Added a pretty small but cool feature to noStrudel. when you share a note there is an option to mirror the media to your blossom servers so you effectively take ownership of it. should help even more with the censorship resistants
https://cdn.hzrd149.com/43ccec6de8a87eda68e5b2d9689cee2748ecbaf84e6cdc433bf510fe7e76a6a6.webp
Its using the BUD-04 /mirror endpoint so its not using the clients bandwidth at all
really cool! Last time I tried it, there were some features I really missed:
- giftwrapped chat messages, like the one uses amethyst, 0xchat...
- upload of any kind of media. I saw only buttons to add photo or video to notes, a .txt file was not suppported I dont know if its something more related to the mediaservers used, but I didnt been capaple to even try the upload in the client.
gitwrapped messages will come... at some point. I don't like spamming the user for decryption requests so I have to find a way to safely cache things
non-media uploads should be pretty easy to enable though 😀
spamming would imply that they can't accept them always, and you not giving that option implies you don't trust yourself to write mostly secure code
have a little confidence in yourself ser, your code is great, really, and i say that after having read a bit of it
i recommend you start thinking about the idea that people may not agree with your viewpoint that privately decrypting messages is not dangerous
i mean, you seem to think that there is some privacy risk in decrypting messages, could you explain that to me?
Its not a privacy risk, its that its bad UX to ask the user to decrypt 10+ events as soon as they load the app
you are essentially stopping users from being able to use DMs properly with this "security model" of yours, you know that, right?
and yes it is a privacy risk... the data gets decrypted into the app's memory and some XSS breach would allow cleartext of messages to leak
yes, it is!
but by proactively preventing people from doing this by refusing to do stuff like - not encrypting the configuration, you make it really hard for users to have another choice than the one you have forced on them
i log out, and i have to go through all the configurations to re-enable proactive auth and all that other shit and it's the one thing that i hate about nostrudel, and this is the root of it
amazing 😍
