How do we hide the date/time of a DM message?
Discussion
Why?
Governments establishing a stronger evidence based on a time collusion of separate evidences.
Funnel DMs through routed intermediaries chosen by the sender like Tor routes
Is the time shown on the DM from the date mentioned in the event? If it's some random time, will relays just ignore the DM?
Clients generally filter by date, so you might not see some messages if you do this today.
Oh okay 👍
I was under the impression that with all the DM bots, we are discouraged from using Nostr for DM and advised to use simplex or something like that
Same issue. The metadata is always somewhere. On Signal, the servers at the company know the destination user and the time of the message. They claim to not be saving it, but who knows... For SimpleX, it's similar, but on their relays instead.
Hmm was my understanding nostr:npub1exv22uulqnmlluszc4yk92jhs2e5ajcs6mu3t00a6avzjcalj9csm7d828 didn’t know the destination user at all? Not very similar?
To the best of my understanding, that is only true if you use a different IP for each contact of yours. Otherwise, the server can easily bundle your queues and map out who you are. They call re-using IP an "opt-it" security issue. Even though most people are reusing the same IP for everything.
Reading the nips, encrypted messages on nostr has been marked as "not really a good solution right now"
Obviously we want to be able to fetch relevant notes, but without leaking metadata, that requires more obscurity in my opinion. Even if the note had no timestamp, servers can attach their own timestamps internally.
Instead I think the focus should be in hiding the link between the individuals involved in a private message.
If we can do that, then timestamps are irrelevant.
One way to do this might be to create shared public keys that we add as a tag to allow fetching encrypted notes without adding metadata that identifies users that only the parties involved should know of.
A thought I had was: how do we persist secrets or private information and of course we can use the current encrypted message type note to store secrets used for other things.
I imagine creating a group chat involves creating a shared secret and a shared identifier. Anyone added to the group can get the identifier and secret and store a copy privately for themselves.
When they want to fetch new messages, they decrypt the private note, get all of their group chat identifiers (randomly generated?) and subscribe to them, decrypting with their shares secrets.
This was a brain fart. Let me know if there were any gems in there.
Updating the NIP to improve privacy?
Maintained clients will provide updated feature as well
set it to zero and encode the actual date/time in the encrypted part?
Fake it in public Metadata and put real date time in the encrypted blob
A fake date in note and an encrypted note (with encrypted real date ?)
Anyone remember Bitmessage? We already have private-public keys and proof of work on Nostr. Is there a way to rework the idea?