This whole thing is especially painful/annoying since they neither support backing up the database nor syncing/importing old messages from the phone. So if this happens there's no known/reliable way to recover (even though the data is still on the phone).
(In theory it should be possible to recover from this and I can still access my sqlcipher database manually but Electron and the stateful Signal protocol make it extremely difficult so I gave up. Multiple backups of the whole ~/.config/Signal directory didn't help either.)
Yes and this has been my biggest complaint for literally years but whenever I say "Signal needs a top tier backup system asap" I get moaned at with responses like "Signal is a messaging app not email, if you want to backup a message just do that one message." or "Why would you want a whole conversation backup?!" as if I am some weirdo for wanting to have a backup.
Does my fucking head in. Yes Signal is about security but that doesn't mean it can't have a functional backup feature! Honestly it needs to be priority number one imho.
This bug shows just how important backups and importing conversations are. Whenever I setup Signal on a new system I hate when I see the message "For your security, conversation history isn't transferred to new linked devices."
Signal doesn't (or at least shouldn't) get to decide what happens here. If I am having to re-register because of a Signal failure my security is not effected by importing the conversation history as it was there two minutes ago before they corrupted the database. At the very least they should make it an option even if it is disabled by default.
Apologies for the ranty nature of this comment but I am fed up with this absolutely pathetic denial that backups are important because it is "just a messaging app". AHHH!
>they neither support backing up the database nor syncing/importing old messages from the phone
Why Signal doesn't support this is beyond me. I can basically only use it for scenarios where I don't want any chat history, which just isn't that common.
When you say you can't import/sync data from your phone - Couldn't you just decommission Signal Desktop from your phone, nuke the desktop installation, and reinstall from scratch?
Not to dismiss the annoyance involved. I'm just trying to understand what this bug is really about.
Report suggest there's some beta/stable mismatching going on.
While Signal's greatest strength is its privacy features I think that at some point they are going to have to meet their customers/prospects/users' other needs.
The biggest one being the availability of chat history anywhere, anytime at their own risk if needed.
We won't educate people to use messaging app in the way we want them to (for privacy sensible conversations only) because the vast majority don't use messaging app like that.
It's either give up on that idea or heavily advertise that Signal is not a Whatsapp/Telegram/Viber/Messenger/Whatever replacement: it's a tool to use when you want to have private conversations.
Maybe it'd be better to leave the Signal messaging app lives its life and allows a third party chat history viewer to emerge. You can already export your encrypted backup to a readable CSV file. https://github.com/xeals/signal-back edit: which obviously doesn't work with a corrupted database :p. Signal backup as a service startup ?
Point in case: mom complained the other day that Signal Desktop took some time to launch because it was “syncing things”. I told here that this syncing from her phone to the computer is the proof her messages only exist in the application. Desktop or smartphone, that's why it needs to sync, facebook and others don't work like that (I grossly simplified).
note: Thread with comments like is how I remember HN is now a site with a huge audience.
Their design causes it to be incredibly slow, to miss messages, to have them arrive out of order - and that's not even acknowledging the usability downfalls.
They really need to do better. I hope they can figure out some way to shift more resources to it, a good desktop client is essential to modern messengers.
Unfortunately the overall code quality doesn't seem to good - I looked at the Android code and the network layer / retry logic seems to be quite chaotic with weird exception handling. The UI layer would also need a refresh, a lot of logic is placed in the Fragments directly, no MVVM (e.g. Architecture Components ViewModel) or any other pattern. The sync issues keep coming back. For example you use the Signal desktop app and then at the end of the day you pick up the phone, open Signal and a stream of notifications will start flowing in (even though you read everything on desktop). Also the PC desktop app doesn't sync with iPhone, you need to download an old version, pair the phone and then update to latest to fix it - https://community.signalusers.org/t/my-messages-in-desktop-a....
I also too a look at the code and wasn't impressed. Signal used to have a feature that allows you to import SMS.
It had a few problems but it mostly did the job. But lately, they disabled it with the latest onboarding update, without mentioning anything in the change log. I had to look at the git history to see that, I also found a "won't fix" ticket about the problem.
I think they are ignoring an very important feature but anyways, make a decision. Either you officially disable the feature, write it in the changelog and remove the dead code. Or you keep it and hopefully fix it. The way they are doing it is sloppy.
