[tptacek]

Again, in the theme of "features every group messaging system had already, but Signal didn't, because they hadn't figured out a way to implement it without turning Signal's central servers into a database of who's talking to who about what". Signal didn't even have user profiles until recently, for the same reason. Here, they've slightly expanded the state of the art in MAC-based anonymous credentials to accomplish their goal.

One interesting aspect of this is that Signal gets to do this, because they have immense goodwill with the cryptographic research and engineering communities; though it's no guarantee of soundness, they have the advantage of having the feature designed, implemented, and ultimately reviewed by cryptography engineers that aren't generally/economically available to other messaging projects.

This is either a reason you love Signal (raises hand) or can't stand Signal. My take is, if you're in the latter group, that's fine; I use Slack, too.

[JoshTriplett]

Honestly, the one and only feature I'm missing in Signal that would let me use it and recommend it to everyone without reservations (rather than exclusively for ephemeral-only communication) is the ability to keep identity and full message history when moving to a new device.

Today, on iOS, you can't move your Signal history to a new device, and on Android you can only do so by manually making an encrypted backup file and writing down a 30-digit passcode, completely separate from the normal Android process of moving to a new device.

People keep long histories of messages, going back a decade, containing pictures and memories that aren't stored anywhere else. Message history is valuable data.

This doesn't seem like a "new cryptographic research" problem, this seems like a "well-established crypto (encrypted files) plus integration with standard device backup/migration" problem.

I really like Signal, I think they're doing things very well, and I wish I could use it without being constantly at risk of data loss. And this doesn't seem like an uncommon request, from what I've found.

Is there something I'm missing that makes this a hard problem? Or is it just a problem that nobody has prioritized?

[parley]

Yes, there are a lot of us out there who use Signal and have this single missing feature as our largest pain point. My previous phone (iOS) would have been donated or sold to someone who could make better use of it, had I been able to actually get years and years of Signal conversations (with media) and memories out of it. But I can't (without prohibitive amounts of manual work), so it lies unused in a drawer waiting for the day I might.

The Signal devs don't discuss their roadmap, as is their prerogative. The result is of course that no one knows if such features are even planned, let alone worked on. Half a decade (?) of sad and frustrated forum posts and GitHub issues attest to that. I scan through them from time to time to see if there's any word.

But! There was actually a tweet from Moxie just a few weeks ago in a thread started by Matthew Green, I think, hinting that they might be working on it. It did make me a little happier. But yes, five years is a long time to wait for this feature, and we don't know for sure if or when it's coming. Me, amidst all the frustration I am very happy for the software they are giving me almost for free (I've donated a little bit).

By the way, Josh, props to you for your patience and professionalism in the debian-devel thread about librsvg the other day.

[JoshTriplett]

> Me, amidst all the frustration I am very happy for the software they are giving me almost for free (I've donated a little bit).

Complete agreement. I'm glad for the work going into Signal, both in development and in research.

> By the way, Josh, props to you for your patience and professionalism in the debian-devel thread about librsvg the other day.

(OT)

The other year? That conversation took place late last year. Thank you, though.

[parley]

Oh, wow. I stumbled over the thread just the other day and mechanically just read the month and day... Since it was November I somehow assumed it was recent without reacting. Thanks for the correction! Well, belated props to you then. =o)

[thaumasiotes]

> Yes, there are a lot of us out there who use Signal and have this single missing feature as our largest pain point.

That is fair, but... I'm willing to make a backup file and handle a 30-digit passcode. I don't want to sign up using a phone number. That's crazy. :-/

[lawnchair_larry]

I converted several non-technical people to Signal, and a few were devastated to learn that getting a new phone meant that they lost their message history. They refuse to use it ever again.

The other sticking point is the phone number requirement. A (female) friend shared her “Signal” contact info with a professional acquaintance who doesn’t understand boundaries. After ignoring him on Signal, that led to unwanted SMS messages and even phone calls. For such a privacy-focused app, I don’t know why they are not more interested in protecting phone numbers.

[schoen]

I just had the experience with a friend whom I got to use Signal who was shocked that she lost her message history when switching phones. Our conversation about it was kind of awkward because I was thinking something like "mud puddle test" (https://blog.cryptographyengineering.com/2012/04/05/icloud-w...) and she was thinking something like "missing basic feature".

