Trying to grok the issue. A relay can send events with the wrong pubkey, but then signature verification will fail. They can also send wrong events for a filter, but then matchFilters will filter them out. In what scenario is it potentially harmful?
I'm working on improving routing on Coracle, and ran into the issue of deep-linking creating attack vectors for malicious links. To a certain extent, this is unavoidable, people can always direct someone to a bad event or link unless there's no navigation at all.
I'm more concerned about attackers being able to inject a malicious relay into Coracle, for example https://coracle.social/notes?relays=wss://my-evil-relay.com in order to phish someone's pubkey and correlate their identity.
How bad is this? I'm inclined to leave relay deep-linking out. But then relays are a resource in their own right, so I don't know if it's possible. Maybe ask for user approval before connecting to any relay not in their own relay list? This would cover malicious relay injection via NIP 65 as well.
Discussion
Malicious in the sense of surveillance/phishing. So say someone sends you an email with a link pointing to `/notes?relays=wss://bad-relay.com/myemailinbase64`, you click on it and your client auto-signs an AUTH challenge, bingo bongo they have correlated your email/pubkey. Basically an injection attack. As it happens, nostr:nprofile1qqs8hhhhhc3dmrje73squpz255ape7t448w86f7ltqemca7m0p99spgpp4mhxue69uhkummn9ekx7mqprpmhxue69uhhyetvv9ujuumwdae8gtnnda3kjctvqythwumn8ghj7enfd36x2u3wdehhxarj9emkjmn9keq8hx pointed out that this is already possible using nprofile/nevent 😬
AUTH doesn't seem widely used. Do clients sign them automatically?
Coracle does (this needs to be improved)
Somewhat related, can correlation also be made between contacts and subscription filters? I'd love to know more about the client relay connection.
If the relay knows your pubkey they know your contacts. It's probably not hard to infer who you are from your filters, in most cases probably trivial, but client fingerprinting could also be implemented.
I think that asking when a relay is unknown is an effective strategy, that doesn't ruin the UX.
You can always check the already approved relays first and try to fetch the note from them, this would slow down the loading a bit, but it makes the process completely transparent for a good amount of notes/profiles.