Replying to Avatar ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ

i am jack's complete lack of surprise

just to explain why it matters - it is a private signal that relates to a user's own events and really, relays should accept them from anyone but not give them out to anyone except the person who created them

it basically leaks the identity of an event that a user wants deleted which means they have a breadcrumb for finding it where it hasn't been
Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

ok, to be exact, relays should only accept them from the user who made them, this is an aspect of my crusade to get auth universal

relays can't defend the confidentiality of users without these kinds of filters, DMs and application specific data are in my list of event kinds that my relay considers to be privileged and only gives them out if auth is enabled when the authed user's npub is either present as author or in a `p` tag that designates them as a receiver in the case of DMs

Reply to this note

Please Login to reply.

Discussion

No replies yet.