I can’t trust Nostr devs to make good cryptography. I would encrypt messages with PGP and sending them over I2P. nostr:note1ekgsp38m0lc2wvp5n5cycyvtd6nl8j79cac0wccet2g5kyjkqurqhdnv7e
Discussion
nip-4 and nip-44 are current standard of quality of encryption with ecdh and AES based cryptography
i think it could be made a lot stronger, of course, especially if we start to talk about adding synchronous handshake protocols for DMs (i mean, if someone is currently live in chat, why not?) but we only just finally got broad support for auth which was a prerequisite for anything further involving mediated private communications... i wouldn't be holding my breath on the question of actually decent functionality but the possibility is there and it only takes the partnership of a competent relay and client dev to become a reality
the problem is not the crypto, it’s how devs implement it
client side of it is a big part of why it's not happened yet
creating a scheme that is decently secure even with untrusted relays that allows multiple devices to sync data properly is not a simple thing, otherwise simplex and session would already have this functionality, and the fact is that privacy comms people in general are quite idiotic about the problem of async and multi-device, both of them are essential to easy and broad adoption
What would you recommend?
Don't trust, do it yourself ... https://hubstr.org/articles/how-to-encryption.html