Even worse, you have no control over the private key of your chat partner. Same if his/her key is leaked.
Discussion
The only way I’ve been comfortably using the current DM spec is on burner accounts and sending DMs to itself. Useful for automation, but not actually useful until we have clients that can manage multiple accounts. Hopefully we will get a new DM spec soon.
Eyes on this.
Well, that points to a universal problem for any private/encrypted DM. You cannot control what the other party can do. Even if private keys are not compromised, the other party can always leak the messages.
There is a difference between your chat partner leaking it on purpose or just due to bad key management.
On #nostr your private DMs are public but encrypted. If one of both keys is leaked, everybody can read it.
Contrary Signal has a way more sophisticated encryption and the user does not need to bother with key management. Furthermore the chats are not public, so even if you could decrypt it, you first need access to the messages.
It’s a huge difference regarding privacy and security!