-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
All exported data (messages + attachments) are *NOT* encrypted on Disk during (and after) the upgrade process! #2815
Comments
I think you meant is unencrypted? The title is also confusing. |
Did you have to manually export the messages? Meaning, the app prompted to export and upgrade? |
Messages and attachments are not meaningfully encrypted on-disk in the latest Signal Desktop even without exporting/upgrading, so i'm not sure this violates the intended threat model of Signal in your APPDATA directory (~//Library/Application Support/Signal on mac):
i'm not a signal dev and do not intend to support or refute their choices, just noting an observation. |
I agree that it's not Signal's task to encrypt messages on-disk. |
Google announced that they were deprecating support for Chrome Apps over two years ago. Users have not been able to search for the legacy Signal Desktop app in the Chrome Web Store since mid-December 2017, and we officially deprecated the legacy version in October 2017. At some point in the near future we will be unable to ship updates to the small number of remaining legacy users. We need to provide a data portability option and export process in order to facilitate a short, one-time move from the Chrome App to the more up-to-date standalone version of Signal Desktop. It's important to be cautious about how and when any migration data is removed in case legacy users encounter errors or issues during the process. We were already planning on a second phase that will include instructions for how to remove the legacy Chrome App and the related migration data. At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide. Full-disk encryption can be enabled at the OS level on most desktop platforms. |
Bug description
Steps to reproduce
Actual result:
This is insane! All the data is not encrypted!!!!!
Expected result:
This should be encrypted and safely deleted once the upgrade process is over!
Screenshots
Platform info
Signal version:
Currently running v1.16.3. Not sure what was my version before that.
Operating System:
macOS (A Chrome app)?
Linked device version:
Link to debug log
The text was updated successfully, but these errors were encountered: