This is not true, implementing a protocol with forward secrecy would stop an attacker from reading past DMs if the nsec is leaked.
Discussion
Are you saying that the user cannot read their past DMs? If they can, what secret unlocks them? Can't they lose that secret? Why not?
You can do forward secrecy if you don't need to remember the old session keys (e.g. in SSL) but I don't see how to do it if you want to have a folder full of DMs.
Afaik 0xchat does this by creating ephemeral keys that are then stored to be able to decrypt old messages. If any of the keys are leaked, then only a subset of the messages can be decrypted (I'm not sure how many, might be just one). But then this also goes the other way: if you don't have access to those keys anymore, then your DMs are gone. I guess it's just a matter of tradeoffs.
So digging into the double ratchet protocol, I think the device has to have both medium-term and long-term keys available to decrypt everything in the past, and an attacker would likely steal both of those and decrypt everything in the past. The protocol then would generate future keys that the attacker wouldn't have unless they continued to control the user's device. I think it does the best thing possible, but it is still quite possible to steal all the past messages even under Signal's double ratchet protocol. It makes no sense to me that an attacker would only get one key or the other -- maybe they are presuming a cryptanalysis only attack.
I guess to get all past keys you need full device access where leaking an nsec can be done "easily" by putting it into a malicious website or app.
That’s what I proposed, a separate pair of keys for DMs that user does not have direct access to. Rotate them every period and keep old keys on the device. Publish public part as part of your profile and we are good. All the gift wrapping and extra steps in the new encryption are not making anything safer, just making the implementation more convoluted and opening clients to potential bugs that would make security worse and not better. People always forget to include human factor into the design of security products, it is the weakest link. The easier it is to implement (e.g., NIP-04) the safer it is from sloppy bug or a missed step during implementation 🐶🐾🫡
My 2 sats worth of opinion
That makes sense.
What about creating a 'disappearing messages' UX where clients would automatically drop keys after a certain amount of time?
I'm not sure if this has already been discussed.