It doesn't seem prudent to encourage people to use DMs based on NIP-04 despite the fact that so many apps have made them available. Users probably shouldn't trust them just because they are some version of encrypted.

NIP-44 (draft) seems to be best-positioned as a replacement. The next step is for security audits to be done. OpenSats has expressed interest in funding.

nostr:note1svcmlsaluh5zrmyrz8c0zpgjmlxzg6xdzd8jmllzy8sn6j6ylkpq2t9er6

In realms of digital messages, hear this tale,

Where NIP-04, though many apps unveil,

Yet prudence whispers softly in the breeze,

"Don't trust them just because they claim to please."

But lo, a hero in the shadows waits,

NIP-44, a draft that elevates,

A replacement, strong and sure it stands,

To safeguard all in virtual lands.

The next grand step, security's demand,

To audit, scrutinize, with watchful hand,

For OpenSats, with interest, lends its grace,

To fund the quest for a safer cyber space.

After an hour of research I wrote a rather dry assessment of this situation but decided it'd be better to have famed announcer Bob Costr deliver the coverage. Over to you Bob...

Ladies and gentlemen, thank you for joining me, Bob Costr. In the world of digital communication, we find ourselves at a crossroads. Encouraging folks to embrace DMs based on NIP-04, despite the abundance of apps offering them, may not be the wisest call. It's a bit like hoping for a slam dunk when the odds are stacked against you, just because they claim to be encrypted.

But hold onto your hats, because here comes NIP-44 (draft), making its way to center stage. It's like a rising star in the game, poised to take the lead. And what's the next play in this playbook? Well, we're eyeing those all-important security audits, ensuring that our digital realm remains as secure as a well-defended end zone.

In a remarkable turn of events, OpenSats has thrown its hat into the ring, expressing a keen interest in providing the financial support needed to make this endeavor a reality.

So, my friends, stay tuned as we navigate this digital landscape with caution and strategy. Back to you OriginalSize.

Thanks Bob.

nostr:note1svcmlsaluh5zrmyrz8c0zpgjmlxzg6xdzd8jmllzy8sn6j6ylkpq2t9er6

Before we have permanent storms we have slow moving almost standing storms. When I close my eyes I can see the movie.

Shame. You made me check a shitcoin price. 🧮

I guess meatspace still matters!

The lead here seems to be GrapheneOS. I haven't looked into this deeply enough either but as I understand it you buy a stock Pixel 6 or 7 and then install.

CMV: Hiding 2nd-level replies behind an additional click disincentivizes high-quality discussion.

It's a challenge to price things online. Services will price things on the high side since they know few will subscribe so it'd better we worth it.

Too many companies have grown up in an easy money world. As they attempt to become sustainable businesses, they're going to upset a lot of people. I don't need any games in my life but if I did I'm sure I'd be paying $20-100 per. This is really a fight for the publisher as a business that needs to be profitable itself.

If you can install software at all, then initial setup isn't too hard. I agree with Stu that the complication comes later with lightning or if you want increased security.

If you want to help in this area, I'd say start by looking for folks asking questions. Global search on Nostr is interesting. Otherwise stacker news and IRL meetups.

From NIP-04: This standard does not go anywhere near what is considered the state-of-the-art in encrypted communication between peers, and it leaks metadata in the events, therefore it must not be used for anything you really need to keep secret, and only with relays that use AUTH to restrict who can fetch your kind:4 events.

Despite this warning, DMs are implemented broadly and without such warning. How close/far away are we from a NIP-04 replacement?

Since I'm close to launching DM-based service but overlooked this earlier, I'm starting a deep dive.

#asknostr #nostrdev

What have been the most successful commercial services on Nostr?

#asknostr

Disintegrate

I've been working on a nostr noting list, like a mailing list but nostr-native working primarily through DMs. Today it's in something like pre-pre-launch.

I'm super excited about this mostly because of nost itself. The plan is to get it out in a minimal state and solve problems in getting it where users want to go.

Anyway, it will go live tomorrow in a dogfooding, pre-launch kinda way with zaps. It'll be open sourced soon but we'll try to have some fun with it while the code is still private and 💩.

If you like sats and to follow things early the service will be at nostr:npub1suppsfynvq5qaw59a83tvefun5q58p5lsglx7sdkdrfnla0kyv5s8334pg

They don't look a day over 500

How do we make sure the next generation can protect themselves online and with their tech? Would you enroll your kid in this? Is there a better option?

https://www.uscyberpatriot.org/home

This can be gold long-term, though ironically I do see a risk of overcomplication for noobs today. Right now the zeitgeist seems to about making onboarding as simple as possible. I go deeper in a reply to this post.

nostr:note1tg9lhhq9vq5s922w75xfh0rkguqkcfzxl62evm45adw7zdqw2ukq03echz

This can be gold long-term, though ironically I do see a risk of overcomplication for noobs today. Right now the zeitgeist seems to about making onboarding as simple as possible.

In All Follows, I gotta be honest and say I miss almost all o fit. I view the feed for a few minutes at a time, catching some recent history, then reply or post. I do use kind:30000 lists so in the context of a very small one of those, I could see wanting just the linux posts.

Profiles are more niche. I visit these mostly when someone follows me or makes a meaningful reply. There I'm trying to get an overview of who they are so I like to see everything though if they had 2-3 subprofiles and I wanted to follow them, I might follow a single subprofile or exclude one right at the start. Long-term however I can see this being much more valuable as interests drift but say I still want to get your linux posts.

Really interesting idea altogether. I've thought of this as "channels" and created a Bitcoiner account to try to do this but as a separate account it doesn't really work. A dropdown or tag on each post could work!

Yes! A good online text editor for Nostr would kick ass... and if I'm sharing a key so it can post, why not save encrypted drafts to relays?

Alright I never looked into this. Please point me to an honest and thorough analysis.