Replying to Avatar Vitor Pamplona

What if DMs were device-based?

We could use a secret from the device to create a new private key to use exclusively DMs. Since the new DM key can stay in the device's secure element, there is no way for any other device to access your DMs, even if you keys leak (they will inevitably do).

Pros:

- avoids leaking DMs when the nostr key leaks.

- DMs that expire when the phone expires

Cons:

- users cannot migrate the DM history to a new phone/client

With private group DMs, we could add all device keys in a single DM message so that current devices of a user can read the DM history.
Avatar
JohnOnchain 2y ago

Can IR be used to fight this ?

Reply to this note

Please Login to reply.

Discussion

Avatar
DZC 2y ago

Actually it could fix the metadata leaks problem, if a new key is used for each contact, I reckon.

Avatar
Vitor Pamplona 2y ago

Though I would expect these new data mining algorithms to easily rebuild the metadata from other information. Humans are too predictable.

Avatar
PABLOF7z 2y ago

I knew you were going to say that