Oddbean new post about | logout
 Signal doesn't have forward secrecy if you can save a backup of your chat? I don't think that's the definition. 
 Signal started by not allowing anyone to export it. That was forward secrecy. But when they added the import/export and desktop clients, forward secrecy became irrelevant because all an attacked needs to do is to attack the import feature. They don't need to decrypt individual messages anymore. It's just way easier to attack the "seed" 

Also Signal is terrible because their servers know everything. It's not private at all. The server can pinpoint anyone, geolocate and uniquely identify all of a user's messages. 

If a protocol doesn't operate with multiple servers chosen by the user, privacy is pretty much gone. Regardless of the quality of underlying protocol.  
 Forward secrecy means that compromise of a long-term key doesn't reveal past messages. Signal does provide that. It's a different category of attack if someone gets access to your device and sees your chat history, or tricks you to link an untrusted device.

Export is possible in any client, at the very least with screenshots or by writing the message history on a piece of paper, but that's not related to forward secrecy. Disappearing messages is the solution when you don't want your message history potentially seen by anyone later.

You can use a VPN to hide your geolocation from Signal (which you should do on Nostr as well if you need privacy), but it's true that they can connect your messages to your phone number, see when and probably with whom you're chatting. Not surprised if intelligence agencies are mining that data.

With Nostr we're at least over the phone number part, there's no single service that sees all traffic and there are different ways to fix the metadata issue — and do forward & backward secrecy when desired.