I didn't look too much into it but dead code is definitely a code smell and your experience seems to match mine. It is not terrible, but a bit underwhelming considered it is a highly regarded, security sensitive app.
That's unfortunate. I wonder why Signal suffers from these issues, but I hope it's something we can fix. I think Signal has such great potential. Society needs a successful privacy respecting open source chat app like Signal.
A few years ago I gave up on my own XMPP server and moved to Telegram because Signal wasn't ready.
Recently I have moved to Signal because, after the WhatsApp opportunity, I had to move my non-tech savvy family members to something better, and I suspect Telegram isn't it (I can't understand how it is funded, it is too "magic").
But it is rough, specially compared to Telegram.
For example: there's no way I'll share my phone number to chat with strangers, whilst on Telegram I have an anonymous username I can use.
But even forgetting about that, it is the small things, like it can't record and send a video (you can record it out of the app, and then send it from Signal; at least on Android), or the atrocious desktop app.
I'm happy it exists and I'll stick with it because they're supposed to be "the good guys", but I'm hopping it improves before I have to admit it was a mistake and I should have trusted Telegram.
Exporting message history, easily selecting multiple messages to forward, allowing for group chat history to be maintained and transferred between devices, synchronizing video rotation in video calls, scheduled messages. Some of these features might be harder to implement than others, but I am constantly reminded of their absence whenever I use signal. I used to only use telegram, and it just works that much better as long as you don't care about privacy. It'd be easier for me to continue using Signal if it was more grandmother friendly. Even my partner is having issues with this, and they are usually capable of using tech.
These are sensible suggestions. What do you mean by "synchronizing video rotation in video calls" and how do you note the presence / absence of this feature in practice?
Do you have any idea how we could practically make Signal a better app in the future?
I thought sqlite was very resilient and have a hard time understanding how an sqlite file can be corrupted. Are they manipulating the sqlite file outside of sqlite APIs? Are they mixing up file descriptors and writing garbage into an sqlite handle?
Not sure how reliable and resilient SQLCipher is but that might (significantly?) increase the risk for a bug/corruption to occur. And the encryption certainly makes the analysis more difficult (while, at least on GNU/Linux, I don't see any advantage as the encryption key is stored unencrypted in ~/.config/Signal/config.json - not sure if other Desktop platforms support secure keystores like on Android and iOS). I briefly tried to analyze my corrupted DB but quickly gave up as I'm not familiar with SQLCipher and basically only got a generic "Error: file is not a database" error message when trying to decrypt it (and there's no plaintext header IIRC so it looks just like random data).
I also had multiple backups of the SQLCipher DB that I could successfully access manually but I was unable to use them for Signal-Desktop (not sure if this was due to some other Electron DBs/state, the stateful Signal protocol, or something else - IIRC the only hint was the "Database startup error: Error: SQLITE_NOTADB: file is not a database" message that didn't really help much).
SQLite should not be corruptible by power loss unless PRAGMA synchronous is OFF, or OS/fs/storage media don’t honor fsync. https://www.sqlite.org/howtocorrupt.html
But the thread says SQLCipher is used, so not sure.
Looks like this is the bug that made me stop using Signal at some point last year. It just kept "migrating" the database every time I started and never managed to load. I even tried to reinstall it from scratch but when that didn't fix it I just gave up and went back to Hangouts/WhatsApp.
Is there a citation for this claim? I tried searching on Twitter for tweets regarding Signal errors, and I didn't see anything except for retweets of the link to this HN post.
It's also just the local database, so the phone that their desktop app is linked to will still have their chat history, thus these alleged journalists would not have lost their sources.
I didn't link it on GitHub for purpose. Somehow it turned out not to be related to that issue (so after few days it's just unlinked but contacts/history thankfully still there)
I've been using the iOS version on my M1 MacBook Air... it seems to use less memory, which is a benefit on my 8GB (base) model. I haven't done any tests though!
This is odd, I literally just now got a corrupted database on Android and had to restore from a backup (it's still restoring). Are two platforms impacted?
Signal's inability to sync its history to somewhere else (e.g. their server, encrypted) and its rather inaccessible backup processes[1] are a pain. It makes me use something else for anything serious sometimes.