[asymmetric]

Agreed about true phone number requirement.

Sure supports connecting via @username only, and I’ve seen a few people switch to it for this reason alone (also the UI is a bit sleeker)

[hinkley]

Does this hold for backup and restore to the new phone?

[lightcatcher]

Yes.

There is no way to move messages from one iOS device to another (such as a new phone). My girlfriend recently got a new iPhone and wanted to transfer our Signal message history from her old iPhone onto the new one. She said it wasn't possible, and then I spent an hour or two reading about it figuring there must be some hacky awful way to accomplish it. I couldn't find one. This has been an open issue for years [0][1].

Android has an inconvenient backup flow (that involves randomly generated 30 digit PIN and manual transfer of file), but that's infinitely better than the total lack of options on iOS. I do wish Android (and iOS) had a method to download all message history to decrypted plaintext (or JSON) for use with other apps. If I own my data, decrypting it should be my choice.

I regret recommending to my girlfriend that we use Signal, and won't recommend Signal to more people after this.

[0] https://github.com/signalapp/Signal-iOS/issues/2542 [1] https://whispersystems.discoursehosting.net/t/ios-backup-kee...

[mderazon]

I actually going in the other direction with Signal

I turned on timer (1 week) for all of my conversation.

Nothing stays more than a week and I do not keep any backup.

It's not for security or privacy reasons. I feel like I don't need a full history of all my conversations with everyone from the beginning of time.

This fits more to the real life model of having a conversation with someone. I don't record my conversations with people so why do I need to do it in chat apps?

My Whatsapp is the same. Don't need all the massive amount of chat history...

[JoshTriplett]

Interesting that that model works for you, but that doesn't mean it works for everyone.

Persistent history that lasts many times longer than the lifetime of any one device is a required feature to fully replace chat apps that have such history.

[benhurmarcel]

Whatsapp doesn't have that feature when you switch between iOS and Android however.

[godelski]

I just limit the message number.

BUT I've heard a lot of people request the feature of porting messages. I didn't realize people care about this till they started telling me (I have convinced a good number of my friends to switch to Signal). So I'd say that because the market is asking for it, implement it. (I do notice that it is only iPhone users asking me about how they can do this. Might be selection bias)

BTW, you can do this! [0] I'd think the easiest thing to do (I don't know iOS or Android at all) would be to create a backup to iCloud or Drive that will hold an encrypted file. Then a function for the reverse. Since I don't do anything remotely near mobile, is this not fairly easy to implement? Encrypted backup is one of the top requested features [1] and seems one of the easiest to implement.

[0] https://github.com/signalapp

[1] https://community.signalusers.org/c/feature-requests?order=v...

Side note: the only features I want are

- Not being tied to a phone number, or a way to add a user without a phone number

- domain fronting (... thanks Amazon... )[2]

I think both are in the spirit of what Signal is trying to do and would specifically help protestors in authoritative countries. That they can decrypt their phones and not reveal others in the group chats. But I understand that these requests are much more difficult than asking for encrypted backup.

[2] https://signal.org/blog/looking-back-on-the-front/

[m-p-3]

I'm with you on that. Maybe it's just me, but I believe that a communication system (be Signal or email) is not designed for long term storage, it's just not efficient to keep structured data and not made for that purpose.

If a fragment of a conversation is useful, I'd store it somewhere else safe just in case (Password Manager, as a secure note).

[wpietri]

I think maybe we have different definitions of "useful".

I'm pretty stubborn about preserving my chat history; it goes back across several phone upgrades. When my dad died earlier this year, I was glad of it. I get to scroll back and see what we talked about.

If my choice was between secure comms and keeping history, I'd take keeping history. Surely many people are in the same boat. So if Signal wants to be truly ubiquitous (which increases security for all users), they really have to solve common user needs.

[brnt]

I did the same. Only one person voiced their annoyance due to messages disappearing. I never used chat history as a data store, I move appointments or things I need to know into my agenda/wiki, but it seems some use chat history+search for that.

Since I really dislike using chatlogs, and rather not keep any (and ever since the 90ies, I never have), I really like the 1 week timer on Signal.

[nothrabannosir]

I've been putting the same 1 week timer on all chats; it's a breath of fresh air. Very happy that these chats are ephemeral. It feels far more natural.

(Not a "it works for me it should work for you", just wanted to share an anecdote :) )

[kelnos]

I've written a little Android app that watches the Signal backups directory and uploads new files to Google Drive when they appear. For a new phone, it can download your latest backup and put it where Signal will find it when you first run the app. I want to polish it and put it on the Play Store, but of course the last 20% is 80% of the work.

I'm also reluctant to release it publicly because I'm worried about the support burden, because, while I've made the experience as easy as possible, it's still not a great experience considering how Signal works. I expect to see a lot of angry users who don't realize (despite documentation) that they need to download the backup to their new phone before running the Signal app for the first time. And then I expect people who lose their backup encryption key to blame me that their backups are unrecoverable.

I guess at the very least I could open source it at some point, but the setup is a pain since you need to create a Google Cloud project authorized to use the GDrive APIs.

Signal really needs this built-in. It puzzles me that it hasn't happened yet, since I built this little app in under ten hours (and I hadn't touched Android development in a good 7 years and had no experience with the GDrive APIs).

[Tomte]

> ability to keep identity and full message history when moving to a new device.

I would love that. But even with WhatsApp it never worked for me.

Last three device switches:

Windows Phone to Android: Not supported. Android to Android: something went wrong. Android to iPhone: Not supported.

[AmericanChopper]

> Is there something I'm missing that makes this a hard problem?

Yes. Pretty much the entire security model of Signal underpinned by this UX compromise. The way signal works at the moment, you sign up for an account with your phone number, your device generates a secret, and that secret is used to secure all your communication. You can pass that secret around devices (as long as you have a device that has it - or just the original phone, I can’t remember). You are also responsible for making sure the people you talk to are really who they say they are. When you first add a contact, it’s up to you to make sure they’re not an imposter, and if they have to reset their account their secret changes, and you have to verify who they are again. If somebody takes over their phone number on a new device, they have to generate a new secret, and while they may succeed in impersonating the person (depending on how vigilant their contacts are), they at least won’t get access to the message history.

To allow for recovery of message history, you have to escrow the secret somewhere. If you give it to the service provider, then the security model is thrown out the window, and you just invented FB Messenger. If you give it to the user to escrow, then you’ve just kicked the can down the road, because a consumer is just as likely to lose a secret as they are their device, and the ways they may choose to store it will make the whole system less secure for essentially no UX gain.

This is an unavoidable trade off. If you want the service provider to be able to recover your account, then they (or at least somebody in addition to you) has to have access to your secret. If you want your messages to be private, then you can’t allow for a 3rd party to be able to recover your account.

[saurik]

> To allow for recovery of message history, you have to escrow the secret somewhere.

You seem to be missing the point here: this isn't even about storing your data on someone else's computer with some kind of key escrow, this is about local backups not even working. Apple only recently implemented iMessage "sync", but before that (and still now), iMessage data was backed up to your Mac and accessible in your backup, without any concern about it being on some server or key escrow issues. Signal is simply missing the ability to get your own data out of the app on iOS. (And like, to really underscore how this is not a fundamental issue with Signal, their Android app does have a data export feature. They just don't think this is important enough to prioritize for some crazy reason.)

[AmericanChopper]

Yeah that’s true. They should allow encrypted backups to be stored in iCloud backups (they intentionally exclude this for some reason). But even then, this is a feature that will only ever be used by highly motivated individuals. The Android backups are useless if you lose your 30 digit secret. I agree their position on this is shit, but I can’t imagine it’s a barrier to mainstream adoption.

[kristofferR]

It is a massive barrier, people won't switch to secure messaging if it's unusable.

[AmericanChopper]

As a messaging service, it’s certainly not ‘unusable’. You’re claiming that the ability to permanently archive message history is an absolute minimum requirement for consumers (and that a service that does not offer this is ‘unusable’). I’m going to put a big citation needed on that.

[ajvs]

How does Matrix/Riot accomplish this successfully then?

