Technology @lemmy.world ForgottenFlux @lemmy.world 2d ago

Signal will finally let you transfer your encrypted chat history to new linked devices

mas.to AlternativeTo (@alternativeto@mas.to)

Attached: 1 image Signal will soon allow encrypted message and media to be transferred to new linked devices. It's also exploring additional tools for message transfer to new devices or restoration in case of device loss or damage thanks to this new archive format. https://alternativeto.net/news/20...

Signal has announced new functionality in its upcoming beta releases, allowing users to transfer messages and media when linking their primary Signal device to a new desktop or iPad. This feature offers the choice to carry over chats and the last 45 days of media, or to start fresh with only new messages.

The transfer process is end-to-end encrypted, ensuring privacy. It involves creating a compressed, encrypted archive of your Signal data, which is then sent to the new device via Signal's servers. Despite handling the transfer, the servers cannot access the message content due to the encryption.

With the introduction of a cross-platform archive format, Signal is also exploring additional tools for message transfer to new devices or restoration in case of device loss or damage. Users can begin testing this feature soon, with a wider rollout expected in the coming weeks.

Privacy Guides @lemmy.one ForgottenFlux @lemmy.world 2d ago

Signal will finally let you transfer your encrypted chat history to new linked devices

mas.to /@alternativeto/113905517531731998

56 comments

This may be out of date, since it's been a while since I last tested this, but: will Signal on desktop still store media in an easily accessible folder where the only security is the use of random strings to identify each individual media file with the file type extension deleted? So, for example, if you've had the desktop Signal client synced with your account for a period of time and have running conversations that include sensitive media, that media can be accessed and viewed without even opening the desktop app (which also, last I tested it, lacks most of the locking/security mechanisms found in the phone versions of Signal).

Most media viewers can open the files without the need for adding the file extension to the end of the filename, albeit you would be browsing the files in a pseudorandom fashion if you didn't try to sort by date or size.
- It is quite a bit out of date luckily. Signal-Desktop already stores data encrypted for quite a while. However it used to store the decryption key right alongside it. Recently (a few month ago) Signal switched to storing the key within the systems keystore, greatly improving security. Also causing a flood of users complaining that the can't just copy their .config to a new desktop and retain their chat history. This may have prompted the release of this new feature :)
  
  😂and 98% do upvote this old news, it is crazy
  
  Good to know!
I’m still waiting for the day that I can make a full backup of my chats and save it on an external hard drive so that I won’t lose all of my message history when I lose my phone.
- I still wait for an option to officially use signal without having to have a proprietary operating system running 😆🥲
  
  And I am waiting for a way to use Signal without it ever touching a smartphone) Right now I have a Graphene phone so I can trust it (so Molly works), but before that my phone (like most phones) did not support any degoogled OS. While the laptop (like most laptops can) was running Linux easily. Yet, you have to either use an Android VM or a frustrating command-line client to register!
- You can already do it. I have Signal create daily backups, sync it to my NAS using Syncthing with versioning enabled.
  
  Oh fucking shit, setting this up today
- You can on Android. If you have an iPhone you can link using the molly signal fork on an android device and then backup using that.
  
  Oooh interesting! Could you please elaborate / share any resources about this?
Thanks, I love Signal, but can we get Android tablet linking?

Molly has it.
- What's Molly in this context?
  
  in this context? haha
  
  https://molly.im/
  
  A hardened Signal fork that works with Signal's servers and adds features I like that Signal doesn't support.
  
  A good time 🌚
Unfortunately it seems like some people think that that is neutral.
Original announcement: https://signal.org/blog/a-synchronized-start-for-linked-devices/
- Blogs like these drive me fucking crazy: there's a primary source out there, why not just link to that at the end of your (evidently pointless) opinion piece?
  
  It's almost like they know their commentary isn't adding anything and they're worried we'll click away immediately.
  
  Maybe OP is following said blog and got their info from there, then thought that it might be worth sharing?
Yay Signal!
Why is backing up chats so important for people? I see it as an advantage that chat history evaporates eventually. Important information should be stored somewhere where it's actually easy to find.
- because believe it or not, sometimes important information gets mentioned in a normal conversation, and not everyone remembers to add it to their personal self-hosted wiki afterwards.
  and some people, including myself, often go back a few years in a chat history to reference something, or reminisce.
  
  This the kinda guy who uses terminal history to go back 4 years instead of searching for the command on the arch wiki
- People have different opinions about things. Why do you think it's good to lose chat history?
  
  No records means an adversary can't pull off an entire lifetime of communication history if a device is compromised. Signal is not the medium in which I'm interested in keeping records.
- Should be, but sometimes it just isn't. I've definitely had plenty of times where I was like, oh shit, the only place I have that information is in this chat somewhere.
  
  Other people, kind of like me, are just data hoarders. Just because I can't think of a use of the data now, doesn't mean I won't be able to think of one in the future! I have piles of old inboxes in my archives.
- Convenience mostly, privacy needs to be convenient and easy for people, otherwise no one uses the tools.
  
  This absolutely expands the threat surface in a few different ways though. It's relatively low stakes, but it's non zero. I have not dug into the implementation but I am curious how this doesn't technically violate forward secrecy. A single session key will ostensibly be used to encrypt the entire session key database? Which means if that key is compromised in transit then the entire key history is compromised. Using the long term secret directly for data in transit is definitely not compliant either.
- I use disappearing messages no longer than a week for all my Signal chats. Pretty surprised everyone's out here keeping long records over this medium.
  
  Being able to back up and then encrypt the messages on cold storage for when I may need to go back through an old conversation doesn't negate something like disappearing messages.
  
  It's the best of both worlds, messages go away over time so if you lose your phone / it's compromised, you don't give up the goose, but you also have a nice safe stored version in the off chance you need it.
  
  The danger imo isn't in having the messages at all, it's more about how, when they are just on your phone or whatever, they are generally not locked down.
Do they allow you to use it without a phone number yet?
- You need a phone number to register but then you can create a username and choose to hide your number
- Yes. For quite a while now.
  
  Not when I created one a week or two ago. Still requested a phone number before moving to the next step.
  
  Might be dependent on location?

56 comments