Avatar
goodc0re ⚡ 𓅦 2y ago

gm ☕

This is a friendly OPSEC reminder to all new Nostriches:

Anybody can use your nPub to log into a client and see Nostr from your perspective INCLUDING your DM meta data!

So in case you do not want the world to look at, analyze and build graphs with that data, be mindful of what accounts you DM on nostr and how frequently.

The DM content of the messages can't be decrypted and read unless your private key is compromized.

How many alpha apps and websites have you pasted your nSec into yet?

Don't discuss sensitive matters on #Nostr DM.

Reply to this note

Please Login to reply.

Discussion

Avatar
Base Layer Capital 2y ago

Maybe I’m misunderstanding here. You said anyone with our nPub.. which is the public key right? Can see everything.. is that right or do they actually need the private key? I have shared my public key with folks to get them to join, but private key is very secure…like Bitcoin private keys…

Avatar
goodc0re ⚡ 𓅦 2y ago

Try it. Log in with #[4] public key (nPub). Then you will see what you can and can not see.

Avatar
Base Layer Capital 2y ago

I can't login to Ed's account though. I can see EDs public posts because I know his username (nPub). I for sure can't see his DMs....

I guess what you are saying is we can't hide our comments if someone knows our public key...and that is for sure different than other platforms. So good point on being mindful about who you share with if you want to stay Annon.

Avatar
goodc0re ⚡ 𓅦 2y ago

You can log in with his nPub. You would have to log out of your own account first or try another (web) client.

Here is an example of what everybody can see of your own DMs when logging in with your nPub.

We can see who you sent messages to and when. Jeff in this example. We can just not the content which is encrypted with your secret key.

Avatar
Base Layer Capital 2y ago

Indeed. Wow. Thanks for helping to grok this better. I stand corrected.