This is what people don't seem to get, exploding messages aren't an airtight solution to the risks of sharing sensitive information with someone. You're always taking a risk when you do that. Exploding messages change the default way that sensitive information is handled, and changing the default can have a profound impact, for all the reasons you lay out.
My issue is with the way they are marketed. I would be cool with just a “don’t retain” flag that does just that.
But making a big deal about “exploding” is dangerously incorrect that many users will make incorrect assumptions.
I’m not worried about screenshots, I’m worried about my plugin that archvives all text inbound to me that then requires me to respond to subpeona, etc.
From a security standpoint, this feature should not impact behavior since it is meaningless. If users don’t understand this, then it will cause heartache.
I don’t see your point. If you archive all inbound text, this feature is clearly not for you. This is like saying a door lock isn’t useful for anyone because you keep your window open.
The people I chat with do not know that I archive (nor should the) and will have an inaccurate and misleading expectation of behavior.
To use your door analogy, it’s like telling someone that a door lock keeps people out when there’s an invisible teleported that also gets installed with the door lock.
It’s a hard analogy to follow because me retaining information you sent me is different than me breaking into your house. If you send me info, it’s mine. The weird mental model is that you still control what you give to me.
