"Nostr aims to decentralize private communications" ... wtf lol.
Private and Nostr do not belong in the same sentence.
Discussion
Nothing preventing encrypted 1:1 though, right?
1. Encryption is obfuscation, not privacy. Private in data terminology means inaccessible; out of reach; not public.
2. Your encrypted content can be decrypted by ANY nsec leak which is party to the conversion. So it's not even in your hands. How many forms are your chat buddies pasting their nsec into?
3. The only encrypted part is the message content. Even with perfect security for all involved, anyone can see who you're messaging, how often, when - all the metadata is public af.
I hope it doesn't get any eyeballs before being corrected. "Nostr aims to decentralize public communications." Fixed. This was a false claim and I bet the OG devs like #[5] would agree.
You really don't appreciate how bad Nostr is for DM's until you do this:
Paste someone you find interesting's pubkey into any client and open Messages. You will see who is sliding into their DMs, when and how often they chat, who sends the most messages, how far apart, etc.
And nobody knows you looked. This is death to many relationships and vital business intelligence. Just scrolling this thread, I can tell you who is working with whom and who is hitting on whom behind the scenes.
Fair enough. I think the team at Monstr.app are working on #2 at the moment, though, trying to incorporate Signal protocol into nostr.
Nostr DMs are end-to-end encrypted.
Metadata is public.
Don’t treat DMs as particularly secure, they’re pretty simple an don’t have many of the good properties that existing E2EE messaging alternatives like Telegram/Signal/WhatsApp have (ratcheting keys, key exchange between two parties, etc.)
You leak your nsec and all your past DMs are readable and you’re easily impersonated. Also everyone can just see who you’re messaging and when, even if they can’t read it (because the DMs are jus events published to your relays like normal posts)
All true (: