[kelnos]

> But how many people actually delete their old messages?

I don't know, because I'm not in this position, but I would really really hope that someone who is having conversations that could get them killed or thrown in jail by an oppressive government would be using disappearing messages, or at least setting things up so messages are auto-deleted after some fairly short amount of time.

> A private key that in the case of, say, PGP does not have to be associated with any particular identity at all.

No, but presumably you will have possession of that private key. If you realize that the authorities are closing in on you, you can destroy your copy of the key, but if you're caught unexpectedly, they can tie your possession of the key to the messages.

[upofadown]

Your private encryption key only can be used to decrypt the messages sent to you. Anyone with your public key can create a message to you. Without the signature there is actually no cryptographic proof that you created a particular message.

The really interesting thing about the PGP case is that you can do this and still insure that no one does a MITM attack on your messages. The encryption key is signed by the signature key (identity). So you can verify the identity but still leave no identity laying around.