from Ulrich@feddit.org to privacy@lemmy.ml on 08 Sep 19:05
https://feddit.org/post/18547034
In the past, if you broke or lost your phone, your Signal message history was gone. This has been a challenge for people whose most important conversations happen on Signal. Think family photos, sweet messages, important documents, or anything else you don’t want to lose forever. This explains why the most common feature request has been backups; a way for people to get Signal messages back even if their phone is lost or damaged.
After careful design and development, we are now starting to roll out secure backups, an opt-in feature. This first phase is available in the latest beta release for Android. This will let us further test this feature in a limited setting, before it rolls out to iOS and Desktop in the near future.
Here, we’ll outline the basics of secure backups and provide a high-level overview about how they work and how we built a system that allows you to recover your Signal conversations while maintaining the highest bar for privacy and security.
Secure Backups 101
Secure backups let you save an archive of your Signal conversations in a privacy-preserving form, refreshed every day; giving you the ability to restore your chats even if you lose access to your phone. Signal’s secure backups are opt-in and, of course, end-to-end encrypted. So if you don’t want to create a secure backup archive of your Signal messages and media, you never have to use the feature.
If you do decide to opt in to secure backups, you’ll be able to securely back up all of your text messages and the last 45 days’ worth of media for free.
If you want to back up your media history beyond 45 days, as well as your message history, we also offer a paid subscription plan for US$1.99 per month.
This is the first time we’ve offered a paid feature. The reason we’re doing this is simple: media requires a lot of storage, and storing and transferring large amounts of data is expensive. As a nonprofit that refuses to collect or sell your data, Signal needs to cover those costs differently than other tech organizations that offer similar products but support themselves by selling ads and monetizing data.
Anatomy of Secure Backups: Privacy First, Always
At Signal, our commitment to privacy informs which features we build and the ways that we build them.
Using the same zero-knowledge technology that enables Signal groups to work without revealing intimate metadata, backup archives are stored without a direct link to a specific backup payment or Signal user account.
At the core of secure backups is a 64-character recovery key that is generated on your device. This key is yours and yours alone; it is never shared with Signal’s servers. Your recovery key is the only way to “unlock” your backup when you need to restore access to your messages. Losing it means losing access to your backup permanently, and Signal cannot help you recover it. You can generate a new key if you choose. We recommend storing this key securely (writing it down in a notebook or a secure password manager, for example).
These choices are part and parcel of Signal’s guiding mission to collect as close to no data as possible, and to make sure that any information that is required to make Signal robust and usable cannot be tied back to the people who depend on Signal. This is why wherever there’s a choice between security and any other objective, we’ve prioritized security.
Enabling Secure Backups
If you want to opt in to secure backups, you can do so from your Signal Settings menu. For now, only people running the latest beta version of Signal on Android will be able to opt in. But soon, we’ll be rolling this feature out across all platforms.
Once you’ve enabled secure backups, your device will automatically create a fresh secure backup archive every day, replacing the previous day’s archive. Only you can decrypt your backup archive, which will allow you to restore your message database (excluding view-once messages and messages scheduled to disappear within the next 24 hours). Because your secure backup archive is refreshed daily, anything you deleted in the past 24 hours, or any messages set to disappear are removed from the latest daily secure backup archive, as you intended.
Backing up, moving forward
We’re excited to introduce secure backups, making sure you can retain access to your Signal messages even when your phone is lost or destroyed. But secure backups aren’t the end of the road.
The technology that underpins this initial version of secure backups will also serve as the foundation for more secure backup options in the near future. Our future plans include letting you save a secure backup archive to the location of your choosing, alongside features that let you transfer your encrypted message history between Android, iOS, and Desktop devices.
Secure backups are available in today’s Android beta release. A full public release, along with iOS and Desktop support, is coming soon.
threaded - newest
this is big for iOS signal users, who havent had any backup solution at all yet
Finally! This was keeping me from recommending Signal to more people
That’s excellent to hear. Hopefully no one abuses the media backups, I would understand if they did it by file sizes
text-only backup is apparently capped at 100MiB, which should be more than plenty. it didnt say but id assume media is also similarly capped
Yeah it’s interesting that they list 100GB for the paid plan but the free one just says “45 days”.
That is because signal already stores media for 45 days as part of ensuring delivery to every device in your account.
Wow, that took so long! But good on them for finally doing it!
Not having done much with Signal, is there a way to create local backups?
On Android, yes.
Does it include private keys? Or just message history?
Includes private keys.
I know it will probably not happen, and if it does it will be an industry first, but it would be great if they allow people to map this secure backup to a selfhosted Nextcloud or similar.
You can kind of have that right now (Android only?) by creating local backups and syncing them to your selfhosted Nextcloud.
Aware of that. But was more thinking how cool it would be if we could just enter URL and voila. Kinda like GNOME’s Online Account feature and/or backup feature works on Linux. But yes, this would be a lot of work, with very little gain in it for them.
Yeah but the local backups suck because you have no control over their retention period, And it forces you to create a new one everyday. Which if you have a large signal history, can wipe your phones storage in just a few days.
Agree, that’d be awesome. However, it’s probably not worth their time to create/maintain/support a self-hostable backup server/integration since this has been possible for many years now via Signal’s existing backup functionality. You can backup Signal to device storage, then sync that to a remote server using Syncthing or whatever else. Not super user friendly, but neither is hosting your own server.
EDIT: At least on Android
Phew.
if you choose to back up to your own storage, does it still cost $1.99?
No.
We don’t know that.
You can do it right now without paying any money. Have been able to for a long time. Don’t see any reason that would change.
There is no logical reason they would allow you to back it up to their servers for free but charge you to back it up to your local device.
Local backup already exists, just sync it somewhere yourself. This new feature basically is just syncing the backup to their servers and limiting the amount for free because it costs money to store a lot if data.
Edit: not sure if iOS is the same since that’s more locked down of a platform than Android, but at least on Android this holds true.
IMO one of the most important features
Weird that they don’t even bother mentioning the backup feature they’ve had on Android for years.
The good news is that this is an addition to the existing backup option to back up everything to a local file, not a replacement. At least in the current beta.
I would like to hear official confirmation that this isn’t going to be a replacement, because if it is, then it’s a huge downgrade. The current system backs up everything, including media, with no time limits, for free.
Yeah I had to change the title for that reason.
Meanwhile, I just wish signal let you set server-specific nicknames.
Looking forward to this feature
That’s an interesting statement, considering you can already transfer between Android and desktop.
History doesn’t transfer to desktop clients. Only new content after desktop client is added is synced.
Yes it does. It was added recently and not announced.
How do you do that? I really need to, because my phone storage is full and I don’t want to lose Signal media sent over the years by my SO. I’ve poked around in the settings and can’t see any way to backup to desktop.
All I can find is a link that goes to a documentation site that says you can’t transfer from Android to Desktop: …signal.org/…/360007059752-Backup-and-Restore-Mes…
<img alt="" src="https://lemmy.ml/pictrs/image/36599aa1-eb7c-4e50-b398-42165665b7ba.png">
You just connect it to the desktop app and it will ask you if you want to transfer your data. This is a recent addition.
Awesome, thanks! I’ve already got it connected to desktop since months ago and it’s not syncing, so I assume I’ll need to disconnect/reconnect in order to trigger the prompt. I’ll give it a shot.
Wait, what does “syncing” mean in this instance. How can it be connected and not be syncing?
I mean, media didn’t get copied over from the past, only from the point I connected it on, so it never functioned as a backup. I’ve still got years of message data on my phone that I want to sync to somewhere else so I can get rid of this phone.
Oh well, I don’t think you get years, anyway. I believe it’s 45 days. If you have another device you can simply transmit them wirelessly from one to another. Or if you’re on Android you can create a backup locally.
Or maybe you don’t need all of those messages?
Except it won’t. The desktop app specifically states that it will not transfer history when you activate it…
You are mistaken.
I just set the desktop app up a week ago on a new computer. I am most definitely not mistaken.
I also just set it up. You are mistaken. Must be something wrong with your desktop.
This is something I’m waiting for. I lost all my messages when I moved between platforms.
it already does this, i’ve had it set up for years. i save them to my mega folder and megasync handles storing them in the cloud
Any word on incremental backups? My current file is 20GB. This means I’ve had to switch off automatic backups, which is obviously not ideal, because I don’t want a 20GB file being written to disk every night…
Not that I know of. How long does it take you to build up 20GB of data? Do you really need all of that?
It’s been my main messaging app for about 6 years. (which I would hope is the goal of the Signal org) But I re-enabled backups just now, and it seems there’s actually no options for filtering out? Like text-only, or last x years only…
Welp. I set mine to disappear everything after 4 weeks. Unfortunately this is the longest available time for disappearing messages. Fixing that would also fix your issue.
Yeah, the current backups are pretty dumb in the sense that it writes a new file everyday and you have no control over retention, history or deletion.
I just want to be able to backup all my media history and chat in a securely encrypted file to a location of my choosing with a retention period of my choosing.
This new backup format is incremental and they will bring this new format to local backups in the future
I’m glad to see this is a concern of someone else. I commented about customizable backups in another thread and it got a rather different response than what I’d expected.
My thought was that I’d like to be able to backup messages year by year and leave Signal to maintain the current year’s backup and disregard anything older. This way the backup file on the device would only take a few gigabytes instead of a few dozen. I had to stop sending media through Signal a while back just to keep the backup file from ballooning out of control, opting to send gallery links instead.
I suppose this could also be done by conversation thread, but having any level of control would be fine. As it is, backing up every conversation every day is a bit redundant. I’ve occasionally noticed a backup running when there was nothing new since the previous day’s backup. Options would be nice.
The free is enough for me but I’m willing to pay that sub to support them
Cool. You can also just choose to make a donation.
This is easier to set and forget. I’m cool with subscribing and occasionally doing a one time donation when I’m feeling spirited
Just let me backup and restore my private keys, assholes
.
Wtf, they lock you out of doing your own backups, and now they’re trying to hold this feature request for ransom as a monetization strategy?!?
Perhaps you didn’t read the part where it says it is opt-in…? Or maybe made up the part where it says that the classic local backup mechanism will be removed?
And there’s no encryption at rest so you can do it yourself.