Avatar
Pleb⚡ 2y ago

#[0] #[1] #[2]

Hi guys, I think there is a privacy concern here in Nostr. So I can login using npub right, even though I can't see what are the message being thrown around (it looks gibberish, perhaps encrypted), but at least I can see who send what message and when the message is send.

And if the message perhaps an image / referring to other post (I'm not sure which one) it's visible as is. And for the encrypted message, there is a concern of it being decrypted if that is possible, I'm not sure. I'm not a tech person

I tried to do this in both snort social and amethyst using Preston npub, it works. I don't use iOS so I can't tell if Damus also have the same experience. Even if I can't know what message is being send back and forth here, I know who Preston have interaction here and how many message exchanges are there and the timing of each exchange.

Can we just prohibit login using npub? Or only make npub able to see feed, not DMs

Sorry for using u in my example here #[3]

Reply to this note

Please Login to reply.

Discussion

Avatar
荣耀 2y ago

支持!

Avatar
Pleb⚡ 2y ago

#[6]

Avatar
Pleb⚡ 2y ago

#[8]

Sorry if I seem to randomly tag some person. I'm just trying to raise attention on the case in the original thread here to probably the right person

Avatar
calle 2y ago

decryption of the content is practically impossible but the metadata is visible to everyone.

Avatar
Pleb⚡ 2y ago

Hmm. But I can at least know who exchange message with whom, how often, when the first exchange is, when the last exchange is.

Pretty useful stuff for interogator

Avatar
Merrcurr⚡️ 2y ago

I would always favor an anon account for myself, reading my DM exchanges will count for nothing but serve the curious.

[777479]

Avatar
Pleb⚡ 2y ago

Ya. But that may not work for people that have made a name for themselves on their non anon account.

Making anon account mean starting from 0 to build reputation again for those people.

Perhaps just don't use nostr for DMs then.

Is keet.io good for that #[11] ? Wdyt?

Avatar
Merrcurr⚡️ 2y ago

I have tried it on mobile but i have been having issues with creating rooms, the links i shared never seemed to work. However, i believe holepunch is the way for private comms. Will give it another try.

My view on anon accounts, i will always have one as we do not yet comprehend the value of Bitcoin.

[777481]

Avatar
MaxMoney21M⚡ 2y ago

I still don't understand why we can't just do DMs a bit differently. I know it's new and not time to do it yet, but wouldn't this work?

1. Send a DM of some particular format, which basically just says "If you want to initiate a DM with me, reach me at npub, and include code "

2. Client derives the new anon npub based on some derivation path, or based on the npub(s) that will be party to do the DM, something like that

3. Recipients client does similar, and sends the message with secret code

4. Both clients use and sign messages under these anon npubs in the DM

Rest of network will only see 1 message from A to B, and will not see any further messages from either party, and will not be able to connect A or B to the derived npubs.

Avatar
charisma_ni_zandro 2y ago

Because they all want my data?

fe6b3ac558e66ff99afbc00d787be5ae67d8de2ae4b8a99e53fc6d835576d9a7

Avatar
bitcoinpasada 2y ago

Buidl it

Avatar
Pleb⚡ 2y ago

Is this a permanent thing that can't be changed on Nostr. Or can this be adjusted?

Avatar
David 2y ago

Someone might not even want people to know that the conversation is even happening. But could something like an HD wallet fix this? Say I want to DM you. I send you a message from a new npub that only exists for the purpose of initiating a conversation with you. Part of the message is proof that I have the key that controls my public-facing Nostr account, and part of the message is another new npub that you can respond to if you choose. If you respond to my message to you, you send the message to that npub, from a new npub of your own with proof that you have the key that controls your public-facing npub. Now we are chatting using npubs that only you and I know about. The only thing anyone else can see is that you received a message from an unknown sender. No one knows who that message was from or even if you responded. I’m not a coder, but it seems like this could be done. Or am I way off?

Avatar
Pleb⚡ 2y ago

Not sure. I'm not a coder either

Avatar
David 2y ago

#[2]

Avatar
Pleb⚡ 2y ago

#[1]

FYI

Avatar
David 2y ago

Would something like an HD wallet fix this? Say I want to DM you. I send you a message and part of the message is proof that I have the key that controls my public-facing Nostr account, and part of the message is a new npub that only exists for the purposes of my conversation with you. If you respond to my message to you, you send the message to that npub, from a new npub of your own and proof that you have the key that controls your public-facing npub. Now we are both chatting using npubs that only you and I know about. The only thing anyone else can see is that you received a message from an unknown sender. No one knows who that message was from or even if you responded.