[berdario]

(I'm just a guy interested in BM, not involved with development, yet)

forward secrecy is helped by 2 things: you cannot know who is the recipient of a message, so if you want to store the messages to be able to decrypt them in the future when you'll have obtained their private key, you'd have to store all the network messages

If you're worried by such an attacker, you can just create a new identity for each message, just like you can create a new bitcoin address for each transaction

Pond seems interesting, but quite different from bitmessage, especially I like bitmessage because of its user-friendliness (the UI needs lots of improvement, but you just download it, create an identity and off you go... I doubt about the feasibility of getting the whole world to use TOR, especially people in China/Iran or "my parents")

[foobarqux]

That's not forward secrecy. Usenet with encryption is not forward secret either.

> If you're worried by such an attacker [...]

Uh, shouldn't everyone be at this point?

> you can just create a new identity for each message

Key exchange and management is hard. That's why you try not to do it often. You could claim PGP e-mail was forward secret: All you need to do is use a new private key every time.

[berdario]

I know, that's why I wrote "forward secrecy is helped", it's not something that you get out of the box with bitmessage

moreover, since the keypair and the BM identity is one-and-the-same the key exchange and management comes for free, once you got the first message sent to your recipient... changing identity is much easier than creating a new gpg keypair and sending it to the other guy, and on top of that you'll get some added anonimity