Nostr Web Client

In December 2023, a U.S. Senate investigation revealed that governments worldwide have been demanding push notification records from Apple and Google to surveil smartphone users, including tying anonymous messaging accounts to real identities. For years, privacy engineers dismissed this attack vector as unsolvable, since mobile operating systems require routing through platform servers.

MIP-05, a new specification for the Marmot Protocol, proves them wrong: by encrypting device tokens with probabilistic encryption and delivering notifications through gift-wrapped Nostr events, it makes push notifications functionally anonymous. If you care about private communication, this is the specification you need to understand.

The specification is currently in draft and open for review: https://github.com/marmot-protocol/marmot/pull/18 nostr:naddr1qqgx2dpjv9nr2dpjvejryvpcv3nxzq3qklkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qxpqqqp65w2exg09

Reply to this note

Please Login to reply.

Discussion

Colby Serpa 1w ago

This is intriguing. Maybe potential to use this in nostr:npub1ph0n0nlw37vwze32uwy68r9crhywmj89lnpljssyr6j6g2jv944svmcn4n nostr:npub1ms9ujlulcgtpqn2uzpvhplee9l5kjg8jgqhrwmgutg0n7xk43nqq07qa0v

The Bitcoin Peasant 1w ago

Interesting info. It is wild how all this companies are obsessed with information. Also, I have always been curious on how they store the information. If your mobile phone is always listening you, the accumulated information over time must be insane. How do they store it? Do they burn some information? Do they just keep a piece of it? #asknostr

772f9545... 1w ago

Where is the link to the U.S. Senate investigation? Oh, https://www.reuters.com/technology/cybersecurity/governments-spying-apple-google-users-through-push-notifications-us-senator-2023-12-06/ and https://www.documentcloud.org/documents/24191267-wyden_smartphone_push_notification_surveillance_letter_to_doj_-_signed/?

I have often wondered about those calls from unknown numbers where even if I say "hello" it's a non-response. A call answered like that can give a lot more information than cell tower ping records, I guess.

Max 1w ago

Yeah, best be in airplane mode all the time and done even have a regular phone number.

THE HIGHER LOW 1w ago

Cool initiative

elsat 2d ago

smol notepush PR: https://github.com/damus-io/notepush/pull/27

Max 1d ago

Nice!

But why don't you just send an empty payload and clients do processing locally?

Your approach still seems to tie the receiver pubkey to the apple ID against apple servers.

elsat 1d ago

Waking up in iOS is not feasible to my limited understanding.

Tradeoff is apple knows you use the app, and cant read your stuff sent via push, which is an improvement over unencrypted push notifications sent via apns.

Apple knows you use an app with or without push notifications.

the axiom 8h ago

not really, push notifications are still centralized