With nostr:nprofile1qqs8t4ehcdrjgugzn3zgw6enp53gg2y2gfmekkg69m2d4gwxcpl04acpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsvd43n5 I wonder how privacy works with big groups?
"Two men can keep a secret if one is dead." yet you are talking about private group chats of thousands? If one group member started leaking the chat in real time anonymously, would these messages be verifiably authored by their pubkeys or would the leaker have to expose his own pubkey for that?
MLS provides security on the wire (or relays) and against private key leakage.
If your local database of decrypted messages is compromised, then nothing can provide security.
The larger the group, the more likely someone's phone is compromised.
That's why in MLS for larger group sizes the security can be decreased for better scalability.
But the question here is, can we maintain plausible deniability? Can someone "prove" a message was cryptographically signed by me, without giving up their nsecs?
