Nostr Web Client

Im guessing he’s sub-posting me because Ive said this in the past. I have to deal with hundreds of complaints about other clients nuking contact lists. So I have said “if you use another client it may corrupt your contact list”.

Once damus is better at defending against other clients breaking stuff in damus then I wouldn’t have to say this. But it would require some decent amount of code to detect large changes in followers, etc. I’ll do it eventually but it’s a lot of work.

I have already seen malicious relays (but more likely just buggy relays) that will return results that don’t match your filters. In the outbox model you’re giving control of what relays you connect to other people. Until my client is hardened I don’t feel comfortable doing that. But the local relay model I’m working on fixes a lot of these concerns, so I’ll finally be able to switch to outbox once thats done.

PABLOF7z 2y ago

this is good and necessary imo; clients need to be hardened against malicious relays

yes, outbox makes this slightly worse, but if a user manually connects to a malicious relay that buffer-overflows the client and leaks the nsec or something like that it'd be equally bad whether the connection to the relay started automatically or manually

great to see damus is moving in this direction

btw, don't know if you saw it, but nostur does this where it keeps a local copy of the contact list and if a "large" change is detected it prompts you to republish your old state

Reply to this note

Please Login to reply.

Discussion

jb55 2y ago

Yes nostur is doing the right thing here, a lot of this stuff is easier with a local database which is why he was smart to start with that. I’m playing catchup… and decided to write my own db from scratch for some reason 😅 but I think the results will be worth it

PABLOF7z 2y ago

yeah, pretty sure the results of nostrdb will be massive and very much worth the investment

elsat 2y ago

https://github.com/damus-io/damus/issues/1855

In addition to contact lists, there are issues with third party clients breaking relays.

verbiricha 2y ago

NIP-65 is almost a year old at this point. kind 3 relays was never part of the spec, is a "crappy legacy from branle".

https://void.cat/d/PmDYJppUMPGLPAZVW8RmxS.webp

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 2y ago

it'll take some doing to fix this problem, it would help if we could establish which clients are doing what events that make these changes

Tico 🇨🇷 2y ago

So, as users, not only we must learn how to practice safe "nsec", but where to safely "relay" too... 😂

(Pun yourself 😛)