[AmericanChopper]

With passwords lol. When the weakest link in your chain is some terrible password your user picked, then all your fancy crypto is pointless. (It also still allows a user’s message history to be destroyed when they inevitably forget your password)

The best solution I’ve seen for this is the BIP39 mnemonics that crypto wallets use (because they face exactly the same problem - making the user the ultimate custodian of the keys). But it’s still terrible and barely usable.

You can also do the 1Password approach and have other users that you trust store all or part of your key material. But all any of the solutions mentioned in this comment do is spread the problem around a bit, not solve it.

[Krasnol]

I don't see the issue as dramatic as you do as I probably don't change my device so often. Writing down a 30-digit code once every 2-3 years isn't that hard. I assume people for whom this is too much do already use whatsapp and wouldn't switch over because they don't care about the reasons for why you have to write down this 30-digits code.

[JoshTriplett]

> Writing down a 30-digit code once every 2-3 years isn't that hard.

If you know that Signal needs a special backup procedure. If you don't, you've lost your data.

Also, that process applies to manual backups and recoveries, such as for device-to-device transfer from a working device. It doesn't work nearly as well for performing regular backups of a working device in case it abruptly becomes a non-working device.

[lightcatcher]

The 30 digit code option is only possible on Android. I agree it's not that bad to do every couple years.

There's no way to do backup/restore with Signal on iOS.

[foota]

Maybe the concern is exfiltration? Making it easier to move phones may also make it easier for a hacker to exfil your data from a local hack or your phone's cloud (i.e., just hack your Icloud and trigger restore to a new phone)

[JoshTriplett]

Unencrypted data/keys should never be in the backup, only data encrypted to some passphrase. It's perfectly fine (and necessary) to require a passphrase to recover backed up logs on the new device.

[thatcat]

Signal has had the ability to export chat backups for a long time. I'm not sure why people would complain other than the export is local and you have to manage migration to new device by copying files instead of it being saved on a server and uploaded to your new device after you lose an old one.

Also, identity is persistent since you're using a phone number and signal attaches the name you list to that phone number with a registration passcode that must be entered intermittently to keep receiving messages.

[lawnchair_larry]

That was only added to the Android version. Not possible on iOS.

[tass]

* on Android

[BLKNSLVR]

I think I'm an exception in this instance, but I don't understand what value there is in message history. How often do you find yourself reminiscing by going back through a messaging log?

If there are photos that should be kept then there are other ways to back them up. Is there valuable context in the conversation that was had around the delivery of the photo?

Are messages backed up and restorable for other messaging systems, and have you ever needed to go through a restore process to look back through a conversation?

If it's for the purposes of software project development team discussion and history needs to be kept for legal reasons then I think Signal is intentionally not aiming at that demographic.

I get that there are special moments in life but, for me, the textual conversations around them are very secondary to the moments themselves. But then, in discussions I've had with other people, my opinion seems to be the exception.

[wpietri]

Yes, you are an exception. Just look at how popular books of letters are: https://www.goodreads.com/list/show/100260.Best_Books_of_Let...

Or look at how popular "Letters of Note" is: https://twitter.com/lettersofnote

Conversation is connection.

[bigiain]

He's not the only exception.

I have all my Signal messages set to auto delete after 7 days (or less). And I'm pretty happy with how that works. If I thought people at a bar were recording every conversation they had or could overhear forever, I'd talk less freely (and go to different bars).

Not everybody wants ephemeral chat. But I suspect more people _think_ that's what they've got - but in reality do not have...

[BLKNSLVR]

I'm going to keep digging this hole for myself because I think there is some amount of treasure to be found. I'm also interested to see how far out of touch I am.

There are tiers of conversation. Letters between famously literate people or during times of war have a value proposition on an entirely different scale to group chat messages.

It's about the value that the individual assigns to the content of the conversation (this is almost arguing against my stated position). But if that conversation is never re-visited anyway, the value is the status of Schroedinger's cat.

What content that is worthy of "Letters of note" is a) to be found in chat history? b) not already been saved elsewhere due to it's noteworthiness? c) going to be re-discovered by going back through hundreds or thousands of lines of conversation text on a mobile device screen? d) worth trawling back through hundreds or thousands of lines of conversation text on a mobile device screen?

