But normally when you join a conversation and are not allowed to see previous messages, you don't see anything about them. A matrix server does.

>pinky promise security

You are right, though I still prefer "weak feature" as a term :) There's enough value in such things. Cryptography crowd is concentrated on omnipotent Eve breaking ciphers, and that wrench from xkcd, but I dare to claim that majority of both commercial and private leaks happen just because well-intentioned users don't have enough capacity to keep track of all the things, and proverbially think twice. Features like "unsend", or timed deletion are indeed laughable on their purely technical merits, but do wonders saving users from grave mistakes anyway.

Sure.

In practice, in federated networks bad actors end up being blacklisted. It does not provide any "formal" guarantee, but… it tends to work fine enough. For this specific "deletion request" feature, of course it should always be seen as a convenience thing, and absolutely not about security.

As with many engineering things, it's tradeoffs all the way down. For instant messaging, a federated approach, using open protocols, offers what I value most: decentralisation, hackability, autonomy, open source. My options in this space are Matrix or XMPP. I have not attempted to self-host a matrix server, but have been very happy with my [prosody](https://prosody.im/) instance for almost a decade now.

I don't know such definition frankly. And to the best of my knowledge there are plenty of things which people call "protocols" strongly prescribing actions non-verifiable in the very sense you used. That said I'm not here for a terminological discussion. We may call it green cheese, but it's still a useful feature.

There's a difference between "I have an active adversarial actor" as a security model and "sometimes I send something I don't want to and want to delete it, the people watching are friends and acquaintances and are not deliberately preprepared to collect kompromat".

When I delete a message off Signal chat, the expectation is that the chat members are agreeing by social contract to abide by that.

I think they're talking about Solid, Tim Berners-Lee's newer venture: https://en.wikipedia.org/wiki/Solid_(web_decentralization_pr...

>> As for how: DRM-like tech in the hands of users should allow for that.

> If it's in the hands of the users, i.e. open source, it can be disabled at any moment, which is exactly what my reply already addressed.

The point is that with the help of hardware-backed DRM on the client, the Matrix server could send data only to unmodified clients. You modified your client in a way that does not match what the Matrix server expects? No data for you.

No particular name. Just deniability. I personally like to call this particular scheme, deniability through claimed forgery. Not particularly clever. You just provide your correspondent with what they need to forge your messages after the end of the session.

I don't know if it actually could work in practice:

https://articles.59.ca/doku.php?id=pgpfan:repudiability

Isn't the scheme simply agreeing in a shared key and both using it? I'll know that the message is from you if it's signed with that key and is not from me and vice versa, but neither of us can prove who created the message.

Off The Record chat did this.

https://en.wikipedia.org/wiki/Off-the-record_messaging

Just one example, but trying to get that revenge porn off the web, can be seen as an attempt to restore ones privacy. Where others should not have the right to continue to peek into ones private life.

Even if it were a privacy issue, it would be impossible to enforce it technologically via FOSS software, because, by definition, the user at the other end could run a forked version with remote deletion disabled.