Nostr Web Client

What if DMs were device-based?

We could use a secret from the device to create a new private key to use exclusively DMs. Since the new DM key can stay in the device's secure element, there is no way for any other device to access your DMs, even if you keys leak (they will inevitably do).

Pros:

- avoids leaking DMs when the nostr key leaks.

- DMs that expire when the phone expires

Cons:

- users cannot migrate the DM history to a new phone/client

With private group DMs, we could add all device keys in a single DM message so that current devices of a user can read the DM history.

Reply to this note

Please Login to reply.

Discussion

signal_and_rage 2y ago

👀

captain ☦️ 2y ago

👀

Petroit 2y ago

Why do you believe that the private keys will inevitably leak?

Vitor Pamplona 2y ago

I know users :)

Petroit 2y ago

Tourne1 2y ago

Problem is, devices are pseudo IDs since most people use only one device with no VPNs and integrate everything.

So, annonymity will become impossible since they can identify the sender via the unique device keys.

Content will still be encrypted though 😁

de028ec6... 2y ago

Add i2p and ipfs...

Cast Iron Hands 2y ago

Might there be a way to download, encrypt, and export a DM file to then be uploaded and decrypted by the new device?

faisal 2y ago

I like it. Can’t the private key be migrated to a new device?

Vitor Pamplona 2y ago

No, that's the whole point. The key cannot leak because it can't exist anywhere else.

roctiv 2y ago

Idk but it sounds like a great idea. I don't like how DMs work on Nostr now. Maybe it's possible to send the messages to a another device, in case you have a new one

de028ec6... 2y ago

That is already how secret chats work on Telegram on Android. To transfer the secret chat you need to hack the database.

threeseries 2y ago

Interesting idea. Would the messsges be sent peer to peer then or would they still be communicated via relay? Personally I worry though about things that cause lock in to specific clients (there's a kind of centralization risk for nostr there too).

The idea of using a different key for DMs does seem useful, maybe even one that can be rotated to give forward privacy. I was working on a NIP last week for a type of onion routing for DMs and there it was suggested to use something like RSA keys. Reason being that messages can be decrypted without knowing who encrypted them and this ends up improving privacy under that scheme: https://github.com/nostr-protocol/nips/pull/499

Vitor Pamplona 2y ago

Relays are a nice feature. P2P doesn't really work because the two devices are rarely online at the same point, even if the two are fully-connected phones.

Jaspion 2y ago

What if device keys also got stolen? Then the DMs can also be read.

Maybe it's better that no server stores the messages. Storing would be responsibility of the device, not the server.

This was, even if the keys on the device would be lost, no message would be compromised

Vitor Pamplona 2y ago

If it's is in the secure element, its impossible to get the secret out of there.

brian 2y ago

Like with my ledger? 😅

de028ec6... 2y ago

The silicon does not support printing secrets. Same for ePassport, it does not support printing your fingerprints. The only way to extract them is to hack the transistors or root it if it is more complex system like Intel CPU.

The way it works is that it derives some symmetric key and gives it to you or even encrypts data for you.

someone 2y ago

I think this is a good idea but should be another kind (not 4)

JohnOnchain 2y ago

Can IR be used to fight this ?

DZC 2y ago

Actually it could fix the metadata leaks problem, if a new key is used for each contact, I reckon.

Vitor Pamplona 2y ago

Though I would expect these new data mining algorithms to easily rebuild the metadata from other information. Humans are too predictable.

PABLOF7z 2y ago

I knew you were going to say that

Kevin Ashworth 2y ago

If a goal is widespread adoption, I suspect this would work against that.

I think what people want is easy messaging but without spam/scam. Not difficult messaging. “Was it on this phone? That phone? Was it on the desktop computer? Which browser? No, must be the tablet. Nope not there either. What the heck happened to that message I want to re-read?!”

Léo Griffo ⚡🇧🇷⚡ 2y ago

I agree!

It would make for a niche adoption.

mutatrum 2y ago

Laughs in Ledger firmware update

jb55 2y ago

this is how it should be imo

page394 2y ago

Sounds good but need a device to device DM history transfer type situation like you do when setting up Signal on a new phone.

Vitor Pamplona 2y ago

Even if that opens many opportunities for security breaches no matter how well implemented?

page394 2y ago

Look at signal as a case study, has there been many breaches with their design? You can only have dms on one device at a time, transferring them deletes them from the old device.

NunyaBiznus 2y ago

You can have dms on 1 cell phone and 4 additional devices with signal. Messages are available on any/all devices from the moment each device is linked (no backwards history available)

Vitor Pamplona 2y ago

Sure, but Nostr can't keep your DMs in your phone only (relays and the other party have it and can prove it at any point in time).

We have to address security in a different way.

Moss 2y ago

DM that burns after reading

Léo Griffo ⚡🇧🇷⚡ 2y ago

I'm new to nostr and the whole decentralized world, so my question might be trivial.

When the time comes to change the device would you lose the network you built? Could you sign up to the new device with the same use name and still be verified?

One issue I see for less developed countries, like Brazil, is that cell phones are stollen all the time. It's not rare cases of people buying a new phone to have it stollen the next month. I device based identification would be very impractical for this scenarios.

Vitor Pamplona 2y ago

Currently, no. You just need to sign in with the same private key. Make sure to export it from the app and keep it safe.

Léo Griffo ⚡🇧🇷⚡ 2y ago

I believe I wasn't clear sharing question.

I understand a little bit how it works now. I would like to understand what you are proposing.

For what I understood, each device can be logged in to one user and the user will be linked to that specific device. Is that correct? If that is the case, my previous question comes with that assumption.

Vitor Pamplona 2y ago

On the new idea, the nostr master key would generate a new key for every device. The user wouldnt be able to export it. When you change phones, people would be forced to rotate their keys for the DMs, not for the rest of nostr. Their profile stays the same, but messages go somewhere else.

If we then add private groups (nostr doesn't have this yet) we could add all device keys in the same "group" so that all your DMs can be seen by all your devices.

Léo Griffo ⚡🇧🇷⚡ 2y ago

Got it! Thanks!

756240d3... 2y ago

Keys on proprietary hardware are not secure. A better solution would be an open source security token as described here for email:

https://www.kuketz-blog.de/gnupg-e-mail-verschluesselung-unter-android-nitrokey-teil4/

Even more secure would be an open source hardware wallet with display and seed backup on steel with nostr and openpgp feature. nostr:npub1tg779rlap8t4qm8lpgn89k7mr7pkxpaulupp0nq5faywr8h28llsj3cxmt

Hruss 2y ago

I am for it. The idea is very good. We need this. And one more thing. Imgs within DM...we need some kind of encrypted img format on the relay and when user get img on phone, the img is decrypted in secure space. When img is decrypted, comfirmation is send to relay and incrypted img expire in 1 day. So example. Sender take picture with camera. Sender select this picture in Ametheyst app within DM. Picture is automatic encrypted in the phone. When user click send, msg is send to relay with text and encrypted img. ...

kennytaylor 2y ago

SimpleX does a bit of this. Each DM conversation uses a unique keypair. Great idea.