search

signalapp / Signal-Desktop

A private messenger for Windows, macOS, and Linux.
https://signal.org/download
GNU Affero General Public License v3.0
14.68k stars 2.68k forks source link

Device cloned with macOS Migration Assistant #7083

Closed jace closed 1 week ago

jace commented 1 week ago

Using a supported version?

Overall summary

I've setup a new MacBook laptop using macOS Migration Assistant to copy all data over from my old laptop. This has resulted in Signal Desktop (and several other apps) getting cloned to the new laptop and conflicting with the original instance on the old laptop.

Only WhatsApp Desktop and Element (Matrix client) detected the conflict and asked for re-login. Signal Desktop, Telegram Desktop, Tailscale, Syncthing and Soduto (KDE Connect client) all ran on the new laptop while claiming the credentials of the old laptop, causing network conflicts.

Messages sent to the Signal account appeared on the phone and only one of the desktop clients, presumably because it was first to grab the incoming message from Signal servers.

Steps to reproduce

  1. Install Signal Desktop on a Mac and link it to the mobile app.
  2. Setup another Mac from factory reset state.
  3. Use Migration Assistant to copy all data from from old to new Mac.
  4. Two instances of Signal Desktop will now use the same credentials, competing to receive incoming messages.

Expected result

The cloned instance will detect itself to be a clone and ask for re-linking. This may be achieved using either the gethostuuid syscall (client side, privacy preserving), or by server-side detection of fragmented state (protects against cloning as a hacking vector, potentially privacy invasive).

Actual result

After cloning,

  1. Phone app shows only one linked device.
  2. There is no option to rename this device.
  3. Desktop app on the new computer also shows Device name of the old computer.
  4. There is no option to logout in Signal Desktop.
  5. Uninstalling by dropping the app in Trash does not remove config from under ~/Library. This requires an uninstall tool.

Screenshots

No response

Signal version

7.33.0

Operating system

macOS 15.1

Version of Signal on your phone

7.24.2

Link to debug log

No response

trevor-signal commented 1 week ago

Thanks for this report. Maintaining privacy is paramount and we are actively considering options here to enable a better experience under those constraints. I'll note your suggestions and discuss with the team.