#asknostr 😂
Discussion
I was seriously asking lol... trying to understand what the problems are in your opinion, so that we can collectively all figure out how to fix the problems you see
😁🫡 The fix to nostr DMs is to remove them completely. I’ll let others enumerate the issues if they want. Nostr DMs are garbage.
Funny because they work for me almost all the time. Maybe your clients just suck at them. Don't turn a client problem into a protocol problem. Otherwise, nothing never works.
Nostr DMs are events and everyone can see who is DMing who and when. Nip17 is solving some of this error.
But the biggest theat is they if the nsec is compromised, the DM’s are all open and considered leaked too.
It’s just bad all around
you're talking about nip04, that's been deprecated for a long time, most clients should have switched to nip17 already, those who don't are just being stubborn. I completely understand the reason to avoid nip04s
Private messages aren’t private at all in the event of a key leak. There are safer ways to DM
NIP44 does NOT leak key information, again you're talking about NIP04. Nobody should EVER use NIP04. We're talking about two different things
Nostr is for public events. There are safer ways to send private events than nostr
Sure, nostr:npub1yy9wdef5us8af5q3zl3fs5usndygl3wge7xj5qkk5mtq2g4swwhs9ls23g is going to be one :) but again, I don't see anything wrong with nip44 to message people
I think you guys are talking past each other a bit.
nostr:nprofile1qqsxr0mepvsfftasxj2uncfk4nmpt0s0enpvh9d44na47mxwlcvtqcspr3mhxue69uhkcmm8v4hzucn5vdnx7unsd3jkyuewvdhk6tcpr3mhxue69uhhyetvv9ujucn5vdnx7unsd3jkyuewvdhk6tcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz2vvjh is not saying that NIP-44 leaks key data. His point is that if a user's private key is leaked by ANY means, then their entire private message history is viewable by whoever has the key, even for NIP-17 DMs, because even though they use NIP-44 encryption, there is not forward privacy.
That said, we're talking about DMs here. On literally any other social network, if someone can log into your account, they can see your DMs. The answer is to be careful with your private key and not use Nostr DMs for sensitive private messaging. There are better options for that.
nostr:nprofile1qqspwwwexlwgcrrnwz4zwkze8rq3ncjug8mvgsd96dxx6wzs8ccndmcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9mhwden5te0wfjkccte9ec8y6tdv9kzumn9wshszxrhwden5te0ve5kcar9wghxummnw3ezuamfdejj7ekel7y and team are building something promising with Whitenoise, which I believe is NIP-EE, but that kind of forward privacy isn't always desirable either, as it comes with tradeoffs when you use multiple devices/clients.
I am all for NIP-17 for standard DMs, especially when paired with auth, and NIP-EE when you want/need forward privacy.
fine, but if you leak your pgp key, your email is also readable, haha
I do agree with you tho that whitenoise is perhaps the correct solution for nostr DMs
I don't know about that.
There are a few paths forward, with different tradeoffs.
1. NIP-EE never gains much adoption and all major clients just use NIP-17. This is probably good enough for most, so long as everyone has a workable setup for DM relays, which means the clients will need to have reasonable defaults there. Users who change their DM inbox relays to ones that don't support auth will end up having recipient metadata leaked, but those who use appropriate relays will be fine. No one will have the content of their messages viewable by anyone else unless they somehow leak their private key, but they will have the benefit of being able to see all their conversations regardless of what client they log into.
2. NIP-EE gains traction and fully replaces NIP-17. This will result in extremely private DMs, including forward secrecy in case of a private key getting leaked. However, it will also result in not all DMs being visible if you use multiple clients. Only the messages you sent and received on that particular client will be visible, and you will have to remember which conversation is available on each client if you want to refer back to it or continue it. Those unaware of how forward privacy works will also see it as a bug and assume that Nostr DMs are simply broken since not all of their conversations are visible on all clients.
3. NIP-17 and NIP-EE are both used on Nostr, but in different contexts. NIP-17 is used in most clients for general messaging needs, and no clients remain that are using NIP-04, so you can be reasonably assured that folks you send a DM to will see your message. Meanwhile, there are separate clients for those who prefer the forward privacy of NIP-EE, and they know to alert the recipient that they are trying to connect with them privately by other means, since the recipient may not yet have a NIP-EE client. The downside here is that many people will still just use NIP-17 DMs for even their most sensitive communications, even though a better alternative is available, because that is the DM standard used in their favorite client.
4. The worst option... We just continue the same way things currently are, with some clients still using NIP-04, despite it being long deprecated; others using NIP-17 to greater or lesser effect based on how well they implemented it; and still others using NIP-EE. This mess will continue resulting in users having to figure out what type of message their intended recipient can receive and make sure they have a client that can send that type of message, or else what more commonly happens because most people don't know better: they will send a message with the assumption that their intended recipient will receive it without issue, only to later find out that they never saw the message because their client doesn't support that type of DM.
Of all of the above, I think I would prefer option 3, but 4 is the most likely to occur.
Nostr MLS solves it if you want forward secrecy
I'm gonna DM you from Amethyst and you'll never see it 😂
Exactly 🤣
just sent you a dm. from amethyst. I assume you got it
I did. Its not in primal though because they use different NIPs. Part of the problem.
Primal's DMs are NIP-04, they are terrible, and the primal team should update ASAP if they care AT ALL about user privacy
Its actually on my to do list to a PR to get NIP-17 DMs in Primal because you're right
What is holding every client back from fining the DM standard? It’s unacceptable.
Honestly, laziness.
NIP44 (used in NIP17) is a different encryption scheme. It's a little harder to implement (and I say A LITTLE, because honestly any competent developer should be able to build it).
I’d love to just use KeyChat but you never even know if your recipient will see your message because it isn’t backward-compatible.
Never used keychat personally, but amethyst works well with DMs, as does 0xchat
KeyChat runs on iOS so it’s easier for me than using Amethyst which isn’t on my primary device. I have 0xChat installed but not signed in at the moment.
ah you're an ios user, I see. seriously I think nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z should focus on rewriting the app to use compose multiplatform, so we can have amethyst everywhere
He keeps teasing us but it never happens.
Maybe you could try using Aegis as your signer on iOS.
I don’t even know what that is, but if it uses NIP-46 I got bad news for ya.
It’s a nostr signer for iOS. Unfortunately, on iOS you can only log in through NIP-46, but Aegis uses a built-in local relay as the bunker relay.
On the surface, it sounds amazing and I would love to use it, unfortunately I recently learned that the NIP-44 spec for encrypted payloads which all NIP-46 signers use has a data size limit of 65535 bytes, and this happens to be too small to transfer my follow list, which is over 200 kb. I discovered this while trying to enable that feature in #PlebsVsZombies a few weeks ago. I might be an edge case, but that’s a hard cap I can’t get around and it seems much too low to support steady user growth. If I’m following around 2800 users (down from about 3300 due to culling my zombies) and my follow list is still more than 3x the size limit to use a NIP-46 signer, that caps the maximin number of follows to around 900.
Why does your follow list need NIP-44 encryption? Isn’t it a plain text list?
the number of ways in which the hurriedly ushered in "better encryption" protocol was screwed up was many. i didn't know it had a max payload limit
I implemented it into Bloom in like 10 minutes it's not that hard
I suspect there's also a lurking suspicion that NIP17 is not the solution so may as well take a pass on it and wait for the next thing. and on nostr there's always a next thing.