Nostr Web Client

People have to be able to read their DMs. If they can do that, by any means, whatever means that is, leaked, would allow an attacker to read all of their DMs too. So I don't think it's possible to secure them more strongly than their nsec is secured.

Therefore we have NIP-46 so you can use a bunker and stop pasting your nsec into web apps.

The Fishcake (nostr.build) 1y ago

Only one party can keep a secret. And in fact, there is a solution, device specific key (only that device can decrypt the DMs) and same for the sender. If each client on that specific device generates a random priv/pub keys that are shared for the purposes of DM encryption, then leaked nsec (your nostr identity) does not compromise your DMs. Lost device does, but that is a different ballgame. If people are OK to lose their DMs with device loss and only (migrations can be solved), then we will be in a much better position 🐶🐾🫡

Reply to this note

Please Login to reply.

Discussion

Mike Dilger ☑️ 1y ago

I would argue for something similar but different. I don't want DMs tied to a specific device. But I'm too sleepy right now to expound upon that.

Blazar 1y ago

No way to like, have a virtual device? Idk