Nostr Web Client

So metadata security depends on users creating at least some number (probably a reasonably large number) of fake channels at the start in addition to the real channels they want so that an observer doesn’t know which channel relates to which real user in the future?

semisol 1y ago

Channels cannot be correlated to users unless:

- you leak via IP

- you leak via activity times

Both of which apply to all schemes.

This is only for obscuring who a user has communicated with at all: if an app establishes channels only when DMing, you only leak A has initiated a channel with B, but adding noise reduces this risk.

Reply to this note

Please Login to reply.

Discussion

JeffG 1y ago

Ok. I think I get it now. I’ll try and play with it tomorrow.

semisol 1y ago

I’ll be doing some revisions to the spec today for fixing some flaws.

semisol 1y ago

Most importantly, an attacker can request re-Initialization of the channel while only having the channel state, allowing them to pretend to be the public key way after the channel gets cut.

I’ll also be introducing a control command to stop using a channel.