Dr. Hax's avatar
Dr. Hax Dr.Hax@hax0rbana.org 1 year ago
I like the idea, but there are serious problems with leaking metadata with #nostr DMs. Not sure people care, but having the ciphertext available to everyone is a risk. It can be mitigated by having a unique relay for each group, but requiring people to do advanced relay management is not a recipe for success. This could be fixed at the protocol level. E.g. Client: give me the encrypted notes for key ID 0xabc123 Server: Sign this nonce with that key and they're yours Client: here's the sig Server: here's the encrypted DMs It still lets the relay see who is messaging whom, when and how often, but that is very much like Signal. But unlike Signal, nostr could pick a different subset of relays for each message so no single relay has all the information. As long as everyone in the group is using the same set of relays, that should be reliable.
โ†‘ Parent

Replies (2)

Martti Malmi's avatar
Martti Malmi sirius@iris.to 1 year ago
True, I forgot to mention that with double ratchet or MLS we can solve the metadata privacy on Nostr. Working on double ratchet, already deployed on Iris:
GitHub
GitHub - mmalmi/nostr-double-ratchet
Contribute to mmalmi/nostr-double-ratchet development by creating an account on GitHub.
Dr. Hax's avatar Dr. Hax
I like the idea, but there are serious problems with leaking metadata with #nostr DMs. Not sure people care, but having the ciphertext available to everyone is a risk. It can be mitigated by having a unique relay for each group, but requiring people to do advanced relay management is not a recipe for success. This could be fixed at the protocol level. E.g. Client: give me the encrypted notes for key ID 0xabc123 Server: Sign this nonce with that key and they're yours Client: here's the sig Server: here's the encrypted DMs It still lets the relay see who is messaging whom, when and how often, but that is very much like Signal. But unlike Signal, nostr could pick a different subset of relays for each message so no single relay has all the information. As long as everyone in the group is using the same set of relays, that should be reliable.
View quoted note →
โ†‘