Nostr Web Client

Not at all, I've been meaning to fix this for ages, just haven't gotten to it (and probably won't for a while either)

It's fine. You're working on encrypted media in private communities and DMs right now, right? That's HUGE!

Example: I had purchased something via Shopstr and the seller sent me a screenshot back, confirming my address before shipping to me. Thing is, he was using nostr.build for media hosting and so, even though the image was sent in a DM, it was not encrypted and was there for all the world to see in nostr.build's free image gallery.

Thankfully the guys over there at nostr.build were quick to take it down at my request, but it's a good lesson in why we NEED encrypted media in DMs.

Interop for muted words can wait.

Reply to this note

Please Login to reply.

Discussion

hodlbod 7mo ago

Yeah, the encrypted media thing is a huge oversight. Strangely, I've gotten a lot of push back for the way I've proposed doing it. But I'm going to forge ahead anyhow 😂

Tim Bouma 7mo ago

Silly question - could NIP44 be used for encrypted media? I haven’t really dug into media yet. I expect to use blossom but only if I can encrypt.

For #nostr #safebox I am thinking of defining an encrypted blob type for storing docs, imaging data etc. Just starting so keen to go down the right path on this one.

hodlbod 7mo ago

Here's how I'm doing it: https://github.com/nostr-protocol/nips/pull/1947

This approach is based on some stuff in NIP 17 for sending encrypted media. Basically, encrypt the file, upload it to blossom, and send the decryption key in a message along with the URL. I think this works great. I don't know why in particular it doesn't use NIP 44 (maybe nostr:nprofile1qy88wumn8ghj7mn0wvhxcmmv9uq3zamnwvaz7tmwdaehgu3wwa5kuef0qythwumn8ghj7anfw3hhytnwdaehgu339e3k7mf0qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqx9vz88 can elucidate). But aes-gcm is pretty standard web crypto, so not hard to use. For your use case, you might look at defining a new event kind for "encrypted media" in NIP 94.

Tim Bouma 7mo ago

Thanks! I’ll be gearing up for this in the coming weeks.

Paul Miller 6mo ago

Low-level - yes, it's a good idea to use it for a media.

Dikaios1517 7mo ago

"I'm going to forge ahead anyhow."

Translation: The push back is not compelling.

hodlbod 7mo ago

correct

ThatWhichisNotSeen 7mo ago

Oh god, that is bad 😬 i think Oxchat has encrypted media when sending DMs in their client but that is not gonna be consistent client to client rn

hodlbod 7mo ago

Amethyst also has support for encrypted media

Vitor Pamplona 7mo ago

nostr:nprofile1qy2hwumn8ghj7erfw36x7tnsw43z7un9d3shjqpq5dc33fyg3cpd9r58vlqge2hh8dy6hkkrjxkhluv2xpyfreqkmsesdqen5z nostr:nprofile1qy2hwumn8ghj7erfw36x7tnsw43z7un9d3shjqpq6dhgpql60vmd4mnydjut87vla23a38j689jssaqlqqlzrtqtd0kqdkjvcm NIP-17 DMs should use Kind 15 for encrypted images. Maybe you need an update. Check the NIP, this was added later.

Dikaios1517 7mo ago

Yeah, not sure if the seller was using Shopstr for DMing me. May have been, or may have been using another client with NIP-17 DMs.

Either way, even after providing tools that allow media to be encrypted, users will still need to take advantage of it. I could 100% still see some users uploading directly to a public Blossom server and copy/pasting the URL into the DM, thinking they're all good because DMs are encrypted.

Not really anything that can be done about that.

calvadev⚡️ 7mo ago

I haven't added support for messaging/uploading images via NIP-17, only text, but good to know!

Eric FJ 🪬⚡️ 7mo ago

nostr:npub1xzrkzsrnr83vn7h0udq6tnapwpswy5equlrtkn3nu0e0anlmzynqne0qap

AceaSpades 7mo ago

Tellin’ ya… a Nostr Consortium is on the horizon for standardizing all these wonderful discrepancies. Anarchy abounds and must continue to abound, but as a network of interoperable applications, we need a good, solid standard, and a method by which to discuss and update it. Halfway there with the NIPs repo.