across. | | With Signal I can already add a new device and continue | existing conversations without the other participants being | notified that I've added a new device. Adding conversation | history doesn't diminish anything from a security | perspective. | gshulegaard wrote: | Are you sure about this? | | > With Signal I can already add a new device and continue | existing conversations without the other participants | being notified that I've added a new device. | | Just today I had a group chat notification that said: | | "More than one member of this group is no longer marked | as verified. Tap for options" | | Tapping brought me to a menu that said: | | "Safety Number Changes -- The following people many have | reinstalled or changed devices. Verify your safety number | with them to ensure privacy" | | At which point I was given the option to re-verify (e.g. | via a provided QR code), but also the option to manually | mark "verified". That is to say _something_ does notify | participants of changes to recipient devices. | jacoblambda wrote: | I also use Signal but the thing that kills me about it is the | lack of RCS support. I love everything on the Signal side but | there just is not a realistic way to get people to migrate to | it unless they can seamlessly transfer over from Google | Messages or the other OEM message apps. | carderne wrote: | It's super hacky but this [0] bit of code I adapted from some | other hacky code will let you export to MarkDown/HTML. No hope | of getting the messages back on my phone, but at least I have | an archive of messages and media. | | [0] https://github.com/carderne/signal-export | fencepost wrote: | Are any of the other third party apps worth looking at? I'm | thinking specifically of Threema which I have but haven't really | ever used since nobody else I know is using it. | fsflover wrote: | Matrix is distributed and listens to what users actually want. | actuator wrote: | This is blowing up quite big now and I have managed to shift a | lot of my friends to Signal now, I wonder if WhatsApp will go | back on its decision. | | As we stand now even Signal is not safe because of the business | model. | | I wonder what's the model on messaging apps that will work. I | don't want the OS creators to own the messaging platforms as well | by virtue of subsidising it through OS/hardware. | josh2600 wrote: | Punchline: Whatsapp can't go back on their decision for a | variety of reasons that are so much bigger than Whatsapp. | | The revenue pressure from Apple cutting FB ad revenue due to | nerfing tracking has forced FB's hand. They have to monetize | Whatsapp. | jariel wrote: | "As we stand now even Signal is not safe because of the | business model." | | ? | | Ok, good, but you do realize that this is the most existential | concern of them all? | | Why does FB so aggressively pursue personal data? | | For advertising. Because 'that's the business model'. | | Do you think that any entity would be in that position if say, | people were willing to actually pay $3/month for what seems to | be very obviously a highly useful service? | | Maybe, but probably not. | | If people would pay for value, there at least would be | considerably less incentive to have personal data. | | People seem to be willing to pay Apple and AT&T through the | nose, oddly, not for those creating the services themselves. | | "We get what we pay for". | actuator wrote: | Yeah, and that's the major issue with Signal/Telegram. They | also have to pay the operational costs at the end of the day. | | Apple's services can be ad free because they hide the cost in | the cost of phone but that is extremely anti competitive. | | A user on an iPhone will have a hard time rationalizing for | Signal which says $3 per month when he looks at iMessage and | that is free | johnchristopher wrote: | Telegram has infinite history while Signal has PFS. So the | costs are not the same at all. | tapia wrote: | But that is the thing. WhatsApp used to be a payed app, and | the promise was that they would never sell our use your data | for adds. Then they sold to Facebook and broke that promise. | I used to pay for WhatsApp because I believed them then. And | it got big because of many people did that too. That is the | thing that I found the most insulting about WhatsApp now. | jariel wrote: | "Then they sold to Facebook and broke that promise." | | This is really a false narrative. | | The 'sell out' was the 'sale to Facebook'. | | A business is not really going to necessarily keep that | kind of promise, they are going to do what's best for them | - that's why they made the acquisition. | | This idea that the WA founders could somehow hold Zuck to | that 'promise' is fantasty. They are not naive, they knew | what they were doing. | | Not only did they know there was nothing they could do | otherwise, but that there would be an existential pull from | FB to push for data sharing that would be unavoidable. | | The 'moral high ground' that the founders tried to take in | public is really kind of despicable, because they knew | exactly the cards in play when they sold. | | If the 'promise' was to do with branding, or something | secondary, but fine. But you don't sell drugs to a drug | dealer with the promise that the dealer won't deal drugs. | | Anyhow, we are where we are. People should fork over $1 | month for chat. It would make a big difference. | ubercow13 wrote: | You seem to be contradicting yourself - that is was never | a good idea to believe their promise and pay for their | chat service, but that also this problem would be solved | if everyone paid for a chat service. | jariel wrote: | Those are not contradictions. | | 1) A sale to an advertising company will result in WA | data being used for Ad sales, there's no reason to | believe otherwise. | | 2) Paid apps would be ideal for privacy, but I didn't | imply that people were necessarily willing to pay for it. | | The problem frankly is not 'Facebook' it's us. | | We want 'all the privacy' for 'free'. If we paid a small | amount, we could have privacy because there'd be an | underlying supportable business model. | ubercow13 wrote: | Right but WhatsApp _was_ a paid app. There is no reason | to believe that paid apps are ideal for privacy - | WhatsApp is the perfect counterexample. So we need a | different solution, or direct payment at leasts needs to | be one part of a larger solution. | peruvian wrote: | Moving a few close friends to another app is easy. Moving | acquaintances, people you just met, businesses, organizations, | etc. is another thing entirely. | upofadown wrote: | >I wonder what's the model on messaging apps that will work. | | Federated. History has shown that any system that puts control | in the hands of one entity eventually ends up bad. | fsflover wrote: | And sadly Matrix was only third in the recent HN poll, but | it's the only sustainable solution. | [deleted] ___________________________________________________________________ (page generated 2021-01-08 23:00 UTC)