that is even worse
Discussion
Ah, I knew it. But why? Be gentle, I'm dumb.
because users choose your app because they trust it
Ehh... Maybe. Probably. I don't trust anything. All privacy will backstab the moment people trust
Then shutup and the tyrant's win
Just need encrypted messaging to be minimalist and Foss. If Foss is complicated, it won't get checked.
if you don't understand how encryption works, you aren't qualified to check
I thought I was the cause of that other note... I know, I understand very little. Just curious.
yeah, of course not... some fucking kooky shit from my perspective here, but i always forget that most nostr devs are just web app devs
for them, signatures are a big leap
encryption is like voodoo to them
I have another idea. I know its retarded, but you can tell me how.
You could split the encrypting and decrypting a different way - like folding paper hamburger style instead of hotdog. Instead of having a program with a module that does all of the process of decrypting, the receiving program only knows how to handle keys. The message itself contains the code to read the message. Meaning, the algorithm used is kept a secret, like the private key, but of course private keys don't go in messages. By doing that, the message, while encrypted, is also a binary that executes itself on whatever machine received it, and it just does one thing : deletes itself on a timer. Or, slightly better, the message contains an incomplete binary and the receiving program does some variation of concatenation to complete it in a predictable way. But the key thing that made me think this is, encryption is pointless unless the sender can be confident that the message was deleted - hence, turning the message into an executable that deletes itself.
I can think of two flaws already, but I also can think of solutions to those flaws - I just am nervous about my novice level computer lingo. So I'll just see what you say.
that is a long way of saying "move the decryption into the signer" and make the signer the message viewer
i think that's possible but the idea that clients are spying on you to that level where the previous situation was the clients were entrusted with the key to do all that autonomously...
there is a big difference between unlocking your entire inbox forever, and granting access to read TO SHOW you your messages
the phobia i seem to be facing is that... now that most clients use detached signers, they are afraid that their apps are handling more secrets that you wrap in the encryption
it's silly, they just seem to be trying to unconsciously argue for them to not do a small bit of extra work - ie, make DMs work reliably
nostr:nprofile1qyw8wumn8ghj76r0v3kxymmy9e3k7unpvdkx2tn5dahkcue0qy88wumn8ghj7mn0wvhxcmmv9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcpz4mhxue69uhkg6t5w3hjuur4vghhyetvv9usz9mhwden5te0v96xcctn9ehx7um5wghxcctwvshszgrhwden5te0v9cxcctrv45kuargv4eh2m3wdehhxarjxyhxxmmd9uq3kamnwvaz7tmxv4jkguewdehhxarj9e3xzmny9a6x7mneqyshwumn8ghj7en9v4j8xtnwdaehgu3wvfskuep0w3uhqetnvdexjur5qqsf03c2gsmx5ef4c9zmxvlew04gdh7u94afnknp33qvv3c94kvwxgs4gzkmk and his #coracle (and i think his other apps use this stuff too) are the only clients aside from blowater's 0xtr messenger are the only nostr apps that are even trying
