Hi @Michael Koegel!

Thanks for submitting this question! I went ahead and created a ticket for you.

Our team will be getting back to you shortly via email, so stay tuned! 

Hi Poline,

could you, please, ask the team to reply to the community in addition to contacting the original poster via email? I’m sure quite a few other people are interested in the answer to Michael’s question.

Best regards,
Wolf

Hi @WolfB! Sure, thanks for bringing this to my attention!

Here’s what our Tech team has shared with us:

The Miro backups started to receive encryption in the beginning of 2021, so it's almost a year now that we are encrypting specific system files in the backups (canvas.json specifically).

Unfortunately, there is no way for you to decrypt those on your end, as the Miro backups are compatible with Miro only and cannot be used with 3rd-party services or custom products. 

As for the initial task that you mentioned, we do have the Search feature to find the text on the Miro board, however, specifically, Search + Replace hasn't been introduced on the Miro side yet. 

Good news is that this feature is already in our backlog! As the feature is still in development, we can't share any ETA with you just yet, but I'd recommend keeping an eye on our Changelog.

Hope this helps! 

When I exported my backup for a board the first time, I felt safe in the way, that everything I create can in theory be put back together for me with some development effort should miro shut down, or I am unable to pay for the service anymore in some time in the future.

But this step makes this impossible. Is there any way to specify my own backup encryption key? Or is this exactly about making the backups inaccessible to your customers?

This isn’t a backup at all. Imagine backing up your computer only to find it can only be restored to the same model computer. That’s not safety at all. This alone will keep us from using Miro for anything durable, and is not worthy of an “enterprise” level product.

Arrived here after trying to work out if I could import content from another tool ([Obsidian’s](https://obsidian.md) canvas plugin) and discovering that my `canvas.json` file from an exported Miro board wasn’t JSON, and wasn’t BSON either.

This is transparently just about trapping Miro customers into using the service and being unable to migrate their data out. Sadly it also makes it virtually impossible to import from elsewhere either. Mural’s export to CSV isn’t as fully featured as a full canvas backup, but it provides the positions and colours of your stickies, along with a bunch of other fields, unlike Miro which just seems to be the text.

Anecdote : back when the spreadsheet programme Lotus 1-2-3 was the **reason** to own a PC, it’s main competitor understood that it wasn’t enough to have a great `.123` import filter - they had to have a great **export** filter as well, because no-one would consider the risk of migrating away from Lotus if they couldn’t go back. That competitor was Excel, and we all know how that turned out. Miro is stopping anyone from even IMPORTING here, let alone exporting and doing anything useful with the data.

Did you look at the Rest API Bulk operations (experimental) (miro.com)? There you could at least secure your data in a way that makes you less dependent, and you can modify programmatically. (Integrating via backup might not be the most modern way )

I came across this thread and I must say, Miro, I am really disappointed by your behaviour on this

a) By encrypting the canvas.json in the backup files the backup files become way less useful and

b) giving lame excuses why you do it.

Actually, I do believe you are violating the spirit of GDPR, because if you would open up, it would be way easier to migrate the content to another provider.

And I had a look into this idea, too…

It’s not a one API call per board to get the content. Instead, one needs to do several calls to different endpoints (e.g. frames are exported without it’s content. To get the frame content you need to call another endpoint). 

Not only the spirit, but also the letter.

How do we decrypt these files? Why are they even encrypted in the first place?

This kind of synthetic vendor lock-in are absolutely hateful: my data are not mine. If I will find an alternative I will move on that for sure.

I can only emphasize that this is unacceptable behavior and does not reflect well on miro as a company. We use the software because it is good and as long as miro offers such good software, there is no reason to change. It's really a shame to try to force a vendor lock-in by such methods. But the data belongs to the users and that includes the board data, especially with the links between the elements on the board. This behavior also prevents the further programmatic use of miro data in other systems.

Adding to this; I’ve always liked Miro and felt that, on the whole, you have a pro-consumer attitude.  This is fiercely anti-consumer and is extremely damaging; I am now reassessing whether we want to put future work into developing content using Miro.  Please consider allowing unencrypted exports from the tool again.

A very real current issue I have is that my backups stopped being imported properly - everything is now placed in the centre of the board, overlaid on top of each other.  Something has changed.  I went to try and self-solve by comparing an old backup to a current board backup and was unable to do so because of the encryption on the new board export.  I am now paralysed to do anything but wait for a Miro fix, and with an event running tomorrow.

hi ​@MarkT 

Sorry to hear you’re having issues with backups. I created a support ticket for you; someone will be in touch soon.