Here's the first proposal to send private pictures in NIP-04 DMs from the discussion with nostr:npub1v0lxxxxutpvrelsksy8cdhgfux9l6a42hsj2qzquu2zk7vc9qnkszrqj49 this morning
The idea is to add credentials to NIP-19 URIs (the nostr:nevent.. links) and create an "Anyone with Link" can see scheme. Since DMs are encrypted, only the two people in the conversation will get access to the image. Not even image hosts can see it.
Pros:
1. Simple change to a NIP
2. Straightforward implementation
Cons:
1. If the link is copied and pasted outside of a conversation, whoever has access to that link will see the contents of the image/file.
2. Once the secret is out, it's out.
3. URIs with secrets are bigger.
I believe the Cons can be minimized with appropriate UIs. Thus, I think this is a good proposal.
Not sure if i understand the question correctly, that part would be covered here:
Isnt the survey about how UI would handle sharing or not sharing images from DMs? nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z can you clarify?
Yeah the note you attached describes it exactly: "even the image host won't be able to see it."
So this covers your threat model.
