How many people have received an encrypted DM from me, recently, that they could not open, and that wasn't in response to a DM they'd sent to me?
I basically never initiate DMs, y'all.
Discussion
I know of two, so far.
I was having a lot of trouble with DMs and was clicking all over the place, trying to get them to work, but I don't recall writing to some of you. 🤔
Could be some client I've authorized doing something stupid.
Did you get one nostr:npub1mgju776900wmddau3cdsz3kql2znwwq86mha4j24rx0aq8748s0sqlmpx4 ?
it's not to do with nsec compromisation, it's a bug on the client's end likely
such cases go back to over a year ago
There's a client randomly DMing people nonsense and we don't know which one?
nostr:note1ctwehyl5ruwn0r5h5m32ayz6qj253htpl9hzelhzq89fp9hefv8scwngq7
there are variations and edge cases that still might be causing this bug
Oh, man.
happy to help
nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s could maybe elaborate further on why it still happens exactly
Damus used to do this whenever you tagged a third party in a DM, but it was patched.
I wish I would get a DM... from anyone. 🤣
I got it. My guess is that it’s a bug that has something to do with the nostr devs wiki article. I was mentioned in it and I think I got the DM around when the article was published.
Weird thing is I can’t find the DMs anymore
Oh, that's interesting. Explains why I started receiving the complaints a few days ago.
Which client do you use?
Damus, Primal, and Coracle mostly. IIRC I saw it on Damus.
Do you have the newest version installed?
Yeah v1.9 build 6
nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s looks like the bug is still there.
Damus will show dms it can’t decrypt for whatever reason. Not necessarily a bug, ive used this to find clients leaking tags accidentally
It confuses the users, though, because they can't seem to tell who sent the DM. And then they write the wrong person and it's like OMG someone is sending DMs from my npub. 😱
Would it be possible to catch that and display a clear message (DM from X could not be decrypted), or something?
Wait.
What kind of client doesn't validate the signature of events before even mentioning their existence to the user?
IMO if an event isn't compliant with the proper JSON format and also correctly signed, then the client should reject it at the lowest level possible and pretend it never received it at all.
No idea.