Setting a retention time out is playing with fire. If the police get ahold of the other party's device, and present an exhibit which they say contains the true conversation, you could be worse off than if you retained the conversation. The fact that you have since deleted it could be incriminating.

In some jurisdiction, yes, legally, such evidence might not be probative, but you might still convicted because of it.

message retention has literally NEVER been used as incrimination in a court of law. So you are wrong.

Umm, isn’t this related? https://www.theverge.com/2024/4/26/24141801/ftc-amazon-antit...

This isn't Amazon getting in trouble for implementation of a routine records retention policy. It's Amazon getting in trouble for violating a document retention mandate related to an ongoing lawsuit.

I don't think so. Corporate communication is bound by different laws and you have way higher burden of evidence in case of legal requests. I don't think this creates a precedent for personal communications.

Yes, but if I’m reading it right, Amazon staff were already inder instruxtion to retain and share data relevant to an ongoing investigation. They were aware of the process and, if the article is to be believed, worked against the instructions.

That’s quite different from turning disappearing messages on when you’re not explicitly under insteuctions to keep records.

No. That's a civil discovery matter.

Its also a private business directive not a law

The retention time can be set by individual conversation not just the whole app.

Ephemeral messaging is not a crime.

Given historical backups are the norm here, retention only does so much.

Really, apps should encrypt their own storage with keys that aren't stored in the backups. That's how you get security/privacy back.

Many people want control over whether they back up conversations with others, and think it would be crazy for sender to control the retention policy instead of receiver.

I think sender should just be able to send a recommended preference hint on retention and you could have an option to respect it or not.

> That's how you get security/privacy back.

Nothing an app does on a device guarantees you security or privacy if you don't trust or fully control the device.

Yes, but they'd have to issue another one of these snooping demands to either the app's developer (there's loads of developers so this would get out of hand quickly) or to Apple to patch the build or read the memory or something to get the unencrypted data

This current demand isn't blanket access to your device, it's access to things uploaded to Apple's online storage service. Having to get a backdoor that works with every app's encryption takes a lot more work while running the data through an authenticated encryption algorithm is relatively trivial for a developer

I use a patched Signal client that disables retention deletion and remote delete messages.

and that's awfully rude of you, but if you were concerned about message retention you wouldn't do that. so what's your point?

Nothing rude about it -- if the protocol depends on client-side s/w to pinky-swear it respects message retention, then it's an insecure protocol.

I like signal and use it, but I already thought message retention was pointless. It seems at best a trusted informal protocol you can use with known parties but not something you can really rely on.

Nope. I actually think that would bring more scrutiny and so I feel safer knowing it's not be cracked.

No more illogical than trusting Apple's security because it is ... Apple.

Well, here you are discussing why UK law needed a pass because they are literally blocked by Apples security. Talk about Low IQ

Thanks for the attack on my IQ. I see I have nothing to worry about.