> I assume any recipient can prove to a third party that someone said something
All public messages are signed with the author's key, so any third-party can verify it.
Private messages are different, though. You need one of the recipient / sender's keys to decrypt that, and so for a third-party to verify it they would need one of those private keys.
You can now generate an unbox key for a private message send it to a non-recipient for them to be able to access the message, which is really cool. No private key sharing necessary!
That is cool. But the point stands that public (to all) and private (to designated recipients) messages are "on the record" and can forever be proven to be made by someone that held your private key at the time?
So if I say: "let's fight racism!" and you later decide to collaborate with a (now) racist government - you could prove (not merely allege) that I should go to the gulag?
our plan is to eventually add a side protocol for off-chain ("off the record") messages which re-use the same cryptographic identities, for all your other conversations. :)
I too find it a bit discouraging that my data would leak away to the whole network eventually. I'd like to have "an island" (I believe this metaphor was used in some docs) to myself and those close to me. Or maybe I haven't yet grasped how SSB works.
hi dmos62, Scuttlebutt is designed to allow users to create social communities with trust-based boundaries, but there's just a lot of work to do to bring our implementation up to match our intentions. for example here's a recent step in that direction: https://github.com/ssbc/ssb-incoming-guard.
https://ssbc.github.io/scuttlebutt-protocol-guide/
> I assume any recipient can prove to a third party that someone said something
All public messages are signed with the author's key, so any third-party can verify it.
Private messages are different, though. You need one of the recipient / sender's keys to decrypt that, and so for a third-party to verify it they would need one of those private keys.