NostrGram verifies the signatures of all events going into its caching server. The client isn't currently re-verifying the events once they reach the client from NostrGram's database since 1) they've already been verified and 2) event verification is a CPU expensive process so it saves the mobile devices CPU and battery power. But it would be simple to do. The function is in my library. I'd just have to drop a line of code into the client.
Discussion
ahhhhh so nostrgram indexes them in a middle layer, and client fetches from nostrgram?
even this is good though actually, if nostrgram is shielding its' users from this
imo, no client should ever show a message that isn't sig verified. but in nostrgram's case: it fits my ask, considering it has a middleware layer ☺️
Yes that's what it does. Also saves a ton of bandwidth for mobile devices since they only have to read from one server instead of a dozen or more. It's currently indexing the top 100 relays, but I'm updating that tonight (doubling it) now that more relays are coming online. Writes go out to all configured write relays in the usual way, but of course writes are a tiny fraction of bandwidth and CPU usage to create the signatures on those.
this is a really good approach. actually for the simple clients (the ones i imagine will onboard the masses who shouldn't care how nostr works internally), should follow a similar architecture. really good work