Would be easy to add to damus’ imeta data on upload, but it hasn’t been a huge concern for damus atm because nostr.build is pretty trustworthy.
Would be even more useful if damus first downloaded and metadatad/hashed any pasted image url.
I think it's incredible that external references on nostr are not hashed.
It's really easy to tamper external references this way.
nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z
Discussion
It would need to be optional. Nostr is already a data sink, and my mobile does not need to download the 4000x9000 version of an image. Honestly I’m a bit surprised that more native clients don’t support something like imgproxy to reduce this burden and reduce IP address exposure.
Secure, uncensorable image upload/retrieval adds a lot of limitations that aren’t relevant to the average cat photo or meme.
Cat photo or meme for sure it's not very important, but If you have to report on war, like Israel vs Palestine, or anything where government will hunt down inconvenient truths, then you need to be censorship and tempering resistant
i wonder if blake3 would allow fetching a lower res from the same data? is there any image formats that allow that?
yes you can partially load data from some image formats to have a lower res/quality image and blake3 will allow this with hash verification
I can safely say that most of nostriches eggs are in one nostr.build basket.
That is too risky.
ridiculous that we have a distributed social protocol but only for text
and when nost.build goes down? goes woke? goes fed?