9

I would like to know how paired devices get synced together in Signal messaging app.

So this is what they say on their website

Signal messages, pictures, files, and other contents are stored locally on your device. These contents are readable by the open source Signal clients. Because everything in Signal is end-to-end encrypted, the Signal service does not have access to any of this data.

https://support.signal.org/hc/en-us/articles/360007059412-Signal-and-the-General-Data-Protection-Regulation-GDPR-

But let's say I have 2 devices synced together (phone + pc). The pc is off and I send multiple messages to multiple contacts on my phone. Then I turn off my phone and decide to use signal on pc. How is it possible that signal can sync all messages, pictures etc when my phone is turned off. They claim that everything is stored locally. So in theory, to be able to view my activity on the desktop signal app, the phone has to be connected to internet to sync with it.

Am I missing something ? I'm assuming signal desktop doesn't retrieve everything from all my contacts ..

gnogno
  • 93
  • 1
  • 3

1 Answers1

9

Signal Multi-device Support

Each linked device in multi-device treats each other as a different recipient. Encrypted messages are kept on server until they are received by the recipients. For each linked device, the server holds a queue of 1000 most recent undelivered messages so the device has to come online often enough to prevent overflowing of queue. The server also deletes undelivered messages that are older than 60 days even if the queue is not full.

Linked devices cannot sync chat history in order to prevent compromise of earlier messages that were received before the devices were linked. They start from fresh and their e2ee session is also separate. The only things they have in common is UserId and Identity keypair.

When you send or receive message, the message is replicated by the sender for all of your linked devices. It behaves like group messaging but messages for the linked devices are sent to self.

defalt
  • 6,231
  • 2
  • 22
  • 37
  • When you add a new device to your paired devices, it says something like ' for security issues, only new messages from now on will be displayed here" So I think my question was answered by this "For each linked device, the server holds a queue of 1000 most recent undelivered messages so the device has to come online often enough to prevent overflowing of queue" I'm assuming you know what you're talking about and go with this answer that satisfies me. I wanted to know if they "really" don't store my "encrypted messages" anywhere – gnogno Mar 27 '21 at 14:13
  • @gnogno That's an intended security design to prevent compromise of your earlier received messages. Delivered messages are deleted from the server. Even if the server silently kept encrypted messages, they would not be decipherable by the client because encryption keys of received messages are deleted by the client and they cannot be re-derived. – defalt Mar 27 '21 at 15:43
  • +1 Good edit! I have deleted my earlier comment. – Mike Ounsworth Mar 29 '21 at 14:59
  • So why is there no option to synchronize messages from my phone, say, to a linked computer? I'm already in possession of and have access to all the messages (on the phone), it simply forces me to manually copy them across if I want to access them (which I can, and have, done). No added security is achieved, only inconvenience. – fragorl Aug 05 '22 at 01:17
  • 1
    Note that **syncing of older messages IS still definitely possible** though. Even without root on your phone, Signal (Android) offers backups, which, given the key and known cypher, are decryptable everywhere, and then easily converted into the Signal Desktop format (as both are SQL-based), merged, and encrypted again. Signal Desktop then displays those messages too. So the “compromise of earlier messages” argument, while surely intended that way, in reality is just security theater. – Evi1M4chine Aug 10 '22 at 15:59
  • @fragorl They want to eliminate the attack vector of someone taking your phone for few seconds, linking your account with their device and dumping all the message history. This can be done within a minute. – defalt Aug 10 '22 at 19:48