[AnonC]

> No communication service stops people from backing up with encryption or not, local or remote, or from copy/pasting or for that matter taking photos of the screen ("analog hole").

At least for the first part on backing up without copy pasting or using the “analog hole”, Signal expressly prohibits and doesn’t allow any kind of backup — encrypted or not — on iOS/iPadOS/macOS.

[super_mario]

Signal perhaps does not allow you to export your message history through the front door, however decrypting and exporting your message history is relatively low effort.

You messages are stored in encrypted SQLite3 database. The Signal encryption key is in

    ~/Library/Application\ Support/Signal/config.json

in plain text. If you have SQLCipher (https://github.com/sqlcipher/sqlcipher) compiled you can decrypt your Signal database:

Navigate to

    ~/Library/Application\ Support/Signal/sql/

and type

    sqlcipher db.sqlite
    sqlite> PRAGMA key = "x'<your_key_here>'";
    sqlite> .schema

and query away.

Of course there is a Python package to automate all of this here:

https://github.com/carderne/signal-export

This exports your message history as markdown and HTML files for your convenience and it will do incremental exports as well.

For iOS the same holds true, considering iOS has had a jail break most of its existence.

So, in retrospect your Signal messages are only as secure as computers of the people you talk to and of course your own device.

I would go a step further and assert that there is no such thing as secure communication.

[AnonC]

GP here. Signal allows chats to be backed up on Android. It’s a built in feature.

[zchrykng]

This lack of backups makes Signal less appealing to anyone who isn't a security/privacy enthusiast/nut. 99+% of people want their messages to work and not lose them when their phone is broken.

[codedokode]

No I do not agree with you. Majority of people never read their message history, want their messages to self-detruct and don't want to get into a situation like when a new partner reads chat history with all previous partners.

Majority of people do not record their conversations and do not need this.

And most messaging applications are designed countrary to what people need - they preserve history specially for that curious new partner. Or maybe for a marketing department to analyze user's interests.

[macintux]

I’m very, very skeptical that any of us can accurately assert that a majority of people want this specific behavior from their messaging apps.

[subjectsigma]

This has happened to me multiple times: convince non-technical person to download Signal, they delete app or get a new phone, they call me asking why they can’t see all their messages, they are very upset to learn they are all gone. Either I’m extremely unlucky or average users do want this.

[sib]

>> No I do not agree with you. Majority of people never read their message history, want their messages to self-detruct

Citation needed.

[xoa]

>Signal expressly prohibits and doesn’t allow any kind of backup — encrypted or not — on iOS/iPadOS/macOS.

I do not think you are correct, or perhaps alternatively this is a distinction without meaning. iDevices do indeed lock down against owner control unless the device is jailbroken. But Signal for Mac only requires 10.15 or later. Even if they wanted to, old Intel Macs simply do not offer the hardware guarantees to protect against the owner getting access to their own data if they want to, though even current ones will still let you turn off SIP etc if you wish. I don't even need to look to guarantee that if someone wants access to their own Signal data on the Mac (or Windows, or Linux which can be run with any 64-bit distributions supporting APT), or any of these virtualized (and thus on the BSDs which aren't formally supported [0]), they can get it. And again, this is somewhat a distinction without meaning. Like, how does someone read their messages on Signal for Desktop after setting it up and it's syncing going forward? They login to the system, and there is a saved key and that makes it work. If they then choose to backup said system or VM without encryption now what?

I have heard that on iOS Signal has always been somewhat evil in attempting to steal people's data away from them, which is part of the reason I avoided it. But fortunately we don't yet live in a world where the same games can be pulled on regular computers. And hopefully eventually legislation will make it illegal on all computers, including handhelds, too.

----

0: 64-bit distributions supporting APT

[AnonC]

GP here, with a late reply. Signal allows chats to be backed up and restored on Android. It does not support (and has said it won’t provide the feature) on iOS and related platforms that I mentioned. You can go through Signal’s help pages to confirm this yourself. If you use Signal on an Apple device and that device is either lost or broken, you’ll lose all your Signal messages when you setup a device again. That’s not necessarily the case with Android. Whatever you’ve written isn’t useful in this context.