What kind of a question is that? Are you a developer?
Do you think developers willingly write bugs into their applications, then simply release them hoping they can mess up somebody's day for the fun of it?
"Allowed to roll out into production" as if there's a manager looking at the list of newly created bugs, grinning and going "This bug... I like this bug! Roll it out!"
Well I guess that bursts the Signal hype brigade that Elon Musk, et al, and the media have started and you're required to sign up with a phone number which it then goes through your contacts list which already outrageous. Also, it turns out that you can't even sync your chat history, nor can you back them up easily on another device. So if you change your SIM, have your device lost or stolen, its all gone.
This right here was the final serious nail in the coffin that your chat history is corrupted due to this bug in production.
$60M in funding and they still can't fix these issues or handle these many users. I liked the Signal name and its friendliness to the end user, but I think the true hard-hitting reality is, it is just not ready yet for serious use. What a shame.
I feel like Signal missed the opportunity they had after the WhatsApp fiasco.
Every person I've tried to convert to Signal opt out after a day or two due to lack of usability. Most of them either went back to WhatsApp or moved to Telegram.
While the tech is great and the privacy is good, if they won't invest in usability and UI they will not win the masses.
EDIT - if you downvote, please explain why. If you disagree it's not a reason to downvote.
My personal anecdote is the opposite of yours: it was easy for me to convert people to Signal.
Concerning your edit: I thought it was a pretty established part of the etiquette on HN that a downvote is used also for simple disagreement. It means "I do not agree", not "you are wrong and should be shamed".
They poured a ton of investment into it right after they saw the uptrend, but their mission was to drive steady adoption of secure messaging; other features were nice-to-haves that weren't core to their initial function. The massive run-up in users relocating from WhatsApp reprioritized their PI plan (I'm guessing), but up until that moment, they had no good reason to prioritize those things since 1) they're a non-profit with steady funding thanks to Brian Acton, and 2) they have a core mission.
Iterative development is a thing for a reason.
Also, in regards to your edit:
> EDIT - if you downvote, please explain why. If you disagree it's not a reason to downvote.
Hm, some of the bug reports report unencrypted databases, some report encrypted databases. That suggests something is going very wrong with their sqlcipher+encryption handling/encryption parameter handling/key handling.
Those are pretty terrifying bugs, the fail-open can be disastrous in the wrong situation, and the others easily result in catastrophic data loss. Because that's what encryption is supposed to do in some situations.
I wish we had a great app with an open protocol so that you could use whatever UI you wanted and not have to deal with network effects every few years. It’s too bad there’s no app right now with that openness and also sufficient usability to get everyone switched over.
Honestly, Signal's UI/usability used to be a valid critique, but now it's pretty much up to par with WhatsApp/Telegram. The only minor quip I've heard from friends transitioning to it is the lack of bold/italics/etc, which Signal announced they're working on by implementing markdown.
All the FB alternatives had crazy spin-up problems for a few days. Prominent cancels on the right and the WhatsApp fiasco freaked out some on the left at about the same time.
Signal did as well as anybody. They bounced back after about 48 hours, and usability seems as good as FB Messenger. Not nearly the roller coaster of Parler.
Didn't downvote, but I disagree with your "If you disagree it's not a reason to downvote." Downvote is my liberty, I can downvote for whatever reason I see fit.
[+] [-] primeos|5 years ago|reply
(In theory it should be possible to recover from this and I can still access my sqlcipher database manually but Electron and the stateful Signal protocol make it extremely difficult so I gave up. Multiple backups of the whole ~/.config/Signal directory didn't help either.)
(See: https://github.com/signalapp/Signal-Desktop/issues/4513#issu... )
[+] [-] satysin|5 years ago|reply
Does my fucking head in. Yes Signal is about security but that doesn't mean it can't have a functional backup feature! Honestly it needs to be priority number one imho.
This bug shows just how important backups and importing conversations are. Whenever I setup Signal on a new system I hate when I see the message "For your security, conversation history isn't transferred to new linked devices."
Signal doesn't (or at least shouldn't) get to decide what happens here. If I am having to re-register because of a Signal failure my security is not effected by importing the conversation history as it was there two minutes ago before they corrupted the database. At the very least they should make it an option even if it is disabled by default.
