Forward secrecy key agreement schemes prevent an attacker who finds a private key from decrypting previous messages, both parties need to use a new key pair for each message, usually algorithms like ECDH are used for this. You do one initial key exchange with ECDSA to have a way to authenticate identity, then every other exchange takes place with a freshly generated ECDH key pair / shared secret. After the message is decrypted the signature can be confirmed. Each message uses a brand new set of public and private keys for both participants, so if a vendor is raided and their most recent key is compromised it will not be useful for decrypting the entire history of messages, as they should be securely overwriting their previous private key with each message exchange. OTR does this automatically for instant message communications No crypto will protect communications contents from the person you send the communications to though. That is entirely outside the scope of cryptography, rather it is human intelligence.