Suggestion: encrypt communications unless there's a dispute

I understand that disputes require conversations to be able to be read; however, it is a serious risk that localmonero could be compromised and leak seriously identifying information. If messages were encrypted unless one of the participants opt-in to decrypting the messages for a dispute then this situation would be massively improved. Even if users can’t verify for themselves that this is happening then it would be nice - I could be wrong, but I imagine it could be relatively simple to require the user’s passphrase upon a dispute and store a ciphertext form of messages in the database.

Welcome to the community!

Client-side encryption is simply not an option for us if we want to maintain a NoJS version of the site. Encrypting the messages in the browser would require the use of JavaScript, there’s simply no way around it, so we can either have client-side encryption or we can have a NoJS version of the site.

In our view, giving our users the ability to use our site without JavaScript is more important, because they can achieve the same effect as client-side encryption by simply sending messages that are PGP encrypted. This way you can have your cake and eat it too. If we implemented client-side encryption then our users wouldn’t have the option to achieve maximum possible security by accessing our NoJS version.

If our database (heaven forbid) gets leaked, it won’t be a problem in terms of message content, since we store all messages encrypted in the database.

Do you retain those message logs forever?

Nope, we erase them after 180 days.