Apologies for the ranty nature of this comment but I am fed up with this absolutely pathetic denial that backups are important because it is "just a messaging app". AHHH!
Edit: See this reply from when I complained about the lack of backup a month ago https://news.ycombinator.com/item?id=25687851
[+] [-] ancarda|5 years ago|reply
Why Signal doesn't support this is beyond me. I can basically only use it for scenarios where I don't want any chat history, which just isn't that common.
[+] [-] orblivion|5 years ago|reply
Not to dismiss the annoyance involved. I'm just trying to understand what this bug is really about.
[+] [-] cfstras|5 years ago|reply
[+] [-] abandonliberty|5 years ago|reply
[+] [-] johnchristopher|5 years ago|reply
While Signal's greatest strength is its privacy features I think that at some point they are going to have to meet their customers/prospects/users' other needs.
The biggest one being the availability of chat history anywhere, anytime at their own risk if needed.
We won't educate people to use messaging app in the way we want them to (for privacy sensible conversations only) because the vast majority don't use messaging app like that.
It's either give up on that idea or heavily advertise that Signal is not a Whatsapp/Telegram/Viber/Messenger/Whatever replacement: it's a tool to use when you want to have private conversations.
Maybe it'd be better to leave the Signal messaging app lives its life and allows a third party chat history viewer to emerge. You can already export your encrypted backup to a readable CSV file. https://github.com/xeals/signal-back edit: which obviously doesn't work with a corrupted database :p. Signal backup as a service startup ?
Point in case: mom complained the other day that Signal Desktop took some time to launch because it was “syncing things”. I told here that this syncing from her phone to the computer is the proof her messages only exist in the application. Desktop or smartphone, that's why it needs to sync, facebook and others don't work like that (I grossly simplified).
note: Thread with comments like is how I remember HN is now a site with a huge audience.
[+] [-] meibo|5 years ago|reply
Their design causes it to be incredibly slow, to miss messages, to have them arrive out of order - and that's not even acknowledging the usability downfalls.
They really need to do better. I hope they can figure out some way to shift more resources to it, a good desktop client is essential to modern messengers.
[+] [-] hashkb|5 years ago|reply
[+] [-] Daniel_sk|5 years ago|reply
[+] [-] GuB-42|5 years ago|reply
It had a few problems but it mostly did the job. But lately, they disabled it with the latest onboarding update, without mentioning anything in the change log. I had to look at the git history to see that, I also found a "won't fix" ticket about the problem.
I think they are ignoring an very important feature but anyways, make a decision. Either you officially disable the feature, write it in the changelog and remove the dead code. Or you keep it and hopefully fix it. The way they are doing it is sloppy.
I didn't look too much into it but dead code is definitely a code smell and your experience seems to match mine. It is not terrible, but a bit underwhelming considered it is a highly regarded, security sensitive app.
[+] [-] pure_simplicity|5 years ago|reply
Do you have any clue how to make things better?
[+] [-] reidrac|5 years ago|reply
Recently I have moved to Signal because, after the WhatsApp opportunity, I had to move my non-tech savvy family members to something better, and I suspect Telegram isn't it (I can't understand how it is funded, it is too "magic").
But it is rough, specially compared to Telegram.
For example: there's no way I'll share my phone number to chat with strangers, whilst on Telegram I have an anonymous username I can use.
But even forgetting about that, it is the small things, like it can't record and send a video (you can record it out of the app, and then send it from Signal; at least on Android), or the atrocious desktop app.
I'm happy it exists and I'll stick with it because they're supposed to be "the good guys", but I'm hopping it improves before I have to admit it was a mistake and I should have trusted Telegram.
[+] [-] eptcyka|5 years ago|reply
[+] [-] pure_simplicity|5 years ago|reply
Do you have any idea how we could practically make Signal a better app in the future?
[+] [-] 0x0|5 years ago|reply
[+] [-] primeos|5 years ago|reply
Not sure how reliable and resilient SQLCipher is but that might (significantly?) increase the risk for a bug/corruption to occur. And the encryption certainly makes the analysis more difficult (while, at least on GNU/Linux, I don't see any advantage as the encryption key is stored unencrypted in ~/.config/Signal/config.json - not sure if other Desktop platforms support secure keystores like on Android and iOS). I briefly tried to analyze my corrupted DB but quickly gave up as I'm not familiar with SQLCipher and basically only got a generic "Error: file is not a database" error message when trying to decrypt it (and there's no plaintext header IIRC so it looks just like random data).
