This is one of the many things I have been raising concern about in regards to privacy and nip46. If all of this traffic can be sniffed across any public relays. Every time to load a client and see all of this signing traffic.

Every time a message can be decrypted with nip46 on a public relay there is another potential place your messages can be leaked.

Along with this, I have been working on origin,site,kind - based timed permissions for my NVault signing extension to help avoid blanket permissions. Along with silent denial. All synced to your server account so your settings travel with you across computers/browsers.