The problem with NIP-29 is that we're setting up users to get themselves into trouble.
Yes, most group don't need proper encrypted comms. But, for the ones that do, they REALLY do.
This sort of UX makes a user think that the group they're creating is actually private and actually secure, which it's not. Relays still have FULL visibility into what's going on in groups.
Maximum security and privacy should be the DEFAULT on any system. Let users lower those protections with adequate informed consent.
nostr:note1g5urzcw4a87uy3w5aycz2m3y5x4432kn2x53ps8f4832e0cz6n9q2zmkz0
it's a discord or telegram replacement so it's not private, if it's not encrypted it's "public". So nobody thinks this.
yeah I don't get the complaint, happy to take suggestions tho.
Simple as, "Public groups can be read by anyone, private groups require authentication but are not encrypted. Messages in private groups can be read by relays."
fair enough, I updated the copy to clarify that messages are not encrypted and can be read by relays.
Appreciate that. I agree with Jeff. Basically these things need to be spelled out for normies, they are truly clueless, I talk to them a lot, and while I have no tech background and consider myself a total tech noob, I’m always astonished at how much I know compared to the average person both with regards to bitcoin, but also with regards to privacy in the digital realm
100% what seems obvious to us is totally foreign for many people. my goal is to build something that is useful, transparent and delightful. the problem i'm trying to tackle is that of public/semi-public groups and don't want to mislead anyone or get them in trouble, this thread made it clear that I was not communicating it effectively.
I think people would understand "membership" better than "authentication". You need to be authenticated, to become a member.
But it literally says “private”
NIP-29 is a bust 💯
I don’t agree with that. Nip-29 can be super useful for public groups. But it’s shit for private groups.
Yeah I just don’t see much point in public groups.
Feels like a reach… too much complexity
Do you think it's fundamentally wrong for groups without encryption to exist in the world? Or do you just think NIP-29 is misleading people?
Because to me it looks very obvious from the screenshot that the groups are not encrypted, only require authentication, I can't think of anything less misleading.
I tried to make it super obvious what public/private and open/closed mean, perhaps the terminology is misleading? should I add a disclaimer saying that messages are not encrypted? I thought that part was clear but I might be wrong.
btw, no knock on Chachi.chat. It's a really nice client! It's just that I can see lots of user's using NIP-29 groups thinking that they're actually private, just how most people that use Telegram think it's private. This would be a bad outcome IMO.
No, it’s definitely not fundamentally wrong to have auth only groups but to a non technical user the difference between auth and encryption is not at all clear.
I think nip-29 clients need to go above and beyond to make it overly clear what the trade offs are. Relays being able to read your “private” group messages is a pretty big caveat.
You can use your own relay so yeah it's not encrypted but nobody else can see it afaik
A good reason for groups to be sovereign (i.e., host their own relay)
yeah, the need for closed zones of nostr network is very clear to me also for reasons like this
it's what i've had in my mind as what i want to do to build for nostr - build private communications networks that can comply with a business' confidentiality requirements... for example, even just private messaging your doctor... yeah... they won't be able to use that legally without opening up a can of worms... same for lawyer, at least, for any sensitive information
Yeah, never really saw the use case of private NIP-29 groups, when private relay groups are so much simpler and clearer in intention. Either I want something public, or I don't.
If I am concerned about privacy, my first thought wouldn't be to store anything at all, on anyone else's relay. Can't even confirm deletes, that way, or control who can watch the traffic.
I'd want my own relay, and to have encryption on top. And, if I were really serious, I'd put the relay on my own server, on a private network or behind Tor, or whatnot. I'd engage the entire architecture. Lock it, all the way down.
And running your own relay means that you also get to choose the relay software. Few.
