this is the same idiot security by obscurity nonsense that unfortunately prevails among nostr devs

you can fingerprint events to a client codebase, EASILY

just like you can easily analyse a series of REQ filters from one IP address to establish the npub of the user, and, to add to this, now we point out also thet client can also be fairly confidently determined

this is why auth should not be considered a privacy vulnerability, and why client fingerprinting should not be considered a privacy vulnerability

bullshit on both counts, and i just had to point that out because this thing about auth and privacy has stopped clients from building adequate CHANNEL CONSTRAINED privacy protections for DMs and thus have made DMS virtually fucking useless