%UX1U1gKWO5knOWI+ZHpeDlr43hsJiuEbgjCoMf7Ink0=.sha256- Yes! All content in your feed is cryptographically signed. As far as I understand blobs (images, videos, files) are not signed, but the message you use to reference them is.
- Yep, you can see when someone posts a private message but you can't see the content or who the recipients are. An attacker may be able to correlate message times if you're chatting back and forth quickly.
- You got it. Assume everything is public unless you're sure it's private. In Patchbay you can click the + next to posts and (if you're a recpient) see
private: true. For example, when I look at this post I can see the content andprivate: true, which verifies that you (hopefully!) can't see it. - Bingo. FDE all the things!
- The only other thing worth knowing is that (as far as I understand) we don't have perfect forward secrecy in private messages. This means (again, as far as I understand) that if your key is compromised that the attacker will be able to read all of your private messages. More discussion here: %7w2PaPH...
As always: avoid trusting your life or well-being to cryptographic systems. Scuttlebutt is infinitely better than, say, private messages over Twitter, but it isn't a silver bullet.
%iZJd/syVGWKASzcI25RlNaxbi2lf+iFtoq808DcLXMg=.sha256Would be interested to know if this is the case.
My understanding is that blobs are unsigned and are only addressed by the hash of their content, but if an attacker had a copy of the entire network (currently semi-trivial) they could probably figure out who posted the blob publicly first. I could've sworn I'd heard someone talking about using blobs for all posts (which means the content is off-chain and can be deleted) but I can't find any threads on it.
Somehow @mikey has links for everything, fingers crossed? 
Nope, could be useful for immutable notes or reminders or something.
That message is actually a chess_chat post from me to @nealeratzlaff. The recipients (him and me) can read it but to everyone else it just shows up as garbled content.
I wonder if it is possible to delete private messages locally? That could be useful in some circumstances.
I don't know, this may be a good question to post to (#)ssb-learning or maybe even (#)ssb-dev. Some clients (like MVD) can edit posts, but those edits are on-chain and immutable so you can't actually hide anything that you'd like to get rid of. Blobs, on the other hand, can be deleted and I don't believe they'll be re-downloaded unless you download a new message with that blob. Don't trust any of the above, definitely double-check for yourself.
Also what are the chances of your public posts being put on to the normal internet?
Assume 100%, although the default Scuttlebutt viewer code refuses to show people who have given consent. There's a checkbox on your profile in Patchbay to opt in if you'd like, I'm not sure whether there's one in Patchbay. For example, here's your post ("User has not chosen to be hosted publicly"):
http://viewer.scuttlebot.io/%3DIv0LGr10goRTHcvSuEKLeJ+YYIZ11E2UnqkOzIaF8=.sha256
Here's a thread on that change to require opt-in: %Rm7Bo44...
%qV9UCoe1l2nOEAZNa082geM7oMwGh8/jMW5zyn/doM8=.sha256+1 to what @christian said. Espc the clear-text keyfile and the unboxed private messages need to be a (maybe bigger) warning sign.
Theres also a very good write-up about how the gossip-mechanics work by @marina that shouldn't go under and is good for a lot of #FAQ: %gwCMzCa... (don't miss part2 linked by mix) cc #new-people
%8mNey2JaFKAUvv7aXlj1wXnwH550ivlH4EhHahgt8dY=.sha256I could've sworn I'd heard someone talking about using blobs for all posts (which means the content is off-chain and can be deleted) but I can't find any threads on it.
Somehow @mikey has links for everything, fingers crossed?
@christianbundy as you wish! 
%xj6Bkr6JrHG5EItmV4dum4nQnz6LI/LJivbr29/Lbsg=.sha256The scuttleverse librarian strikes again!
%FkgILigvZbK5bO+jj/OWKCJ6gZZllmkJ6ivoPEw3HUM=.sha256Thank you @mikey!
I've gotta ask -- do you have a method of organizing all of these links, or is your search fu just especially strong?
%mOcxrrP34hJAlInxrHyd/mJFj5Y80CaG6ILvMthL6PM=.sha256@christianbundy my past selves have participated in conversations since the beginning of this network, which are stored as vague memories in my mind and cypherlink graphs across threads, i search for what i remember and follow the links until i find the butts i'm looking for. 
%UzLM6ovq3F98Tl3oKY9FSv2hXHBw8teAyXu9NYly6NY=.sha256@christianbundy Storing messages as blobs is a great idea, I'm up for supporting this in mvd.
I gotta work all weekend, but if you want to take a stab at implementing this, I'd merge.
%S6WJ7v4PpioEJgu+FcOaUwW0GSKIZnRkswkpk/0/Fzo=.sha256I'll tinker around a bit and see if I can implement some high-level prototype to play around with, but it sounds like this may be in the pipeline at a lower level. I'll ping you if I can actually get it working, thanks!
%4OEHLIu2klv7yrYy9wMm6QyoEdyL62n0/UCMjiUwSIo=.sha256I tried to find a "ping" emoji and all I got was this lousy codepoint. 🏓
But really though, I wrote a small hack that requires changes to both secure-scuttlebutt and flumelog-offset. I've barely tested it at all, but it seems to be working fine. For now.
%hyGYCR0t8KE8kxTVEzHF9wReqOaASaAt/nRBkGq0u3E=.sha256@Christian Bundy Got the 
, checking it out!