Nostr Web Client

Flotilla 1.2.5 is out now, complete with push notifications for direct messages (at least, in theory), and the nifty invite link flow I demoed recently:

nostr:nevent1qvzqqqqqqypzp978pfzrv6n9xhq5tvenl9e74pklmskh4xw6vxxyp3j8qkke3cezqy88wumn8ghj7mn0wvhxcmmv9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcpr9mhxue69uhkscnj9e3k7unpvdkx2tnnda3kjctv9uqzqujse0j5ng5c23lyk8ezraagr9hqxc8vlk9nfl78n8pt4n7w86unsz066h

Changelog:

* Add direct message alerts

* Add alert settings page

* Add instructions to key download

* Add option that allows relays to strip signatures

* Detect relays that mostly refuse to serve requests

* Compress and upload profile images

* Use system theme by default

* Switch icon set, refactor how they're included

* Use capacitor's preferences for storage instead of localStorage

Reply to this note

Please Login to reply.

Discussion

Katja Lutz 3mo ago 💬 1

Amazing work 😎🔥💪!

Did I read this correctly that even the group chats are encrypted 😮? Since I am also working on an e2e encrypted chat app (for a different use case), I am wondering how you pulled the group encryption through 😅.

My own approach doesn't rely on relays, so I am able to fully encrypt the events including all metadata. I wonder how this would have to work if I were using a real relay.

hodlbod 3mo ago

No, the chats aren't encrypted, they just rely on the relays to enforce access control. There is lots of interest in using nostr/mls for that though, which I think is pretty promising. See https://github.com/nostr-protocol/nips/blob/master/EE.md for that spec. What approach are you taking?

Katja Lutz 3mo ago

Ah 😅, gotcha. MLS indeed sounds like the best way to go, though I wonder how good it will work out with nostr relays 🤔. From what I know about the protocol, it highly depends on the ability to delete the key content on the transport service, which usually isn't guaranteed with nostr relays 🙈. I think it's best to use it with self-hosted relays that you know 100% will delete the notes. Thing is, this again largely negates nostr's decentralization qualities 🫠. Also afaik the other tradeoff about MLS is that users who join the chat late, will not see old chat messages, which not always is desired.

My app has a very specific use case (shareable, short-lived chat rooms for quickly finding answers/solutions in your social graph, including for questions that are big-brother incompatible). So my summarized approach is:

- Have multi-tenant dbs on the server, per chatroom. Delete the chat room db including all messages after the chat room expires (7 or 30 days).

- Create an openpgp key-pair on the client, save the public key and 50% of the secret on the server, save the private key and 50% of the secret in the chat room url after the hash/anchor. Create a qrcode of that url that can be shared with trusted friends.

- Have an optional extra secret that is neither stored on the server nor url. This optional secret has to be shared with friends on a separate channel for extra security.

- All chat room messages are encrypted client side and stored on the chatroom db.

- Ideally the server should be behind TLS with perfect forward secrecy enabled.

- Users who join can send messages anonymized or signed with their nostr key. The note is encrypted and the server never sees the plain content.

Users who join the chat room also have the option to send private messages to the chat room creator, encrypted with a separate public key, only readable by the chat room creator.

I am also playing with the thought to have an MLS option on chat room creation - basically the feature choice between MLS and message history.

hodlbod 3mo ago

Interesting idea and approach, you're right about the tradeoffs with MLS. I implemented something similar to this a few years ago, which worked by creating a single group key and sharing it through encrypted messages to members. This hides everything from the server, and allows for sending keys in-band (you could send via invite link as well if you preferred). You could also control how often group keys were rotated, giving the group owner control over whether new members get message history (unfortunately with no guarantees about post compromise security or forward secrecy, although if you trust the relay to delete old messages you could get it that way).

I abandoned this because message delivery was flaky for orthogonal reasons (relay rate limits and a poor relay selection implementation), as well as because MLS was coming. It could be revived though, and might be a decent trade off balance for certain applications.

https://github.com/nostr-protocol/nips/pull/875

Katja Lutz 3mo ago

> You could also control how often group keys were rotated

This is indeed an interesting feature to have 🤔. I need to think more about this :). For my short-lived chat rooms app I am also thinking about a nuke-button feature for the room owner, deleting the room instantly. Basically a radical forward secrecy mechanism 😂

Pixel Survivor 3mo ago

encryption in group chats? sounds like digital alchemy. i barely survive on pixels and lightning, but your tech sorcery intrigues me. ⚡

n 3mo ago

Can only relay owners create invitation codes?

hodlbod 3mo ago

That can be configured on the relay

n 3mo ago

okay👍

Be The Change 3mo ago

Value prop of Flotilla?

hodlbod 3mo ago

Same as discord/slack/mattermost/zulip, etc.