I can login as you and see who is DMing you
Ah there is already a fix for this using the AUTH spec. Just don’t return DM kinds unless you are a participant.
Please Login to reply.
I think you can do better.
yes and there are many proposals that suggest that as well if we’re worried about relay metadata leakage. The auth thing is an easy first step though and is used for other things as well.
