Of course this could be mitigated by creating different user identities.
As I said above, maybe the best option with burn-on-read and the two asymmetric options to delete old messages will be creating a second identity with its own set of rules to use in high risk groups and missions.
That is how it is expected to be used. For high-risk usage a separate “burner account” should be created, which is disposed after use: Security goals of Delta Chat - #2 by hpk
If regular account is used, there are other unexpected problems like backups, forward secrecy etc.
Maybe it makes sense to:
- Suggest enabling automatic deletion of old messages for burner accounts when they are created.
- Changing the timestamp used to determine if the message is old to sender timestamp.