Couldn't we just use the same shared secret we use for DM encryption?
Here's the first proposal to send private pictures in NIP-04 DMs from the discussion with nostr:npub1v0lxxxxutpvrelsksy8cdhgfux9l6a42hsj2qzquu2zk7vc9qnkszrqj49 this morning
The idea is to add credentials to NIP-19 URIs (the nostr:nevent.. links) and create an "Anyone with Link" can see scheme. Since DMs are encrypted, only the two people in the conversation will get access to the image. Not even image hosts can see it.
Pros:
1. Simple change to a NIP
2. Straightforward implementation
Cons:
1. If the link is copied and pasted outside of a conversation, whoever has access to that link will see the contents of the image/file.
2. Once the secret is out, it's out.
3. URIs with secrets are bigger.
I believe the Cons can be minimized with appropriate UIs. Thus, I think this is a good proposal.
Discussion
We could if we want to force it to stay in the DM (no way to decrypt without the private key of one of the individuals)
Or rather, without the shared secret that also unlocks your other DMs to each other.
Maybe decryption with shared secret could be attempted by default unless another secret is present in the link.
But link-specific secret is useful if you want to share it to multiple recipients.
Even if you share the link publicly, the file host won't see the file content unless someone sends them the link. I wonder if file hosts would love or hate that 😄
One consideration is that the file host needs to accept encrypted files, unlike some hosts that only accept valid images and may resize or convert them.
> Even if you share the link publicly, the file host won't see the file content unless someone sends them the link. I wonder if file hosts would love or hate that 😄
That's why most hosts of "encrypted" files do the encryption themselves in the API and don't actually receive encrypted files (like Google Drive with encrypted file features). Which is not great.