only use relays with NIP-42 enforcement for DMs, simple
the relay can already know your pubkey by linking it through your other REQs and your IP
you could also establish a key you use for DMs to a specific person and another to receive, and rotate this every so often
gift wraps are a client DoS vector and do nothing to actually obscure info from relays
Fascinating discussions between devs 🤣 View from outside of your wizard world, it seems that coding is a subjective thing, like one dev one opinion.
Dev1: NIP44 is useful for encrypted group chats
Dev2: nope its garbage, giftwraps could be the thing
Dev3: nope it's shit, all in NUP42
Anyway nostr will never take off without these basics features.
You see events, you share it with you friends inside the app, you zapp the notes from insides the DMs etc...basic UX for basic people like us plebs.
From a user point a view it seems obvious.
To me nostr just exposes a reality that people take for granted: your conversation metadata is not protected pretty much anywhere. We just don’t see it publicly, but twitter, instagram, facebook, etc employees do. Not to mention they can read the contents too and use it to blackmail or throw you in jail one day
So we either solve that or keep repeating the same mistakes and pretend something isn’t fundamentally wrong with our entire society.
Yeah but the difference between centralized social medias and nostr is that nostr leaks it to everyone and you don’t even need to have a subpoena for this like in case with the centralized. So it’s basically a honey pot rn! You come and see almost everything including your IP. But yes this should be fixed and be the focus ! Otherwise we are doom
with outbox and nip42 we could sufficiently distribute the metadata, but it would still be subpoenable. Maybe thats a start at least. If noone else will update strfry I will likely have to start hacking on it to add this
gift wraps do not reduce relay-related risk while increasing implementation complexity.
The "implementation complexity" part is the reason I don't implement it. It's not only about the complexity of implementing it once, it's about the future complexity of changing it if it becomes a tech debt.
Personal inbox, or hell even a community relay. With NIP-42.
Anything to prevent companies like Primal from mass-aggregating messages.
Do you think that we can solve delivery and metadata leak in the same time for encrypted messages? If not, which one should we solve first?