Open ended moderation + automation tools ftw.
i'd also just add that any attitude that "omg too hard for normies" is complete bullshit because people have been doing this stuff since the days of BBSs, then UUNet nodes, and then there was IRC, then there was forums, it was after forums the spooks descended and tried to embrace, extend and extinguish that nasty free speech
also, just checking in on the slack for my paid gig, and it's snooping on me asking surveys, and i just want to point out that there is a definite tendency when people scale up internet service that it turns into a honeypot, and that is also highly contrary to the goal of private communication
being able to see people are talking because they are tracking the traffic volumes between addresses is one thing, but when you create government registered corps to run web services the spooks get even more information, because MiBs show up at the host company office with fancy pieces of paper and make classified requests that the host is not allowed to disclose to the users
Unfortunately, unless you’re a full time sysadmin that’s not even a very safe setup.
It’s also in no way a solution for people that don’t want to have to know how the sausage is made, they just want something that works.
If the relay uses AUTH, it's effective, regardless of where it is, or who runs it.
True, as long as it receives regular updates, and the hosting provider doesn't receive an NSL or equivalent, and you're not worth risking a 0day on.
That's just incorrect. You can auth to a relay but that doesn't mean anything about the content that the relay has access to then. It just means that other people can REQ the relay for content that they shouldn't have access to.
AUTH is never a replacement for encryption
💯💯💯
Honestly, the protocol has been going downhill for a while as people try to be as lazy as possible.
Relays instead of encryption. “Relays” that are shitty versions of normal APIs instead of DVMs. Relays instead of a proper community NIP.
No one is stopping you from writing a better community NIP.
I don't understand why it's not possible to have both.
We can, just stop calling it even remotely private.
It is private, if you run it on a relay most people don't have access to and you encrypt the content.
I'm failing to see how that can't be described as private. You don't even need to run that over the open Internet. You could use a VPN or put it behind a firewall, or whatnot. That's actually what VPNs are for, after all.
i am just bumping into this and forgot just how retarded some nostr devs are about signals intelligence... prime case in point right here
auth stops you from being able to send the message
the websockets are TLS encrypted already
in the case of DMs and application specific data the content SHOULD be encrypted by the protocol (don't tell hzrd149 about that though, he does ASD without encryption which is retarted)
It's simple logic, from where I'm looking. If you put the relay on a machine you manage, you can use all security built into Nostr AND all security that can be implemented on the machine. That is a second, powerful security layer.
encryption is never a replacement for not sending out a message either. basic sigint
realy already blocks access to DMs when auth is enabled, you can't do that without auth
the auth allows you to identify that the caller has the nsec that gives them the right to see sensitive events that contain their npub either as author or tagged, there's a set of event kinds that apply here, encrypted direct message, 1059, 1060 and i forget the application specific data kind, i think it's a 30k range parameterised replaceable, maybe 30002 or something
I also think SimpleX has its own reason to exist, and maybe Nostr should just offer a simple SimpleX handshake, rather than trying to replace it.
Nostr and SxC are two completely different types of systems. One doesn't replace the other. And there's no good way to integrate SxC with Nostr. They're just two completely different things.
basic systems administration is not that difficult
yep, this is really really fundamental principle of signals intelligence
if you don't want the enemy to intercept your signals, avoid sending them
use channels they can't intercept, don't store the data in a place where they can access it, etc etc...
unfortunately most nostr devs don't have a reasonable grounding in signals intelligence theory, even though they probably are familiar with alice and bob
someday, hosting your own group relay will be as easy as hosting your own gitea instance. 🌈
It already is.
Yes, absolutely. BUT... most users still won't do that.
Common problem across all messaging UI these days, either falsely presenting privacy or just not giving the user sufficient safety warnings / advice about it
I have improved the terminology around NIP-29 group visibility and access. The problem I'm tackling is not of those groups that need e2e encrypted comms, but the ones that want a moderated place to talk and publish all kinds of content like chat, threads, polls, articles, wikis, etc.
Groups for gathering around common interests and goals like fitness, open source projects and relay-based communities fit this criteria. If you want and need maximum privacy you are better off not using nostr. I've heard SimpleX has great privacy but I'm not sufficiently acquainted with how it works to recommend it.
I started using the NIP terminology but I think this is way more clear. It has never been my intention to mislead anyone.