Again, I'm aware that I'm an exception, but I think it's potentially natural human laziness to want to keep 'everything' in case it might be useful or valuable in a few years' time. Electronic hoarding.

I've recently setup an instance of NoteSelf to more easily track links to interesting articles and my own thoughts and ideas and various other things that I think are worthy of keeping. This is my form of targeted electronic hoarding. I'm in control of it, and it's robust enough to survive a mobile device theft, breakage, or some other kind of failure. Prior to that I write things down in journals, or other systems, some of which have been totally lost, but I don't find myself missing it or 'wondering what could have been'.

It feels as if the point that I'm trying to make is that mindful archiving is a better solution than to just 'keep all the things' - for me, primarily, it's the far improved wheat / chaff ratio.

Conversation is connection. Yes. But recorded conversation is just a reminder of connection, not the connection itself. I think my argument falls down when it comes to someone that's passed away, and keeping their flame alive to some extent. I don't work like that, but I wouldn't expect it of others.

[JoshTriplett]

First, search makes the logs far more useful.

Second, time helps ("we were talking about it around this time of year").

Third, you don't necessarily know how valuable the conversation is when you first have it.

And fourth, pictures and video and similar.

> It feels as if the point that I'm trying to make is that mindful archiving is a better solution than to just 'keep all the things'

I used to carefully archive every email in an appropriate folder. Now I only have one folder, "Archive", which contains all mail, and I use search to find what I'm looking for. (Search is all I used back when I had folders, too.) That requires far, far less work at the time of receiving a message.

Consider the time taken to carefully file something away, the difficulty of keeping such things organized manually, the ease of just automatically storing everything organized by time and people, and the likelihood of you successfully predicting in advance what you'll want later.

[wpietri]

> There are tiers of conversation. Letters between famously literate people or during times of war have a value proposition on an entirely different scale to group chat messages.

Only in retrospect. At the time, it's impossible to know. We happen to have (some of) Picasso's childhood artwork. What might it be like if we had da Vinci's and Bosch's and that of the Lascaux Caves artists?

Or look at the way Pepys' diary serves as an important source to historians for the details of daily life at that time. Or how Pompeii's graffiti gives us valuable historical insight: https://www.theatlantic.com/technology/archive/2016/03/adrie...

Destroying information now is expressing 100% confidence that nobody will have use for it later.

> It feels as if the point that I'm trying to make is that mindful archiving is a better solution than to just 'keep all the things' - for me, primarily, it's the far improved wheat / chaff ratio.

Depends on the cost of storage and retrieval, really. That was certainly true for, say, paper letters. But as the cost of storage and retrieval goes steadily down, manual archive selection becomes less and less worth it. Hoarding is only a problem IRL because it becomes expensive and unsafe. But my digital archives grow much more slowly than Moore's Law, so the cost to me of keeping all my email, photos, etc, is effectively zero. When I replace my backup drives every few years I spend about the same amount of money, and I keep having more and more space left over.

[bigiain]

> Destroying information now is expressing 100% confidence that nobody will have use for it later.

Or an acknowledgement that it might have the capability to be used against you later.

Would you be happy for every word you ever said, in public or private, to be recorded and transcribed and searchable just in case it becomes an "important source to historians", or just as likely "an important source of parallel reconstruction data for $yourCountry{'nsaEquivalent'}"???

We never got a record of Pepy's bar discussions, only what he chose to record in his diary. I'm not sure we need my Signal messages stored for posterity either. Read my blog or Reddit posts, other stuff was intended and should stay private.

There's a good reason a bunch of interesting bars banned Glassholes...

[lightcatcher]

> It feels as if the point that I'm trying to make is that mindful archiving is a better solution than to just 'keep all the things'

On the topic of plain text things (such as text messages) - how much data are you actually hoarding?

Let's say you type 100 words per minute for the next 40 years (and each word is 10 bytes). No sleep, no breaks, just 40 years of typing. Congratulations, you just produced 21GB of data. This fits on an SD card (<$30) or in the cheapest tier of cloud backup like Dropbox or Google Drive. You can search your 40 years of typing in well under a minute. If you remember the year you typed in, you can grep the data from that year in under a second.