nostr:nprofile1qyv8wumn8ghj7enfd36x2u3wdehhxarj9emkjmn99uq3zamnwvaz7tmwdaehgu3wwa5kuef0qythwumn8ghj76twvfhhstnwdaehgu3wwa5kuef0qyv8wumn8ghj7cm9d3kxzu3wdehhxarj9emkjmn99uq3samnwvaz7tmrwfjkzarj9ehx7um5wgh8w6twv5hsz9nhwden5te0v96hg6pwdehhxarjxyhxxmmd9uq3wamnwvaz7tmjv4kxz7fwdehhxarj9e3xzmny9uq3camnwvaz7tmrdpexjum5wp5kcmpwdehhxarjxyhxxmmd9uqzq0vy9tlv6h3f8u5tvcnexdcy50acec2n42ga0y9tz8m2w5k5ffpd4fh76v from nostr.wine has basically given up on trying to get sanity around auth and DMs, most clients now finally support DMs... two years later, i don't think the client devs really understand how fucking retarded they have been the whole time about this, acting like implementing these features was undermining the protocol, when in fact, not implementing them is undermining the viability of the protocol
gah, i get things backwards all the time (imagine how it is when i'm coding lol)
most clients now support auth
meanwhile nostr:nprofile1qyv8wumn8ghj7enfd36x2u3wdehhxarj9emkjmn99uq3wamnwvaz7tmfde3x77pwdehhxarj9emkjmn99uq3samnwvaz7tmrv4kxcctj9ehx7um5wgh8w6twv5hszythwden5te0dehhxarj9emkjmn99uq3samnwvaz7tmrwfjkzarj9ehx7um5wgh8w6twv5hsz8mhwden5te0vfhhxarj9ekxjemgw3hxjmn8wdcx7un99e3k7mf0qy2hwumn8ghj7er9wd3ksmm0d35kueeww4ej7qgwwaehxw309askgun99eeh2tcpr9mhxue69uhkvet9v3ejumn0wd68ytnzv9hxgtmjw5qzq0vy9tlv6h3f8u5tvcnexdcy50acec2n42ga0y9tz8m2w5k5ffpdprlx2x and nostr:nprofile1qyghwumn8ghj7mn0wd68ytnvv9hxgtcpzemhxue69uhks6tnwshxummnw3ezumrpdejz7qgewaehxw309aex2mrp0yhxummnwa5x2un99e3k7mf0qy88wumn8ghj7mn0wvhxcmmv9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcprpmhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef0qyghwumn8ghj7vf5xqhxvdm69e5k7tcpzamhxue69uhky6t5vdhkjmn9wgh8xmmrd9skctcqypftfgrkhjammsap4marwdvpdnm5nya3hrdjq2cpezputzl8ltvt6arddjr have struggled to run paid relays for over a year, because without auth it's almost impossible to practically get people to pay for relay service
and adjunct to that, Mazin most notably has been trying to pionere the use of automated messages from his relay service relating to subscriptions... i have done a little work with writing nostr chatbots, and its doable, but client support is pretty unreliable ,and like nostr:nprofile1qyghwumn8ghj7mn0wd68ytnhd9hx2tcpzfmhxue69uhkummnw3eryvfwvdhk6tcppemhxue69uhkummn9ekx7mp0qyfhwumn8ghj7am0wsh82arcduhx7mn99uq3vamnwvaz7tmzv4mx7tnwdaehgu339e3k7mf0qydhwumn8ghj7argv4nx7un9wd6zumn0wd68yvfwvdhk6tcpz9mhxue69uhnzdps9enrw73wd9hj7qgcwaehxw309ashgtnwdaehgunhdaexkuewvdhk6tcpz4mhxue69uhkgetnvd5x7mmvd9hxwtn4wvhsqgrucv52prwm9t7ln7d7w7l07nyrfz0lj7tjrqnav299gtej5frupczltv89 says, who is also another relay service entrepreneur, it's really hard to get messages out to people over nostr
Everything I was about to write... you've probably already thought of... Well anyways, thanks for your work on relays. All of y'all.
yeah, too much thinking
Remember that idea I wrote earlier today? That was fucking retarded. Cntrl + c exists.
Wow. I'm on a roll.
you can't have many well trodden paths in your mind without having stupid quite often... you have to walk out to that dead end a few times to realise "oh yeah, this place, let's not go here again"
i want to say also, this urge to find solutions is the root of what makes a person decide to become a programmer... it seems obvious to me you have the bug in you so maybe have a go at writing some simple things that solve simple problems you see that nobody else has done... that's how it starts, and then after that, you will be addicted
also, the app has the damn secret in its control, do you want to make it impossible to present users private messages in your app because of this?
then who gets to say which app can do this?
it's a deadlock, you have to have all, or none, stop bullshitting