When an event is posted to relays. Anyone that operates the relay or can read from the relay can receive those events and make determinations noted, even though they can't decrypt the contents.
Think of the DM as the letter inside an envelope that is addressed to received, has a sender, postage stamp is marked. Anyone can see the envelope but can't see the message.
Login to reply
Replies (2)
Cool. Thanks for clarifying once more. So for full privacy, the parties would just have to run and connect to their own private node?
If they could connect direct to each other bypassing nostr or public relays sure.
There's some other strategies to consider
- participants (A, B) could make new ephemeral keys (Ae, Be) for communicating and exchange that information in a normal direct DM. This still shows correlation between those new key sets, but can obscure who is talking to who if there's enough traffic otherwise.
- an initiator (A) could send a DM to an intermediate recipient (I) to facilitate passing ephemeral pubkey (Ae) in nested encrypted messages the intermediary itself can't read. The intermediary is effectively a remailer, forwarding the nested encrypted message from A to B, and B then creates a new key (Be) to initiate message back to (Ae) The intermediary represents a central weakpoint though and if compromised would reveal to the compromiser that A is talking to B, but it's better than it being directly obvious
- taking the above this could be chained through multiple remailer intermediaries. That's similar to what things like Tor and SimpleX do, just slower, and the initiator is setting up the path from the beginning.
We need to learn from past approaches to remailera in the physical and digital world, and wrapping encrypted messages.