Oddbean new post about | logout
 As long as you never let the ratchet state be exported from the main client, you should be fine.

But that blocks people from using multiple DM clients, which is a core motivation behind Nostr. You are blocking users into your client and locking them out of others. Same data silos Twitter and Facebook gave today.  
 There's nothing preventing users from moving to another DM client. You can always go back to the old client or export or copy paste message histories if you need them.

It's not comparable to Twitter or Facebook, because you own your identity key and can always change the client or relays.

There's always a tradeoff between availability and security of messages, and maybe there are different use cases for both kinds of messaging. On Nostr, we are free to choose. 
 If you can export and import it, you don't have any forward secrecy... Ever.  
 Signal doesn't have forward secrecy if you can save a backup of your chat? I don't think that's the definition. 
 Signal started by not allowing anyone to export it. That was forward secrecy. But when they added the import/export and desktop clients, forward secrecy became irrelevant because all an attacked needs to do is to attack the import feature. They don't need to decrypt individual messages anymore. It's just way easier to attack the "seed" 

Also Signal is terrible because their servers know everything. It's not private at all. The server can pinpoint anyone, geolocate and uniquely identify all of a user's messages. 

If a protocol doesn't operate with multiple servers chosen by the user, privacy is pretty much gone. Regardless of the quality of underlying protocol.  
 Forward secrecy means that compromise of a long-term key doesn't reveal past messages. Signal does provide that. It's a different category of attack if someone gets access to your device and sees your chat history, or tricks you to link an untrusted device.

Export is possible in any client, at the very least with screenshots or by writing the message history on a piece of paper, but that's not related to forward secrecy. Disappearing messages is the solution when you don't want your message history potentially seen by anyone later.

You can use a VPN to hide your geolocation from Signal (which you should do on Nostr as well if you need privacy), but it's true that they can connect your messages to your phone number, see when and probably with whom you're chatting. Not surprised if intelligence agencies are mining that data.

With Nostr we're at least over the phone number part, there's no single service that sees all traffic and there are different ways to fix the metadata issue — and do forward & backward secrecy when desired. 
 i've found this one of the most frustrating features in signal where you cannot really export your message history, and every time you need to re-link your computer (which expires after 30 days of non-use or so) it will start with an empty one

i do understand it from a privacy point of view but still

fwiw, matrix does provide message history for E2EE rooms even with new devices

nostr:nevent1qvzqqqqqqypzq3svyhng9ld8sv44950j957j9vchdktj7cxumsep9mvvjthc2pjuqqsgt0zpg6tslgxjx9raff5nusuqapwj7nf5hvpvaxzh5ux3ddlmq4qjk6ldh 
 Any thoughts on simplex ? 
 not really ! i like the concept of having no user ids, but have never used it or looked into it at any depth