I like nostr dms. I don’t care if they are not really private. Just like the convenience of not having to open another app.
But if we get truly private PMs that would be awesome 🤩
Discussion
iiuc the content is private, but the fact that you have sent messages, and the participants are not?
Content can get exposed to all forever and a little weird that you can see who talks to who
Yeah, I meant so long as the content is encrypted, all's good, but yea it would be nice to not have the public not know who you're DMing.
I just had a thought though about that though (thinking of editing the wishlist article with it):
Not sure what's happening in the backend of how DMs work on #nostr, but instead of one npub DMing another npub and encrypting/decrypting the Convo between the two, why not have a 3rd note type created as an in-between two individuals and have that encrypted? The result would be that the public would see someone DMing a random note/string with no metadata of a person.
I hope I conveyed that idea well.
nostr:note18hnwyv9ju9zf29pv9wu26tqd9fa0xq2lsltejfl8z0v90gy3jjtsdrzqr0
I believe Nostr clients shouldn't use the Nostr protocol for DMs, rather something like SimpleX embedded in the Nostr Client itself (if possible).
Much more private and secure conversation.
cc: nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn
Seems to be the consensus already
Ohh is it. Wasn't aware of that.
It's too bad SimpleChat doesn't integrate with nostr. They could change their client to use nostr identities.
Anyone reach out?
The point of Simplex is that there are no identities at all
That is the BS part of it. If you have a list of people in any app, you have identities. It might be a lightweight identity. It might rotate, and it might be different for every other user, but it is still an identity nevertheless.
The idea I like of creating different “addresses” for incoming messages, and then dumping that if it gets too spammy. Not having a long-term pubkey as your address has that benefit.
You could probably do something similar on nostr, but you still get metadata leakage.
I came to the conclusion that nostr is way too public in too many ways to be a serious private message protocol.
The work never ends. I’m tired. Does SimpleX need a server though?
Yeah they have relays which are a fancy message queues, you can even run your own. Servers are good. p2p is not reliable, especially for async comms
I agree. It was one of my early beefs with Nostr in general: having one key for everything is pretty bad.
We could do the QR code thing they do. When meeting a friend you can generate a new QR code for a super private chat. Metadata still leaks but it's not associated with your main Nostr identity.
We could even use NIP-06 key derivation (say one key per friend) to reduce metadata leakage if that is the only concern. In that proposal, only the seed can rebuild a friend's list. Apps could rotate keys by just asking the Nostr Id for a new one.
Let's not make perfect the enemy of the good.
I wouldn’t say it’s consensus. It’s just an idea at this point. My approach right now is:
1. Learn the protocol to see what can be learned
2. See if it makes sense to apply some of their techniques on the nostr side
3. If not, investigate ways to make it easier to integrate into apps, nostr or not. Having a multiplatform simplexclient would still be cool on its own. If I can integrate that into my desktop client that would be neat.
I would love an advanced async communication tool that has public and private use cases. I don’t think you need to use nostr for everything. Use the right tool for the job!
Me too.
I don't mind to leak this sort of info when I message with nostr users that I already interact with publicly.
Of course the protocol should improve on this, but it is a damn good start.
And a more privacy rigorous use is already possible with some manual skills: create a fresh key and send to the other party a nostr JSON event certifying the new key signed with the original key, the receiver checks the validity of the embedded JSON with nak.nostr.com
згодна : agree