I don't like the term "hoarding" for this. Hoarding has a negative connotation. Storage of plaintext is so incredibly cheap (and search so fast) that I feel that option value of retaining the text is almost always greater than the miniscule cost of storage and slower retrieval.

I don't think are any valid analogies between storing physical items and digital items, as digital storage and search is orders of magnitude cheaper. Consider the same experiment where one writes with pen and paper for 40 years, and then wishes to search for the name "George".

Making a decision of what to keep must be more expensive and time-consuming than just keeping everything.

[thaumasiotes]

> How often do you find yourself reminiscing by going back through a messaging log?

Are you kidding? All the time!

Most commonly by first reminiscing and then searching out the appropriate part of the message log.

[atoav]

I think if yoi know everything is gone you will decide actively what is worth keeping.

I keep a journal for exactlt these things

[m-p-3]

I remember searching for something in Hangouts at work for a tidbit of info that I should have noted elsewhere. It was useful, but I wouldn't say it's a must.

An email thread is useful and somewhat readable, and endless conversation between an individual or a group is less so.

[stilisstuk]

Been using signal since textsecure I think (I even think there was another name before that). In all that time, one thing keeps me thinking about backing out: phone numbers. When a contact decides to uninstall signal, I lose contact. Signal still thinks that the recipient has a signal account, and hence won't deliver messages via SMS.

[jblwps]

Assuming you're talking about the Android app, but you can actually force sending with SMS. The option to do so in a conversation/thread can be found by long-holding the send button, which then pops up a context menu to send via Signal or SMS.

[stilisstuk]

This is not a long term solution :)

[rvense]

It's a per-conversation preference, as far as I remember. You only have to do it once.

[stilisstuk]

In that case: Thanks a lot! Did not know.

[Vinnl]

The same holds for WhatsApp, btw. I once got a new phone number that had been used by someone else before, and was still associated with their WhatsApp account. People kept sending me messages over WhatsApp without me even being aware (I don't use it myself).

[commoner]

Former Signal users can unregister their phone numbers from Signal on this page:

https://signal.org/signal/unregister

[stilisstuk]

Yes i know that. So when people don't reply, I check three messages has not been delivered and try to find a why to tell my contacts how to unregister. Which is an unreasonable burden I put on people who try signal and decides it's not for them.

[noja]

> This is either a reason you love Signal (raises hand) or can't stand Signal.

Eh? Why either or? (and why are there people who can't stand it?)

[myu701]

I love Signal, and upsell it whenever I can. Signal has its ideosyncratic parts, some of which are being worked on, others not so much. Some of the more visible ones are IMO:

Signal forces users to use phone numbers; some people don't like this because they want to use multiple ephemeral usernames so they can be 'Joe' to friends, 'kleptoclown' to their github group, 'dungeonmaster42' to their DND group, 'joesolutioner' to anyone who browses their personal website or business card, etc. that way they are not having to give out the phone number to strangers which represents Sim-jacking and spam risks.

If you create a signal group and invite folks to it, you cannot remove members from the group (this is being worked on now) without them clicking the 'leave' button or creating an entire new group sans whoever needs to go, which causes loss of group history.

Signal cannot have multiple mobile clients, only one mobile client and a single desktop version. WhatsApp Riot etc. all support clients in as many spots as you can login from.

Again -> these are focused nitpicks, but in most cases Signal is much better for upholding the promise of 'you send someone a message and you have a reasonable sense that ONLY THEY will be able to read it' compared to the likes of Line/WhatsApp/FB messenger etc.

[tptacek]

It's really an engine for revealing people's true preferences for messaging, which, for many people, tend to be that they want all the ergonomics of Slack a lot more than they want cryptographically sound secure messaging.

What's hopeful in all this is that Signal is, slowly, catching up. Slack can roll out new features just by assigning a couple developers to it, and Signal has to coordinate new cryptographic research --- not just new cryptographic research, but research that produces something deployable at scale within the resources of a project like Signal! --- so Slack (and Wire and Keybase) are at a permanent advantage here.

But over time, Signal gets more and more usable without having to consider tradeoffs.

[drdaeman]

It is, but there's another aspect besides convenience and ergonomics. You surely know better than me that privacy and security are non-binary, and everyone has their threat scenarios.