I also had multiple backups of the SQLCipher DB that I could successfully access manually but I was unable to use them for Signal-Desktop (not sure if this was due to some other Electron DBs/state, the stateful Signal protocol, or something else - IIRC the only hint was the "Database startup error: Error: SQLITE_NOTADB: file is not a database" message that didn't really help much).
[+] [-] dj_mc_merlin|5 years ago|reply
[+] [-] dssound|5 years ago|reply
[+] [-] oefrha|5 years ago|reply
But the thread says SQLCipher is used, so not sure.
[+] [-] DangerousPie|5 years ago|reply
[+] [-] Rygian|5 years ago|reply
[+] [-] rvz|5 years ago|reply
They have plenty of time and money to fix this issue quickly before it gets out of hand.
[+] [-] cpach|5 years ago|reply
[+] [-] prophesi|5 years ago|reply
Is there a citation for this claim? I tried searching on Twitter for tweets regarding Signal errors, and I didn't see anything except for retweets of the link to this HN post.
It's also just the local database, so the phone that their desktop app is linked to will still have their chat history, thus these alleged journalists would not have lost their sources.
[+] [-] miduil|5 years ago|reply
https://twitter.com/moltke/status/1364231860528836608
[+] [-] batterylow|5 years ago|reply
[+] [-] StavrosK|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] Havoc|5 years ago|reply
[+] [-] colesantiago|5 years ago|reply
This is very serious for everyone depending on signal, that I could just lose all my secure chat history without warning!
[+] [-] luto|5 years ago|reply
[1]: https://support.signal.org/hc/en-us/articles/360007059752-Ba...
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] LockAndLol|5 years ago|reply
Do you think developers willingly write bugs into their applications, then simply release them hoping they can mess up somebody's day for the fun of it?
"Allowed to roll out into production" as if there's a manager looking at the list of newly created bugs, grinning and going "This bug... I like this bug! Roll it out!"
[+] [-] rvz|5 years ago|reply
This right here was the final serious nail in the coffin that your chat history is corrupted due to this bug in production.
$60M in funding and they still can't fix these issues or handle these many users. I liked the Signal name and its friendliness to the end user, but I think the true hard-hitting reality is, it is just not ready yet for serious use. What a shame.
[+] [-] mittaus|5 years ago|reply
[+] [-] sagivo|5 years ago|reply
EDIT - if you downvote, please explain why. If you disagree it's not a reason to downvote.
[+] [-] dang|5 years ago|reply
also: "Please don't comment about the voting on comments. It never does any good, and it makes boring reading."
https://news.ycombinator.com/newsguidelines.html
[+] [-] krastanov|5 years ago|reply
Concerning your edit: I thought it was a pretty established part of the etiquette on HN that a downvote is used also for simple disagreement. It means "I do not agree", not "you are wrong and should be shamed".
[+] [-] eganist|5 years ago|reply
Iterative development is a thing for a reason.
Also, in regards to your edit:
> EDIT - if you downvote, please explain why. If you disagree it's not a reason to downvote.
https://news.ycombinator.com/newsguidelines.html grep "voting"
[+] [-] tetha|5 years ago|reply
Those are pretty terrifying bugs, the fail-open can be disastrous in the wrong situation, and the others easily result in catastrophic data loss. Because that's what encryption is supposed to do in some situations.
[+] [-] 6gvONxR4sf7o|5 years ago|reply
[+] [-] prophesi|5 years ago|reply
[+] [-] msoad|5 years ago|reply
[+] [-] hanniabu|5 years ago|reply
[+] [-] macintux|5 years ago|reply
That's not set in stone; reportedly pg said downvoting for disagreement was fine, but I don't have the quote handy nor a source.
[+] [-] Digory|5 years ago|reply
Signal did as well as anybody. They bounced back after about 48 hours, and usability seems as good as FB Messenger. Not nearly the roller coaster of Parler.
[+] [-] wglb|5 years ago|reply
[+] [-] ibic|5 years ago|reply
[+] [-] GNU_James|5 years ago|reply