* Leave the prevMessage out of Activity serialization to save BW.
  Do include it in the data that gets signed, so it can be recovered
  by trying each likely (recently seen) Activity as the prevMessage, and
  checking the signature.
  (If doing this, might as well switch to SHA512, since hash size does not
  matter.)
* loadLog should verify the hashes (and signatures) in the log, and
  refuse to use logs that are not valid proofs of a session.
* Encryption!
* Add random nonce to start message, to avoid replay issues.
  (Or perhaps the encryption derives a RSA key in a way that avoids
  replay..)
* Network!
* Server!
* gpg key downloading, web of trust checking, prompting
  Alternatively, let debug-me be started with a gpg key,
  this way a project's website can instruct their users to
  "run debug-me --trust-gpg-key=whatever"