Discussion
What’s this?
Open it in primal and see
When you upload to @nostr:npub1nxy4qpqnld6kmpphjykvx2lqwvxmuxluddwjamm4nc29ds3elyzsm5avr7 it’s exposes IP to their server when they encrypt it afterwards 🤷♂️
nostr:npub1cj8znuztfqkvq89pl8hceph0svvvqk0qay6nydgk9uyq7fhpfsgsqwrz4u what do you see here?
cc nostr:npub12r0yjt8723ey2r035qtklhmdj90f0j6an7xnan8005jl7z5gw80qat9qrx
I don't know what it means. And don't have times to investigate further 😅
Cc nostr:npub1ghcetnluhryhynhuyj8s2pazldjm27wl40nu6dfeskvpv09twcnsneygat
Jumble passes here
Seems like Primal is run by a bunch of cunts
Just checked primal vs amethyst. Pretty neat.
When I open it with primal it’s different than the thumbnail. Weird
And there you go. Tampering
Apps gonna do what apps gonna do. Welcome it all. Nostr protocol needs more protection for end users … not barriers for apps.
What are you using to detect proxies? User agents?
Also blossom can help prevent tampering with media since the files sha256 is in the URL which is in the signed event
UA.
Also Primal ignores blossom hashes and does not validate. Not sure if they even do failover
And I might also know of a way to bypass Blossom checks in several clients
Most web clients cant easily validate the hashes since its not possible to get the raw blob from a element. I have a button to do it in noStrudel but the user has to intentionally click it
Also it does not detect https://github.com/willnorris/imageproxy which is the image proxy that noStrudel can use :)
https://api.nostr.land/detect-cache/v1.jpg" class="embedded-image" loading="lazy">
Will implement.
The manual verify button has a problem as well
No tampering detected on Yakihonne
I appreciate this as a tool to increase transparency … for end users to be aware of the app choices they make.
While I DON’T think app shaming is at all in order … more spotlights are always needed.
Coracle? Really?
On nostrudel.ninja, no image shows up at all. https://nostr.download/6cb5a4569f993f25b567283563cbb18ab079b0f300a45cb96aa8881aba68b8a2.webp
FreeForm not recommended. https://nostr.download/3dafc7d977705296bf4357f67926c1fc0b3bf1c78ff463adb005a4a1b36cfe9e.webp