Yeah fair.. self-destructing is overselling it. Server drops the blob after timeout/view count.
Server sees expiry, view count, salt, iv. Content is encrypted, metadata isn't. Can't avoid this with server-managed TTL - alternative is client-only expiry but then you're trusting the recipient's browser.
Main point is credentials don't live forever in chat history. Smaller window, not magic.
Server sees expiry, view count, salt, iv. Content is encrypted, metadata isn't. Can't avoid this with server-managed TTL - alternative is client-only expiry but then you're trusting the recipient's browser.
Main point is credentials don't live forever in chat history. Smaller window, not magic.