I disagree with the idea of allowing backup/restore of conversations defeats forward secrecy. There's a big difference between decrypting past conversations and decrypting chat logs. I have full control over my chat logs, I can choose to delete them, not store them with some people, encrypt them with a different password and rotate them monthly, etc.
Even Signal and other apps store all your messages on your device, optionally locally encrypted.
Forward secrecy is so that you can't just steal the key and network traffic and get _all_ past messages, regardless of whether or not I wanted to archive them. And getting my live key doesn't mean getting all my archived logs.
Worst case, make PFS without sync the default, but include a native feature for pasting into a shared document (Etherpad style, hosted by Keybase) for whatever your want to keep. Then you've got two spaces with different expectations, matching their capabilities.
And for attached files, they'd be displayed in a list while the chat is active, asking if you want to keep them in your keybase storage or let them vanish from the servers when you close the chat (delete their session keys).
That's an interesting idea. I think ultimately you need to trust the people you talk to though if you're discussing something private with them.
There's no technical solution to copying and pasting the conversation - try as you may, someone can always get a hook in there and dump the raw text out. Any technical measure you take against this is just as effective as DRM - a total half measure, vulnerable to everything from reverse engineering to the analog hole. The only solution is a social one.
Even Signal and other apps store all your messages on your device, optionally locally encrypted.
Forward secrecy is so that you can't just steal the key and network traffic and get _all_ past messages, regardless of whether or not I wanted to archive them. And getting my live key doesn't mean getting all my archived logs.