--- title: "Why Disappearing Messages Are Important For Private Messaging" date: 2023-03-17T00:00:00 draft: false --- I have the knowledge and experience to keep my communications reasonably secure against most common threats. The problem is that *my* devices aren't the weak link. It's those of the person I'm communicating with. Many people don't use *anything* for securing their devices. They have no password, no PIN, not even a fingerprint lock. So anyone who gains physical access to their device can read all their past communications going back who knows how long. One approach to mitigating this is disappearing messages, a feature which automatically deletes old messages on the user's device. Based on the apps I've used, there seem to be two main ways of implementing disappearing messages. One is offline, where each participant decides for themself how long messages remain on the device. The other way is online, where all participants use the same message disappearing duration set either by one user in the case of a two-party chat or the group administrator in a group chat. The benefit of the online implementation is that all parties can be confident that no others hold records of messages older than a certain date, given that they're not purposely circumventing this security mechanism through screenshotting or something like that. Online disappearing messages can be made adjustable, so the sender and recipient can decide an appropriate time window to retain messages according to their threat model. This mitigates private information disclosure against thieves, [thugs](/glossary/#thug), stalkers, and snooping spouses who gain physical access to the device. Another way to mitigate private information disclosure is requiring the user to set a password for the messaging app. People will still choose weak passwords, but for most common threat models, attackers will simply give up after seeing a password prompt anyways. In general, password protected apps are not a bad idea. But the problem with password protecting *messaging* apps is they must stay logged in on the user's device after the password is entered. App developers could require entering the password every time the app is opened or after some set interval, but that's too much inconvenience for most people. Since most people message on smartphones which would have the app logged in 24/7, password protection offers no real additional security. In conclusion, online disappearing messages offer an important mitigation against common threat models, they reduce private information disclosure even when your contacts' are clueless about cybersecurity, and there doesn't seem to exist any convenient alternative. So it's my opinion that **all messaging apps which call themselves private should at least offer online disappearing messages**. Luckily almost all the ones I'm familiar with already do.