Disconnect from xx Network
This section describes various ways to disconnect and how they differ.
- Close the browser
- Leave selected channel(s)
- Log out
The first two leave encrypted application cache in place, so if your password is strong enough and you can't be compelled to disclose it, that is safe enough.
The third way clears encrypted Speakeasy cache. This is similar to closing the browser and then clearing all cache apart from history.
As mentioned earlier Incognito/Private Mode cannot be used, so its usefulness is not considered.
Comparison
| Item \ Action | Close browser | Log out | Leave channel |
|---|---|---|---|
| Speakeasy cache | Remains | App cache deleted | Remains except for deleted channel |
| User's codename | Re-enter password | Load codename JSON | Re-enter password |
| Channels | Remains | Must re-join all | Must re-join channel(s) |
| Admin keys | Remains | Must load, if any | Must re-load for left channel(s) |
Discussion
The most secure option is to Logout (application settings) every time.
But that also means the next time you want to use the app, you'll have to restore identity (or create a new one), rejoin all channels and (if you administer any) load admin keys. This is safe, but time-consuming and may require frequent access to a password manager and therefore expose you to additional risks.
If you only wish to remove certain data from cache, it may be enough to Leave Channel (channel settings) and close the browser.
That leaves application cache in place, but without the questionable channel. While this is better than leaving the channel in place, it's not foolproof. For example, if your password leaked your codename would become known or someone could check their channels to find your activity. Or they could paste intercepted invites to re-join those channels using your codename.
For the paranoid and those on shared computers (which by the way may have keylogger), it is better to log out as long as you don't mind doing repetitive steps every time you start the application.
Most practical approach for those who cannot be compelled to disclose password is to use a strong password and close the browser.
Disconnection vs. data retention
Text below is based on my understanding of how browser cache and xx Network databases work. I have not inspected the source code.
Data retention on xx Network is currently 21 days.
Data retention on a Speakeasy client instance is not limited, so as long as the client doesn't clear its browser cache by logging out or otherwise, messages will be retained over 21 days. User who connects from two desktops may have 7 days of conversations in the cache of one Speakeasy instance, and 27 days in another.
These server- and client-side retention values and behaviors can and probably will be adjusted in the future.
Currently there's no way to customize data retention and make it shorter. Consider this simple workflow to make message deletion a habit:
- Sender: sends message
- Recepient: reads message and acknowledges with an emoji reaction
- Sender: deletes message (which deletes it for everyone who is online). This can also also be done by a channel admin who can also remind recepients to acknowledge messages that seem sensitive
Also note that the sender who goes offline before step three will not have the message removed from local browser cache even if administrator deleted the message in step three: the sender would have to go online to delete the message or have it removed if it was deleted by a channel administrator.