Open qdhj opened 9 months ago
What is the use case for a ban phrase?
I imagine something like a revocation code/certificate that, when published, blocks all communications to/from a Session ID, which could be useful if a user's Session account is hacked to stop it from working (to stop impersonation), but is this what you have in mind?
However, assuming the above, I wonder about the following about revoking Session IDs.
Overall, I don't think it's a good idea. Perhaps other communication channels should be used by a compromised account user to alert their contacts about their compromised Session ID.
One use-case I can imagine is if the user is being coerced or forced to reveal access to their account. By providing the "ban-phrase" instead of the correct one, the system would automatically erase the sensitive data in question to protect the user. But I'd imagine that for many this use-case might seem too extreme.
What is the use case for a ban phrase?
I could be a journalist (or a political activist, or gay in a country where being gay is forbidden, etc), who could be forced by, for example, government to reveal my Session mnemonic seed, so all dialogs for last month could be restored. In case if resisting is hard and dangerous (perhaps, I could be tortured for that), I could play that I'm ready to cooperate, but reveal to them the wrong mnemonic seed (both could be stored eg. in my password manager under different names)
Is there an existing request for feature?
What feature would you like?
Pretty interesting feature - "ban phrase". It is a second seed-code, inputing which will not restore, but completely delete your Session account and all the dialogs.
Not very important, but useful feature, if implementing it is easy.
Anything else?
No response