-
-
Notifications
You must be signed in to change notification settings - Fork 522
Feature request: export/import (backup/restore) of conversations/threads #701
Comments
I agree with you, although as far as I know not many users export conversations from other apps like Whatsapp.. current expectation is that messages are simply stored in your app and not lost like SMSes. However any noteworthy desktop Jabber client makes it possible to save conversations (thus breaking the ephemeral characteristic of this kind of communication) and it would make sense that ChatSecure did too. The only major concern is: are we sure that Android or iOS won't take a peep at your exported logs? If a secure embedded encrypted storage for exported logs is not possible I'd rather keep ChatSecure as it is. It's already good. Remember that its major security threat is the spying environment it lives in and the current app meets general public's expectations in this respect since a very few will want this. |
On 07/11/2015, chseluv notifications@github.com wrote:
Good :)
[Citation needed]
Exactly. Plus, if the app stores the conversations, then they aren't
Surely the OS has visibility of the conversations whether they have
Android and iOS both have the ability to encrypt the device's storage
It's already good unless the user needs to keep a record of
If you mean that very few will want to keep records of their
See my previous point: unless I'm very much mistaken, the OS already Thanks for your interest in ChatSecure :) |
As long as ChatSecure continues not to enable easy export/backup of
conversations, and as long as it expects users to use it on
corporate-controlled Android/iOS, then it is effectively saying to the
user, "Google/Apple can export your conversations at will, but you
can't, so there!"
That's not very liberating.
As for protecting the exports, ChatSecure could potentially require
the presence of AndroidPrivacyGuard/OpenKeychain/GnuPrivacyGuard/etc
in order to encrypt the exports.
|
All of the message and media data in ChatSecure is encrypted using SQLCipher and IOCipher. If you set an app passphrase on setup, then that will protect the key that it is encrypted with. If you skip that step, then the key will be protected with a default passphrase. The OS doesn't have visibility to the data in a typical way, though with root permissions of course, you can do just about anything. That said, the desire to easily export/import data is a valid one, and something we should better support. |
Just as a general question, would you prioritize export per conversation, or a full app data export/import ? Is this a backup desire, or do you want to save specific conversations? |
-----BEGIN PGP SIGNED MESSAGE----- If I may add my opintion on that question too, backup desire, thanks :) On 11/09/2015 11:44 PM, Nathan Freitas wrote:
iQEcBAEBAgAGBQJWQSR8AAoJEL5Ul9ESPts4fPIH/AloHqeFoEEGcXoMvYQpelI9 |
On 09/11/2015, Nathan Freitas wrote:
I'm not sure what you mean by "the typical way". And the OS obviously The OS could, for example, read (and write) the memory locations where Simply put: unless I am very much mistaken, ChatSecure as currently Therefore, if your OS is under the control of a third party (e.g. the The only way for a user to reduce that attack vector is to use a more
Great! :)
Depends on the implementation. I would think that dumping contacts and Naturally, it makes sense for ChatSecure to make that export happen
I think for most people, the former would be the priority. If you're Thanks for working on ChatSecure! |
Yes, if your device is powned, there is little we can do. I think that is true of pretty much any security software, including Tor, GnuPG or pretty much anything. Replicant is great - any non-Google AOSP firmware is a good start. Ultimately, we primarily focus on network threats, and low-level on device threats like non-root malware, or defending against unintentional cloud backup of plaintext, etc. If you feel your threat model includes Google, Apple or a third-party malware targeting your to the extreme they are reading encrypted data or keys from memory, or intercepting key strokes, then you should definitely additional precautions, as documented and implemented here: |
On 10/11/2015, Nathan Freitas notifications@github.com wrote:
Right. My point was just that whatever you meant by "the typical way",
Exactly.
I completely agree. And, to bring the thread back on-topic: looking forward to seeing |
I'd also be grateful to have an export or backup feature in ChatSecure. I can see that there are different view points on this, but for me, the chats are a part of my digital life that I wish to backup like I backup all the other parts (pictures, emails, letters). Anyway, thanks for the great work! |
AFAIK, the only current mechanism for doing this is to long press on each message, thereby copying it to the clipboard, and then to paste it into another app. That is not user-friendly, if the user wishes to export a whole conversation - or even several conversations.
Perhaps it is also possible via debug logging or similar, but the same applies: not hugely user-friendly.
I am aware that there may be a view that all ChatSecure conversations are intended to be ephemeral and that export/import functionality is inappropriate. I don't share this view, however, and would point out that as ChatSecure already uses persistent storage and already allows export by copying (see above) and import by pasting. Therefore, adding a robust, user-friendly import/export feature would merely formalise and add convenience to existing functionality, and make ChatSecure into an even better app than it already is! :-)
N.B. It might be nice if the import/export feature could integrate with OpenKeychain or similar, so that the backups are encrypted. Also, it may make sense to somehow use XEP-0313: Message Archive Management or XEP-0136: Message Archiving. These implementation details are just suggestions, however, and not an integral part of my feature request.
The text was updated successfully, but these errors were encountered: