so that when someone pwns your chat server, they don't walk off with all your communication history.
If you want audit, you then add it on separately, in a separate locked-down deployment, compartmentalised from the rest of your infra and the chat server, so that an attacker would need to pwn an audit client connected to that instead.
If you want audit, you then add it on separately, in a separate locked-down deployment, compartmentalised from the rest of your infra and the chat server, so that an attacker would need to pwn an audit client connected to that instead.