AUTH is never a replacement for encryption
Discussion
💯💯💯
Honestly, the protocol has been going downhill for a while as people try to be as lazy as possible.
Relays instead of encryption. “Relays” that are shitty versions of normal APIs instead of DVMs. Relays instead of a proper community NIP.
No one is stopping you from writing a better community NIP.
I don't understand why it's not possible to have both.
We can, just stop calling it even remotely private.
It is private, if you run it on a relay most people don't have access to and you encrypt the content.
I'm failing to see how that can't be described as private. You don't even need to run that over the open Internet. You could use a VPN or put it behind a firewall, or whatnot. That's actually what VPNs are for, after all.
i am just bumping into this and forgot just how retarded some nostr devs are about signals intelligence... prime case in point right here
auth stops you from being able to send the message
the websockets are TLS encrypted already
in the case of DMs and application specific data the content SHOULD be encrypted by the protocol (don't tell hzrd149 about that though, he does ASD without encryption which is retarted)
It's simple logic, from where I'm looking. If you put the relay on a machine you manage, you can use all security built into Nostr AND all security that can be implemented on the machine. That is a second, powerful security layer.
encryption is never a replacement for not sending out a message either. basic sigint