In some cases, an ability to have multiple independent accounts/identities (pseudonymity) would - unfortunately but practically - beat true cryptographic security that Signal offers. I mean, personally, I'm less concerned about platform (e.g. Wire or Whatsapp) or some government agency learning that I'm talking to my buddies at certain schedule, than mixing up my acquaintances from different groups together, having to maintain a single identity for them all. Some people I talked with didn't knew my name or phone number, and I would be uncomfortable if they would. For me, in my life I've said less things I wouldn't want governments to learn about, than times I've used a pseudonym/throwaway account to talk to people.

[jacobolus]

My biggest annoyance with Signal is that getting a new phone ends up wiping out all conversation history with apparently no way to transfer it.

This loss of user data is not advertised well enough up front, and leaves users feeling tricked. In many contexts loss of user data is an even bigger sin than weak security.

[tptacek]

What's ironic here is that in the adversarial setting the application is designed for, unexpected retention of user data (on end-user devices) is a sin.

[eitland]

For some of us data loss is often a bigger threat than unexpected retention.

I like Signal and it always makes me happy to see more people showing up there, but for now certain group chats will stay on other messaging services.

[jacobolus]

That’s fine. But Signal should then advertise itself as unsuitable for general-purpose communication, primarily relevant when someone is specifically worried about adversaries reading the communication.

I can see how this makes sense for journalists, dissidents, diplomats, criminals, corporate executives, etc., but if data is under threat of disappearance, regular people should be warned away and told to use something else for day-to-day communication.

[yabadabadoes]

Personally, I'm happy to lose the data. I found it odd that with both phones and the SIM on the desk in front of me, I couldn't figure out how/if I could vouch for my key changing in any way.

Needing to say I have a new phone just trust me largely defeats the purpose.

[myu701]

If you are on an Android device you can export an encrypted backup and scan a QR code / type in the password to the encrypted archive to transfer messages / group memberships with only a safety number change in most cases.

https://support.signal.org/hc/en-us/articles/360007059752-Ba...

No dice for iOS unfortunately.

[jacobolus]

I’m talking about transferring archival data from one phone I own to a different phone I own.

This is different from whether other users are told that my security keys just changed.

[thatcat]

Look in the settings then switch backup chats externally to on, then hit backup chat. What is so hard about that?

[juped]

Why would Signal (a drop-in SMS replacement) be compared to Slack?

[tptacek]

Because we're talking about group messaging here.

[juped]

Why would group Signal messages (a drop-in replacement for group texts) be compared to Slack?

[pgeorgi]

> that they want all the ergonomics of Slack a lot more than they want cryptographically sound secure messaging.

So you consider accounts not tied to a phone number "Slack ergonomics"? Before WhatsApp that was the default.

[tptacek]

I said it was a reason to hate Signal, not the only reason.

[squarefoot]

"Signal forces users to use phone numbers"

Which is number one reason why I'm not even considering it

"some people don't like this because they want to use multiple ephemeral usernames"

That's not my reason: I don't want people I don't know to get my phone number through other people I know and trust, but are used to share everything online. Of course that would be possible without any social application as well, though using one makes it much more natural.

Then this one from their site: "Multiple mobile devices and Android tablets are not currently supported"

Triple facepalm here: this makes it even worse than Whatsapp I use (read: am forced to use) on an old tablet. Whatsapp sucks badly just at everything (didn't I write I'm forced to use it?) but at least I can read what I write.

Downvotes welcome, though advice on secure+open alternatives that don't assume I have a smartphone (I haven't one and don't plan to) would be more informative.

[unsignedint]

The day I would be comfortable giving out my phone number to stranger is when it becomes mandatory to whitelist all callers, much like how just about any non-PSTN systems work.

Maybe this is because of the social expectations of that it will work without such overhead but I just simply can't notice how all the "countermeasures" phone industry (and governments as this is a heavily regulated industry) are ignorance to elephant in the room...

[baybal2]

If you are a client for Signal, rubberhose cryptoanalysis is a much bigger issue.

