> There's no protocol that protects against a malicious participant that shares the keys.
Correct, but that is not the point. The point is that a secret-based channel can be the target of multiple social attacks that play on people's lack of cryptographic knowledge on top of the usual secret managing mistakes people already do on a regular basis.
In this case, I am willing to bet that people will create a "My Chatgroups" Google Doc with all the active links to their most important chats. And if they need to share information that was discussed in the chat, they will share the link and enable other people to see everything without the other participant's approval.
The design is particularly bad for activists that don't or can't trust their counterparty from exposing them.
> The link sharing can be improved but I think this part is making reasonable trade offs and could be modified to prevent mistakes users might make without much trouble.
There are other solutions that don't need link sharing trade-offs: https://github.com/nostr-protocol/nips/pull/686
> I think its too easy to id what npubs are group chats, and subsequently who the participants are with taps on the relays.
Agree.
I think we more or less agree, but the properties here differ and there's room for more than one solution. For example - What you linked seems good but can't work for large groups at first glance (it also suffers from much more severe comms patterns analysis attacks).
Modifying the invite link to ping a coordinator for the final channel info (I.e. accept the invite) is easy to do and would eliminate the threat you outline. There might be other options like adding a password.
I don't object to the analysis so much as dismissing the entire approach as unsound. I'm advocating for constructive collaboration. (And I've got no dog in this fight, I'd love to work on this but I'm too busy with my other projects right now).
There's no protocol that protects against a malicious participant that shares the keys, that's like trying to protect against someone who can video record the phone while its being used or something.
The link sharing can be improved but I think this part is making reasonable trade offs and could be modified to prevent mistakes users might make without much trouble.
I think its too easy to id what npubs are group chats, and subsequently who the participants are with taps on the relays.
https://www.wired.com/story/nsa-ndaa-lobbying-privacy-loophole/
Why do it yourself when you can just buy the spying data directly from the ISP?
Cory Doctorow has a 🔥 writeup on the newest musk scandal about the fraudulent mileage reporting:
https://pluralistic.net/2023/07/28/edison-not-tesla/#demon-haunted-world
Fwiw I only see 971in my client. Follower count is somewhat difficult for the clients to calculate so I wouldn't read much into it.
I'm sorry the trolls are attacking you. 💔
The overreach here is absurd
I hope he succeeds 🔥
#foodstr #tacos
They're spelling 'fraud' wrong
https://youtube.com/watch?v=wa2jZtbKbRs
I am speaking tomorrow @ July 28 at 8:00 PM UTC
Does the USA Get Left Behind in Crypto Innovation?
Eleanor Terrett, Alex Chizhik & Richard Carback
Crypto regulations in the United States has been a quagmire. Eleanor Terrett has been following the daily updates in crypto regulation. Alex Chizhik is the COO of the Digital Chamber of Commerce and knows the industry well. Richard Carback is co-founder of xx network. Darren Moore is a content creator that researches crypto.
TOR, nym, i2p, etc could help but the metadata behind the comms patterns can make the server identifiable.
They wouldn't help in this case as it was a seizure incidental to something else the admin was doing. I guess isolating to a data center with unique payment info?
The core issue is that the server knows the content.
They could...it is not clear nostr fixes anything here except maybe the uptime on the service which is not the problem here 🤦
The only way to fix this is if the server operator is oblivious to what is happening, so seizing a server doesn't get you anything and seizures are forced to end point devices to be effective (and limited to only that user).
Xx network nodes have this property, as do some voting systems and other crypto proposals but I'm not aware of anything else at scale.
If you're in boston, I highly recommend going to the DAO and Blockchain Nights events
Finally chainalysis is getting called out on their bullshit.
I do think they are more likely to misattribute. Their technique relies on users doing an obviously stupid thing, and smart users will deliberately subvert that by making their end balances match other (presumably innocent) users of the mix.
"Renowned lawyer Tor Ekeland is poking holes in the U.S. government's case against alleged Bitcoin Fog creator Roman Sterlingov by poking holes in Chainalysis' forensics, privacy advocate L0la L33tz writes."
Face the truth. Your #Privacy is in their Hands. Get it back!
The World of #Crypto is vulnerable, empower yourself to safeguard your personal data
Don't miss this eye-opening podcast with our Guest @rcarback, Co-founder of the @xx_network
🎧Spotify || ➡ bit.ly/3DmsvRJ
Hey #american #usnostr folks, it is time to annoy your congress people and representatives to stop these bad internet bills.
https://www.eff.org/deeplinks/2023/07/you-can-help-stop-these-bad-internet-bills
Some wildly unethical "economics" research:
https://www.karlstack.com/p/yale-university-vows-to-geolocate-aa2
I am in shock they got this through an IRB! They de-anonymized a decade of forum posts on a jobs&discussion site for economists... Some of these folks are in countries where they could be killed for what they posted.
#privacy #anonymity #ethics
