With nostr:nprofile1qqs8t4ehcdrjgugzn3zgw6enp53gg2y2gfmekkg69m2d4gwxcpl04acpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsvd43n5 I wonder how privacy works with big groups?
"Two men can keep a secret if one is dead." yet you are talking about private group chats of thousands? If one group member started leaking the chat in real time anonymously, would these messages be verifiably authored by their pubkeys or would the leaker have to expose his own pubkey for that?
The inner messages are unsigned so there's always deniability.
So how do group members know the message is from the claimed author? Do they have an audit trail of the envelope key belonging to an npub?
Yes, you must reveal your nsec to get the complete audit trail and reveal your device too I think, because after the invitation they use other keys, I'm not aware of the exact process myself, but this is what I've understood so far.
MLS provides security on the wire (or relays) and against private key leakage.
If your local database of decrypted messages is compromised, then nothing can provide security.
The larger the group, the more likely someone's phone is compromised.
That's why in MLS for larger group sizes the security can be decreased for better scalability.
But the question here is, can we maintain plausible deniability? Can someone "prove" a message was cryptographically signed by me, without giving up their nsecs?