Here is a story what has happened to Doubi (SSr developer.) He was a very well aware of anonymity risks, and he evaded police for years on end. China literally tried to do geolocate him by turning off the internet in entire cities, but to no result — he caught on to that, and started randomising his release timing, and avoiding releasing "hotfixes". So, the entire Chinese police and MSS been looking him for 4-5 years.

What has happened? A few month before his arrest, he registered a Twitter handle with a throwaway SIM card. Those are being usually sold by "grannies" in Chinese 2nd tier cities who peddle things like fake tax receipts, anonymous train tickets and such.

China either hacked Twitter, or had somebody bribed there, and they got the number. They then tracked down the granny who sold him the SIM card, and went on and checking every person door to door in that small town. Then, they found him.

He got 5 years prison, and 4 years of laogai (gulag)

[zrth]

That's super interesting, thanks for sharing! Would you mind posting a link or a two about the story of Doubi. I can't find much and would love to dig into this story.

[baybal2]

Basically Twitter got pwned big time, and now denies it because GDPR will ruin them if breach is proven.

Here is what Doubi's online followers figured:

State security got all phone numbers used for Twitter phone verification up to May 2019 and possibly till July.

Twitter haphazardly closed the breach in complete secrecy.

API hole explanation is excluded as people with 100% private accs got police visits.

People with foreign SIM cards also got into trouble. So the explanation that China compromised Twitter's SMS providers is also excluded, as its improbable that they did it in 4+ countries.

2016 breach is also out of question.

The only explanation is that they got hold on a big piece of their user DB, or, worse, they have an active infiltrator in Twitter, or Twitter voluntarily cooperated.

https://mobile.twitter.com/robert_spalding/status/1134797195...

https://amp.ft.com/content/afd44222-5c34-11e9-9dde-7aedca0a0...

[Klonoar]

Pardon my ignorance but I'm unable to find much about this story... and the links you posted are hard to piece together with this narrative.

Not even doubting it, just wondering if there's more of a source that's laid out (work/timeline/etc)? It's supremely interesting and should probably be more well known if it's not already.

[baybal2]

Most of what I know was found by people on Doubi's forum which now went down. Near nothing about that in English besides stating the fact that he is gone now, that he got a term, and that his Twitter was the most likely source of his ID leak as deduced from public records about his case.

Early accounts explored the possibility of Chinese police exploiting SMS gateway, and password reset abuse, but it has since been confirmed that even users who lived for years in the West got deanonymised, and their relatives got harassed. MSS/police having fresh twitter user DB is the most probable explanation at this point.

[e12e]

But, in this story - had he used signal - if the police arrested anyone in contact with him, any one of those would be able to turn over his phone number? Which would be linked to the sim card in his phone?

Am I missing something? Or am I misinterpreting your story? You're saying that sign up bound to a Sim card is bad for Twitter and bad (worse) for signal?

[baybal2]

Yes, see, he went as far as buying an anonymous sim in China, which are sold at extreme premium by black market dealers, and still got tracked down.

[lorenzhs]

> ”Signal cannot have multiple mobile clients, only one mobile client and a single desktop version”

This is wrong. You could always have multiple desktop clients. You can also add iPads as linked clients now. Personally, I have two desktops and an iPad linked to Signal.

WhatsApp doesn’t support linked devices at all, the web client connects through your phone. Signals linked devices function independently, you can power off your phone and they’ll still work.

[Kihashi]

> Signal cannot have multiple mobile clients, only one mobile client and a single desktop version

You are right about the mobile client, but that's not true of desktop. I have Signal installed and setup on every desktop/laptop that I use without any issue.

[fnordsensei]

I wouldn't say I can't stand it (indeed, I am using it), but I've had problems with it. Disappearing messages and the like: being contacted via another medium by a person, asking why I hadn't responded, with no record of there ever being a message on my end.

It's OK in my books: a symptom of there being no server to step in and enforce a universal truth. You just have to understand what you're getting in exchange for the occasional inconveniences.

[yarrel]

It's a great piece of software, so people love it.

But the sometimes uncritical love people have for it doesn't help when it has issues.

The main categories of people I've encountered who aren't absolute Signal fans are:

* People who don't want to give out their phone number to random men.

* People who weren't impressed by Signal's security issues coming up at the same time that it was being pushed as the replacement for GPG.