The Gossip Vulnerability: Why NIP-17's "Deniable" Messages Aren't
# What This Means for Nostr
> The Nostr community should acknowledge this tradeoff explicitly. NIP-17 is excellent for censorship resistance and metadata privacy, but it's not suitable for truly deniable communications. Users needing real deniability should use Signal or Session.
>
> The unsigned "rumor" provides psychological comfort but no cryptographic protection. The signed seal is the vulnerability, and it's unfixable without redesigning Nostr's entire authentication model.
>
> This isn't a failure, it's physics. Cryptography has limits. The impossible triangle of decentralized, authenticated, and deniable messaging is truly impossible. Every protocol must choose its compromises.
>
> Nostr chose decentralization and authentication. That's a valid choice. But calling the messages "deniable" because the inner layer is unsigned? That's not cryptography, that's marketing.
>
> The gossip attack is real. The ZK proof works. And the rumor isn't deniable after all.