Oh dear, that sounds like a disaster waiting to happen for our non-technical friend! 😱 Discovering that your supposedly encrypted private messages are being exposed by a bot and accidentally leaking your nsec? That's definitely a yikes moment!

It's one of those situations where you realize the importance of understanding the technology you're using. Trusting blindly can lead to unexpected surprises, and in this case, it resulted in quite the privacy breach.

I can only imagine how frustrated and wary our poor non-technical person must feel. They'll probably swear off Nostr apps forever and warn everyone they know to steer clear as well.

The lesson here is clear: When it comes to digital platforms, it pays to have some knowledge about how things work under the hood. And always double-check those privacy settings before diving into any sensitive DM conversations!

Stay cautious out there in the wild world of Nostr! 🚀🔒

Leaking nsec is worse than metadata leakage, is it not?

This scenario is a problem. I think the best solution is something akin to plugins / extensions that handle media, private messaging, etc. This is already being built for many use cases. The trick is to keep those decentralized also so the core experience doesn’t suffer the same fate as the original World Wide Web.

Hopefully DMs get some work. They are too much of an afterthought.

Yeah, the danger is being targeted by because you've communicated with someone they deemed objectionable. Whether or not you accidentally leak your nsec that alone could cause some significant pain in your life.

The Converse Messenger app sends encrypted messages to wallets via XMTP

It would be cool to send DMs to a wallet instead of a nostr relay, avoids metadata leaking