I send an exploding message, set for 1 day, to Bob.
Bob checks his chat a week from now.
Does Bob get the message? Or has it already exploded?
I guess I'm asking when the actual explosion timer starts - when the message is sent, or when it is read? For group messages, do all parties need to read it before the timer starts?
Does the timer begin when the message is sent or received?
Sent.
This seems like the only sensible answer for group chats. And we can't have a different answer for 1-on-1 chats and group chats. That would confuse people. Not the kind of person who reads an FAQ such as yourself, of course.
So our answer is simple: you set a timer and the message is gone after that time.
It narrows the attack window. It's not hard to imagine a scenario where something happens to the receiver and as the sender you didn't realize this until you sent a few messages but the third party who got the receiver won't be able to access the device for some time. Hopefully by the time they get in they have self destroyed.
There are a couple of important differences, though someone from Signal might need to correct me if I get this wrong:
- Signal never deletes keys until after a message is read, because the key schedule and the message history are closely integrated. So if I send a "30 seconds" disappearing message, but you read it a month later, that will work. Keybase doesn't work that way; we delete keys on a fixed schedule, generally about a week. The "start the clock after sending" rule fits our key schedule better, without creating confusing cases at the one week boundary.
- Keybase is designed to support "very large" groups, like thousands of people. In that setting, a "start the clock after reading" rule would be a problem. It's unrealistic that all N thousand members will ever read a given message, and that would make deletion less reliable.
