Subnostr

The kinds are guesses at what events people may want to read-protect (some merged some not). DMs, giftwraps, private zaps, DVM responses, and nostr connect.

fiatjaf 2y ago

Well, inbox relays like that were that required AUTH for reading were my proposed solution for DMs and other secretive things since a long time. It's not only safer and more private, it's also more efficient for all the clients involved if they only read DMs from one place and publish to one or two places.

I was trying to get nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn and nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z to care about it and put it on the NIPs and get the clients to enforce a tag like "dms" on kind 10002, but I'm not sure I succedeed.

Reply to this note

Please Login to reply.

Discussion

Vitor Pamplona 2y ago

I agree with this. We only left "dms" out of NIP-65 because we didn't really have an implementation using it yet and it was a bit confusing at the time.

Also, I don't think the label "dms" is appropriate. "private inbox" seems to be better to include all other event kinds that can send to a user's private relay.

Mazin 2y ago

I just made the relay publicly available to test implementations. I added inboxes for all of your pubkeys. Let me know if you need other test accounts added. wss://inbox.nostr.wine

Vitor Pamplona 2y ago

I think nostr:npub1acg6thl5psv62405rljzkj8spesceyfz2c32udakc2ak0dmvfeyse9p35c will love this

Mazin 2y ago

Just added his pubkey too! Let me know who else I’m missing. I sent a DM to nostr:npub1dww6jgxykmkt7tqjqx985tg58dxlm7v83sa743578xa4j7zpe3hql6pdnf and nostr:npub10td4yrp6cl9kmjp9x5yd7r8pm96a5j07lk5mtj2kw39qf8frpt8qm9x2wl as well and added their pubkeys too.

Mike Dilger ☑️ 2y ago

May I ask a few questions? If all REQs require AUTH, and somebody wants to send me a kind-1 reply, you accept the AUTH even if you don't know them? Or sorry, you don't take kind-1? If I make it an inbox relay, people will try to put all kinds of inbox events there, and you will only take some of those? Or do you accept it all and only allow the p-tagged person to read the ones of the kinds you listed?

I think an inbox needs to accept anything tagging the authorized users, of any kind, but only allow the authorized tagged user to read those back. Then no content needs to be moderated because only the recipient can see it. In my inbox design, I would also accept and serve 10002 from everybody just to promote that, but it's not necessary.

Mazin 2y ago

This initial design is to focus only on events that need read protection. I get generically the idea of everyone running their own inbox relay that accepts all the posts tagged to them but that is not what I’m trying to achieve here and I don’t see what advantage there is to reading a kind 1 from this relay vs any public one.

All REQs require AUTH but writing events does not. As long as the tagged user in the event has an active inbox, the event will be written to the relay. Since as you mentioned no content is moderated in this approach, I added a special use of kind 1984s to treat spam reports as delete requests that are automatically honored by the relay as long as the user reporting the event is the user tagged in the event. This allows you to treat the relay like a personal inbox and simply delete messages “sent” to you even though you are not the author.

Mike Dilger ☑️ 2y ago

Ok the problem here is that if I specify that relay as my 'read' relay, clients will send kind-1 events and they will fail. Then I wont get that event at all. Most clients don't fail over to the next read relay. There is no way I can tell people per-event-kind which relay to use.

fiatjaf 2y ago

Why not? You can standardize these things in the NIP -- either in NIP-65 or somewhere else --, then add a marker that is not "read" but "dm", for example, and have DM clients send DMs to those DM specific relays.

Mazin 2y ago

I do think a designated relay for “private” events would be useful.

For what it’s worth, I’m happy to also build truly “individual” inbox relays that accept all kinds and work exactly as you have in mind nostr:npub1acg6thl5psv62405rljzkj8spesceyfz2c32udakc2ak0dmvfeyse9p35c but I don’t expect many users to run their own. If they did, I have to assume speed and uptime would be poor on average making the client experience worse for everyone. I guess I’m not totally sold on the tradeoffs, personally.

We could offer it as a paid service (where we host them), but then are we really accomplishing anything by doing so?

Mike Dilger ☑️ 2y ago

Do we have a PR on NIP-65 to add a 'dm' relay where we specify the kinds of events? If not we should open it and start the debate

Mike Dilger ☑️ 2y ago

Ok sure we can do that. We haven't done it yet. So this is just for expermentation then at present?

water783 2y ago

Interesting, I will try it out

Water Blower 2y ago

Will try it out as well

Mazin 2y ago

Let me know if you guys have any feedback/changes or issues! I’d like to adapt this so it fits as many use cases as possible.

I know some of the current group chat proposals/implementations will likely need additional features.

hodlbod 2y ago

I might be coming around to this position soon. I'm going to do some experimentation with supporting private groups with encryption vs AUTH'd relays.

The one thing that needs to be solved (if we assume relays can protect content) is leakage of content to the wider network through re-publishing. Gift wraps do this, but require decryption. Here's my idea for a lighter-weight method, I'm curious what you think of it:

When publishing a "private event", the signature is calculated based on the normal hash + the relay's url. But the relay's url isn't included in the event. This way, even if an event gets re-published to other relays, the signature will fail naive validation and be rejected. Relays could brute-force the signature by attempting validation using every known url, but this would have to be re-done every time the event was validated.

So, it basically works the same way paywalls do, not by making it impossible to share private content, but by making it too annoying to bother with.

Mazin 2y ago

Interesting idea. The good news with DMs specifically on an AUTH relay is that the republishing can only be done by the author or the recipient since nobody else can see the note anyway.

With private chats as you mentioned, it’s a bit trickier as the group grows. But, I would think there is some level of trust in a “private” chat anyway so perhaps you can rely on those users not to rebroadcast the event (if the original publishing of said event is made to an AUTH relay)?

hodlbod 2y ago

You could, I just wouldn't really want to. A misbehaving (buggy or malicious) client could easily re-broadcast private data, users could export/import private data, etc. Having a hurdle to jump through seems helpful.

fiatjaf 2y ago

Instead of doing that, which would require rewriting all existing Nostr libraries, you could do some math with your keys such that users of that relay still know it's you, but everybody else don't.

hodlbod 2y ago

That's the whole point, everything currently has assumptions about what is a valid event. This breaks those assumptions, which means unless implementations opt-in, these events will not be propagated

fiatjaf 2y ago

I'm not sure I got the use case correctly, but if you hash the relay URL, turn that into a scalar and add the number to your private key you'll get a new private key.

The receiver can check who is the actual sender of that event by hashing the same relay URL, multiplying that with G and subtracting that from the pubkey that is written in the event.

fiatjaf 2y ago

See https://gist.github.com/fiatjaf/586b55ca99d61e0655478f1abad1886e#file-relay-hash-key-tweak-js

hodlbod 2y ago

Right, but what I want is for relays to reject the event as invalid unless they're specially configured. Because regardless of which key is used, the content may be something that shouldn't be shared (think patreon content, which is usually shared with a static access token)