[cyphar]

> I joined Keybase as a public key repository with external verification support, not for them to store private conversations -- encrypted or not.

While I agree with your comments on feature-creep, in order for you to worry about someone having a copy of your encrypted communications you must assume that the encryption scheme is completely broken. This raises the question: why are you using PGP at all if you think the cryptography is broken?

[tommi]

Keybase has created an inbox in your name which in turn creates a social contract on your behalf to check it. Existing users signed up for something different, so no wonder some of them want to disable that feature.

[cyphar]

Again, I agree with the feature-creep point. What I was asking about is why is the connotation about private messages seem to imply that they don't think encryption is sufficient for a third party to hold a copy of a message they will never read.

[honestlyreally]

Is this not the concept of forward secrecy? Crypto can be safe today and broken tomorrow.

[cyphar]

Not really. PFS is about protecting a long-term key from being broken and then historical communications being uncovered. If you receive a one-off message then it's not materially different to being PFS with just a single message.

[gexcolo]

I use PGP every day. Who messages me, how often, and at what times, is still private information and I should have a say in where and how that happens. My PGP-encrypted conversations tend to be much more sensitive than any other medium I use.

The cryptography is almost certainly not broken. That does not mean it won't be broken in the future. I would have the same concern if my TLS-encrypted traffic was being saved. If my ISP was saving TLS traffic or my XMPP provider (the one that I don't host, anyway) was saving OTR conversations, I would be equally concerned.

Even worse, actually. TLS (usually, nowadays) and OTR both employ forward secrecy. PGP does not, at least traditionally.