Or maybe the answer is that this is a social issue rather than a technical one and I should just not be communicating with anyone I don't trust to not do that

@mjg59 You don't know whether they are using fucking Windows Recall or whatever it is called now either, so if you don't trust who you are talking to, you are fucked anyway.

@mjg59 iirc signal's official position is that forks shouldn't be used and i think there was at least one case where they threatened to enforce the "You must not (or assist others to) access, use, modify, distribute, transfer, or exploit our Services in unauthorized manners, or in ways that harm Signal, our Services, or systems." ToS clause

@mjg59 maybe like matrix show which clients the other person uses

@shadowwwind @mjg59 presumably without a centralised list of clients and their keys the client could just lie about that though.

@mjg59 You probably know better than most others that one could use attestation to cryptographically identify the client, but is that really what we want?

I see it more as a social problem. People could be screen-recording your conversation anyway, even with the official client.

@mjg59 I fear your pool of worthy communitcatees may be rather small.

@mjg59 If you're really unlucky they'll remember what you write to them

@mjg59
Basically this.
The trustworthiness of the person you are talking with is part of your threat model. You shouldn't be sharing information with someone you don't trust regardless of how exactly we can confirm their identity and ensure the channel's security.

@mjg59
Regrettably, this post gets my backing.

I mean it's essentially my repeated advice to my kids, isn't it?
"Once you send that private (picture|text|whatever), it's up to the recipient to *keep* it private."

There's rarely a good technical solution if the other end of the conversation isn't trusted.

But you know all this. I'm just lending the weight of a Random Internet Guy to the social>technical vote.