Signal has announced new functionality in its upcoming beta releases, allowing users to transfer messages and media when linking their primary Signal device to a new desktop or iPad. This feature offers the choice to carry over chats and the last 45 days of media, or to start fresh with only new messages.
The transfer process is end-to-end encrypted, ensuring privacy. It involves creating a compressed, encrypted archive of your Signal data, which is then sent to the new device via Signal’s servers. Despite handling the transfer, the servers cannot access the message content due to the encryption.
With the introduction of a cross-platform archive format, Signal is also exploring additional tools for message transfer to new devices or restoration in case of device loss or damage. Users can begin testing this feature soon, with a wider rollout expected in the coming weeks.
When they gonna allow sign up without a phone number. Or allow federation with 3rd party signal severs. Or allow sign up without a phone number that’s linked to ur real identity by law in most countries.
The more I learn about signal the less I trust them.
The day security researchers say Signal is bad is the day I’ll stop using it. Until then, it’s the best option we have that both provides both great privacy and UX. The only thing that comes close - and it still has a ways to go - is SimpleX, but it’s basically a signal fork and it’s devs still support Signal.
SimpleX is not a Signal fork. It is it’s own protocol, service and app. It just utilizes Signal protocol for encryption like every good e2e encrypted messenger out there.
SimpleX allows anonymous identity, federation between servers and still a good UX.
You’re right! not sure why I thought SimpleX was a fork, it’s definitely just using the Signal protocol. Thanks for the clarification. That said, I would objectively state the UX needs some work to get to where Signal is at. SimpleX is oddly both easy to use but confusing and unreliable. I’ve been using it for a little over a year now and very often messages just stop getting delivered or received, forcing a fall back to Signal.
SimpleX is still very promising and more secure than Signal if your threat model necessitates it, but I continue to champion Signal for its ease of use, reliability, and security compared to more mainstream messengers.
Security researchers always look at a specific thing, usually the encryption only. The message encryption of Signal is great, the problem is all the rest of it that never gets scrutinized that closely.
Yeah. For me, Signal’s security benefits are counteracted by various other usability issues. Such as not being feature-complete on desktop and not even allowing registration there without workarounds - given that phones are very privacy-invasive by default and far from all can have a privacy-respecting OS installed (while Linux works on pretty much any random computer). Or even on mobile - pushing the user towards Google download with dark patterns, not being on F-Droid, or (at least in my experience) the official app not working at all on my Graphene device (Molly worked perfectly though). Also, from what I’ve seen, even if you don’t mind losing connectivity with other users and would only converse with people on your server anyway (like how I do with my family on XMPP), selfhosting Signal is really hard compared to XMPP, Simplex or even Matrix, even requiring modifying the client app.
FWIW, I just installed Graphene on a Pixel 8a yesterday, downloaded the Signal apk from their website, and haven’t had any issues with it so far. I also learned that you can get it through Fdroid if you add the Guardian Project repository.
IDK if this has been fixed, but this summer I was unable to register - it was stuck in a loop warning about lacking Google services (even though it is supposed to work without them, so maybe a coincidence).
Also didn’t know about Guardian’s repo having it, that’s awesome!
Why not use SimpleX then? You mention it but provide no real reason to use Signal over SimpleX
Privacy and security is all about threat modeling. Signal meets 100% of the security needs of everyone I communicate with in my region of the world. There’s no need (especially now that you can hide phone numbers) for the added security benefits of SimpleX.
Additionally, my experience in using SimpleX over the last year+ is that message delivery is not reliable yet. This has forced me and the few people I’ve been testing it with to fall back to Signal multiple times. Because of these reliability issues and lacking UX, I don’t feel comfortable pushing it on others, knowing the tolerance level is low for message delivery failures and UX that isn’t yet up to par with other messaging apps.
I use Simplex and overall happy with it, but since it is so new, would rather not go all-in. It is VC-backed so might eventually enshittify to make a profit.
I thought it was open source? Presumably a FOSS project can’t go too bad.
Yeah, it absolutely is. But just being FOSS does not guarantee that its development would be forked in a sufficient way should something bad happen. Especially since they use Haskell, and I heard that it is not very common thus decreasing the survival chances. Sure hope it is cool enough to still warrant a fork, though.
Hey u still use signal I’m not saying to stop using it I’m simply saying just cos its better than the alternatives doesn’t mean we shouldn’t demand better.
The signal encryption is provably secure that’s what the researchers analyse. The metadata is a separate story.
See: https://lemm.ee/comment/17831982
I’m not bagging on signal, here, since I use it too. But what about xmpp? It does e2ee, right?
XMPP basically uses the same end to end encyption method as Signal, but due to it not being mandatory some things are easier but come with the footgun that you can accidentially disable it (but it is enabled by default in most modern xmpp clients).
Otherwise: since XMPP federates more servers can theoretically see some metadata, but since most servers are small and community run there isn’t a single big target like with Signal where you can siphon off all the metadata. So you can make arguments for both. XMPP: more meta data but decentralized, Signal: less metadata but all in one place.
XMPP has been an option for decades, if your contacts aren’t using it by now, they arent going to. And with communications tools, both parties have to agree on a tool. Even if one party doesn’t care about privacy or security.
Raw brute force security isn’t the point most of the time, and ease of use and simplicity of setup are going to be major factors in adoption. Signal is much easier to get started with for most people than XMPP.
Yeah. If the contact would be installing a whole new client to communicate with you anyway, why not make it an XMPP one? I got my mom to use it like this.
I did hear that the implementation of the encryption isn’t as good as in Signal (and most clients also use an older version of it), but from my understanding - not in any way critically so.
XMPP only does message encryption. Signal has spent tons of engineering time and effort to minimize the collection of metadata, not just encryption of message content.
Yeah, true! However, you also have to trust their server not to log what is available to them (including your whole social graph), while with XMPP you can SSH into your server and see that its retention is exactly as you expected. But yeah, the issue remains when interacting with other servers - tho even then there the data is more evenly distributed between different servers with different owners.
What about threema?