Replying to Avatar ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ

metadata leaking can only really be eliminated by turning relays into rendezvous and making use of back channels that are not known to the rendezvous relays

the way that simplex does it would be a good reference point, i do believe that some kind of forward secrecy/ephemeral async message relaying has to be involved because of the neverending problem of lack of inbound routing for most users
Avatar
JeffG 1y ago

Can you explain that a bit more? I think we can easily obfuscate metadata via gift wraps.

Reply to this note

Please Login to reply.

Discussion

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

gift wraps only obscure the sender from upstream, they still leak the recipient, if i understand how they work, and if the relay accepting the event is a paid member they have to use a known identity and thus effectively leak the downstream source

the hardest part of solving this problem has to do with maintaining state, and the only reasonably secure solution for that is application specific data so it transits across multiple machines with only the nsec as the linking point

the only really almost perfect solution requires the relays to only give out ASD to users specified in the pubkey field, then the relays can be moderately secure repositories of this state and for extra security, clients could use state stored on one relay but use that state on another

i am a little familiar with MLS, it requires some state to be shared between the members of a chat as well

i haven't tackled the problem because it is a pretty hard problem to solve given the stateless, relay based architecture of nostr, but i think it will be solved

i do wish that more clients would git r done and get authing working so that private personal relay caches could actually be secured without them not being reachable from the internet

Avatar
JeffG 1y ago

I think you're overthinking things.

Yes, it's possible to see that a user is receiving kind: 1059 GW events but what those events are is completely hidden. As long as users that are sending the GW events to the relays are using a VPN, they're hiding their IP addresses (there are also some other ways we can improve that but let's leave it at that for now).

The state is maintained with a specific set of control messages that users in a given group send between themselves. Those will be GW'ed as well.

I imagine that in the near future there will be many many GW messages that are being sent to every user on the network, it'll be like trying to watch encrypted TLS traffic. Sure, people are using the network, but you don't know how or why.