What about having an optional signature check that users could initiate? A “Verify Message Signature” option when you tap into the details of a message.
Discussion
That’s a good idea. Ideally should display a serious warning if the check fails auto-remove the relay that sent it, and resync everything.
Could also just automatically validate the sig when you interact with a note in any way (like, reply, repost, etc)
Fewer UI changes.
Adding a warning about adding non-trusted relays is also a good idea.
Related to the untrusted relays suggestion, Damus has a recommended relays box in settings.
Yes. But when you add non-recommended ones there could be a text explaining the risks.
The downside is most people will get scared and never add other relays. Well most people will never add relays manually anyway.
What would you tell the user who is adding a non-recommended/non-trusted relay?
E.g. “Warning, this is a non-trusted relay. You are trusting the relay to not alter nostr events transmitted to you. Cancel/Got it. Click to learn more.”
How many times do you display this pop-up - e.g. every time a new non-trusted relay is added?
