It doesn't break the privacy of MLS at all. All messages that are sent to relays are done so under ephemeral identities. All REQs that clients do to relays are for arbitrary group IDs that can (and must) change over time; or, in the case of welcome messages, they're REQing for NIP-17 style DMs. The creator of the group also sets the relays that the group will use for these messages so ideally, clients will only allow users to select relays that support privacy features like the "-" tag to stop event rebroadcasting, etc.

Can the chosen relay link IP-emphemeral identities and start putting a sequence of messages together? Can't they just see when the group id has changed and link the two? I am not doubting MLS, but I have seen too many people claim privacy until I run their server and start logging down everything every connection does to locate, track and identify each participant. If the relay can do it. They can either sell that info for profit OR be required by court order to track and identify users. If they can do it, they will do it. That's why I am using Tor when connecting to DM relays. Every app session is a new Tor exit node. Relays can't know where each message is coming from. It's the only way I found to keep things private.

😳

talvez não seja algo tao ruim. Alguem acessaria um servidor que deixasse o algoritmo mais parecido com o twitter mas vendesse informação? View quoted note →