Editing canvas.json in backup *.rtb

  • 6 January 2022
  • 11 replies
  • 1015 views

Hi,

due to the missing search/replace functionality I wanted to check if this can be done via backup > edit rtb content > restore. I have a huge board with placeholder texts for a 2nd language that I need to remove.


If I unzip the rtb file the canvas.json looks like binary. All other json and svg files are readable.

Editing the canvas.json is mentioned here:
https://community.miro.com/ask-the-community-45/why-do-links-to-duplicated-boards-get-crossed-4027

I wanted to go the same route, but failed due to the unreadable canvas.json.

Has the format been changed recently?
How can I decode the canvas.json to get a editable version?
 

Thanks for your hints,
Michael


11 replies

Userlevel 4
Badge +1

Hi @Michael Koegel!

Thanks for submitting this question! I went ahead and created a ticket for you. 🙂

Our team will be getting back to you shortly via email, so stay tuned! 

Badge

Hi Poline,

could you, please, ask the team to reply to the community in addition to contacting the original poster via email? I’m sure quite a few other people are interested in the answer to Michael’s question.

Best regards,
Wolf

Userlevel 4
Badge +1

Hi @WolfB! Sure, thanks for bringing this to my attention! 🙏

Here’s what our Tech team has shared with us:

The Miro backups started to receive encryption in the beginning of 2021, so it's almost a year now that we are encrypting specific system files in the backups (canvas.json specifically).

Unfortunately, there is no way for you to decrypt those on your end, as the Miro backups are compatible with Miro only and cannot be used with 3rd-party services or custom products

As for the initial task that you mentioned, we do have the Search feature to find the text on the Miro board, however, specifically, Search + Replace hasn't been introduced on the Miro side yet. 

Good news is that this feature is already in our backlog! As the feature is still in development, we can't share any ETA with you just yet, but I'd recommend keeping an eye on our Changelog.

 

Hope this helps! 

Hi @WolfB! Sure, thanks for bringing this to my attention! 🙏

Here’s what our Tech team has shared with us:

The Miro backups started to receive encryption in the beginning of 2021, so it's almost a year now that we are encrypting specific system files in the backups (canvas.json specifically).

Unfortunately, there is no way for you to decrypt those on your end, as the Miro backups are compatible with Miro only and cannot be used with 3rd-party services or custom products

As for the initial task that you mentioned, we do have the Search feature to find the text on the Miro board, however, specifically, Search + Replace hasn't been introduced on the Miro side yet. 

Good news is that this feature is already in our backlog! As the feature is still in development, we can't share any ETA with you just yet, but I'd recommend keeping an eye on our Changelog.

 

Hope this helps! 

When I exported my backup for a board the first time, I felt safe in the way, that everything I create can in theory be put back together for me with some development effort should miro shut down, or I am unable to pay for the service anymore in some time in the future.

But this step makes this impossible. Is there any way to specify my own backup encryption key? Or is this exactly about making the backups inaccessible to your customers?

When I exported my backup for a board the first time, I felt safe in the way, that everything I create can in theory be put back together for me with some development effort should miro shut down, or I am unable to pay for the service anymore in some time in the future.

But this step makes this impossible. Is there any way to specify my own backup encryption key? Or is this exactly about making the backups inaccessible to your customers?

This isn’t a backup at all. Imagine backing up your computer only to find it can only be restored to the same model computer. That’s not safety at all. This alone will keep us from using Miro for anything durable, and is not worthy of an “enterprise” level product.

Arrived here after trying to work out if I could import content from another tool ([Obsidian’s](https://obsidian.md) canvas plugin) and discovering that my `canvas.json` file from an exported Miro board wasn’t JSON, and wasn’t BSON either.

This is transparently just about trapping Miro customers into using the service and being unable to migrate their data out. Sadly it also makes it virtually impossible to import from elsewhere either. Mural’s export to CSV isn’t as fully featured as a full canvas backup, but it provides the positions and colours of your stickies, along with a bunch of other fields, unlike Miro which just seems to be the text.

Anecdote : back when the spreadsheet programme Lotus 1-2-3 was the **reason** to own a PC, it’s main competitor understood that it wasn’t enough to have a great `.123` import filter - they had to have a great **export** filter as well, because no-one would consider the risk of migrating away from Lotus if they couldn’t go back. That competitor was Excel, and we all know how that turned out. Miro is stopping anyone from even IMPORTING here, let alone exporting and doing anything useful with the data.

Did you look at the Rest API Bulk operations (experimental) (miro.com)? There you could at least secure your data in a way that makes you less dependent, and you can modify programmatically. (Integrating via backup might not be the most modern way ;-) )

I came across this thread and I must say, Miro, I am really disappointed by your behaviour on this

a) By encrypting the canvas.json in the backup files the backup files become way less useful and

b) giving lame excuses why you do it.

Actually, I do believe you are violating the spirit of GDPR, because if you would open up, it would be way easier to migrate the content to another provider.

And I had a look into this idea, too…

Did you look at the Rest API Bulk operations (experimental) (miro.com)? There you could at least secure your data in a way that makes you less dependent, and you can modify programmatically. (Integrating via backup might not be the most modern way ;-) )

It’s not a one API call per board to get the content. Instead, one needs to do several calls to different endpoints (e.g. frames are exported without it’s content. To get the frame content you need to call another endpoint). 

Actually, I do believe you are violating the spirit of GDPR, because if you would open up, it would be way easier to migrate the content to another provider.

 

Not only the spirit, but also the letter.

How do we decrypt these files? Why are they even encrypted in the first place?

This kind of synthetic vendor lock-in are absolutely hateful: my data are not mine. If I will find an alternative I will move on that for sure.

I can only emphasize that this is unacceptable behavior and does not reflect well on miro as a company. We use the software because it is good and as long as miro offers such good software, there is no reason to change. It's really a shame to try to force a vendor lock-in by such methods. But the data belongs to the users and that includes the board data, especially with the links between the elements on the board. This behavior also prevents the further programmatic use of miro data in other systems.

Reply