I was wondering if there is any kind of encryption involved regarding DM at the moment? Can someone with the npub request all DM of a person from a relay or am I missing something?
Amethyst's new DM model will allow users to backup their outgoing DMs to a separate Nostr pubkey. If somebody gets access to the main key, they won't be able to find or even count your outgoing messages.
That will create a new class of micro apps to manage DM backup and recovery.
To recover DMs, the backup client re-signs all past messages to a new key your main client just created. If you have two or three clients, you can use 2-3 DM keys. The backup client can keep forwarding your own backed-up DMs to 2-3 other keys so that all clients can sync and see the same messages.
There are lots of interesting features of this model. The most important one is that when re-signing, the date/time of the original message doesn't need to be shown. The backup client re-signs everything as of today.
The public doesn't know these are DMs and doesn't even know if the public date is relevant or not.
Want to know more? Here: https://github.com/vitorpamplona/nips/blob/sealed-dms/24.md
Discussion
Yes DMs are encrypted rn. But only the content of the message. Who send to who at what time can be seen publicly.
But the new nip is supposed to fix exactly that.
But how would the key exchange take place between sender and receiver?
There is no key exchange. The protocol sends an encrypted message from a new random key per message to the pub key of the person.
You can count how many "encrypted things" a user is receiving, but you won't know where they are coming from, if they are real or not, if the date is correct or not.
why does no one talk about nip 101 and what nostr:npub1tm99pgz2lth724jeld6gzz6zv48zy6xp4n9xu5uqrwvx9km54qaqkkxn72 has done with npub aliases? also i think iris desktop is using. seems promising to me, but no chatter
Because ideas with aliases and other shared key protocols require you to trust the counterparty you are talking with. They can leak all your conversation at any point without leaking their private key. There were many proposals, but they all require some level of trust in the counterparty or in a private relay operator, for instance.
This one does not. You can talk to your worse enemy and they won't be able to expose you unless they expose themselves as well (leak their main account's private keys).