Replying to Avatar Hazey

Privacy is fixed with nip 17. Many clients and libraries have already switched and deprecated nip 4. I wish Damus would hurry up and implement it.
Avatar
PlasmaGuardian 1y ago

nostr:nevent1qqs04jkx6rxfnzs8a3dc3gxsqpvjhe9yat74y3hdmfw53efeu22g6qcpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtczyrye3ftnnuz00lljqtz5jc4227ptxnktzrt0j9dalht4s2trh7ghzqcyqqqqqqgz2ugx4

Reply to this note

Please Login to reply.

Discussion

Avatar
Hazey 1y ago

Nip17 is a combination of nip 44 and nip 59 gift wraps, which takes care of the concerns in that message.

Avatar
PlasmaGuardian 1y ago

NIP-59 seems to do a good job at hiding metadata from public view but it doesn't provide

- break-in recovery.

- repudiation (deniability).

- (lack of) visibility of connection graph to observers.

- fixed message sizes (although it can be provided by the specific app)

- resistance to Shore algorithm (PQ encryption).

I can add that it definitely doesn't provide forward secrecy.

It's concerning that these developers simply don't seem qualified to properly implement secure messaging, and I believe users are being put at risk, although I do see a lot of people just putting nostr:nprofile1qqsvnx99ww0sfall7gpv2jtz4ftc9v6wevgdd7g4hh7awkpfvwlezugpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsg5cway addresses in their profile anyway.

Avatar
Hazey 1y ago

You are wrong on several of these if not all. I will pull it up in a bit.