|
|
|
|
|
|
by upofadown
1961 days ago
|
|
|
>decrypt your entire message history, even if you've deleted it from your endpoint But how many people actually delete their old messages? If they don't then forward secrecy doesn't help. They get your messages when they get you key material. Encrypted instant messaging is inherently less secure than something that can be performed offline like encrypted email because the key information is exposed all the time. So it is much less likely that you will have your key information exposed in the first place with encrypted email. An instant messenger on a phone can normally be defeated simply by grabbing your unlocked phone from your hand and scrolling though your old messages. >prove that you're the author of every message, because only your private key can be used to craft the digital signatures. A private key that in the case of, say, PGP does not have to be associated with any particular identity at all. Also, PGP offers actual deniability by simply not signing the message in the first place while, say, Signal only offers a particularly weak version of forgeability[1] which is problematic in general. [1] https://articles.59.ca/doku.php?id=pgpfan:repudiability#forg... (see Forgeablity Light) |
|
|
I don't know, because I'm not in this position, but I would really really hope that someone who is having conversations that could get them killed or thrown in jail by an oppressive government would be using disappearing messages, or at least setting things up so messages are auto-deleted after some fairly short amount of time.
> A private key that in the case of, say, PGP does not have to be associated with any particular identity at all.
No, but presumably you will have possession of that private key. If you realize that the authorities are closing in on you, you can destroy your copy of the key, but if you're caught unexpectedly, they can tie your possession of the key to the messages.