Replying to Avatar ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ

this is why i'm so mad about people not understanding the point of nip-42 and it's centrally about the fucking DM privacy!!!!

plaintext attacks are not a real threat

not being able to read your own messages is a real threat to usability

verifying that relays are properly gating access to DMs is easy and cheap and is easy to stop any attempts to game this and appear that you are not giving them away

yes, relays have privilege to see them of course, but this is far better than opening up the whole world to see it

nip-44 is not solving any real problems for DMs compared to having auth
Avatar
Vitor Pamplona 1y ago

Most people are not using authed relays for DMs. And likely they never will. The DM solution we made was explicitly designed for that in mind.

Reply to this note

Please Login to reply.

Discussion

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

you are never going to solve this problem while you let stupid people building shitty clients (and not you, or hzrd or hodlbod, you all have implemented auth) you can't protect users from bad shit without at least providing your own system with teh right best practices implementation

if you let other people's bad designs impact your engineering decisions and in doing so reduce the security of your users, that's on you, you can't palm that off to the dumbasses who don't do it right... clear up your understanding of what you CAN do and stop talking about difficult problems that are much harder puzzles