Nostr Web Client

I like the idea, but there are serious problems with leaking metadata with #nostr DMs. Not sure people care, but having the ciphertext available to everyone is a risk.

It can be mitigated by having a unique relay for each group, but requiring people to do advanced relay management is not a recipe for success.

This could be fixed at the protocol level. E.g.

Client: give me the encrypted notes for key ID 0xabc123

Server: Sign this nonce with that key and they're yours

Client: here's the sig

Server: here's the encrypted DMs

It still lets the relay see who is messaging whom, when and how often, but that is very much like Signal. But unlike Signal, nostr could pick a different subset of relays for each message so no single relay has all the information. As long as everyone in the group is using the same set of relays, that should be reliable.

cloud fodder 1y ago 💬 1

nip17 dms pretty similar to what youre saying. it works.. not all clients wanted to implement. those that did, a glimmer of hope was had 🙏

Reply to this note

Please Login to reply.

Discussion

Sirius 1y ago 💬 1

It's a step in the right direction, but it still reveals the recipient and doesn't do key rotation, so all your message history and future messages are revealed if your main Nostr key is ever compromised. It's a tradeoff between security and availability. I'd personally choose Signal-style key rotation.