Wait…what?
Privacy matters even when we have “nothing to hide.” 
Discussion
This is under active development, we'll have a much better solution soon.
ECDH seems like an obvious improvement here. You'll still leak who has started DM sessions, but it's a huge improvement over "the sender and recipient of every DM is immediately obvious" with NIP-04
ECDH is already used with NIP 04, tags for delivery are the source of the metadata leakage
Yeah for the encryption, but ecdh gives you a shared secret you can use to derive uncorellated key pairs for the DM session.
ex:
tweak(my_private_key, shared_secret) = my_dm_private_key
since ECC is nice that way, my DM partner also knows:
tweak(my_public_key, shared_secret) = my_dm_public_key
You'd need to work to defeat timing attacks between this handshake and your first DMs, but the new key pairs are publicly uncorrellated from your "normal" key pair.
Of course, there's other major caveats (relays can notice who's subscribed to these uncorrellated keys if you're not careful), but already a big improvement imho.
Right, but it becomes harder to query those events, since you don't know who might be contacting you. ArcadeCity did something like this, but it only works for expected DMs (which could be considered a feature). The new gift wrap approach uses wrapping with ephemeral keys to prevent correlation while keeping addressing intact. So it's known that someone received a message, but not who sent it. Timing and padding attacks are also mitigated by timestamp randomization within a range and padding in the ciphertext. Relay fingerprinting is harder to avoid, but if you use a trusted relay or a proxy that can be mitigated as well.
Is there a NIP for this? I don't see anything for "giftwrap" in the nips repo, nor anything interesting for "DM" or "direct" outside of NIP-04
Trusted relays is a hard pill to swallow, but it's still vastly better for your relay to have metadata than for *everybody* to.
Yep, https://github.com/nostr-protocol/nips/issues/717 is the main thread, you can follow the links to draft NIP 44 and NIP 24 for more detail
Ah thanks, didn't check issues and PRs, just my local copy of the nips repo. Can't wait for issues+PRs on nostr already...
solving this problem is something that Indra would do. i was gonna build it but i have to get something paying sooner and my buddy who was paying me to build the protocol seems keen on taking over the task at some point, but not sure when he's gonna actually start.
indra would also provide a solution to private/anonymous relay service.
(paid that is)
Hadn't heard of that before, are you talking about https://github.com/indra-labs/indra ?