Thread - Nostr Hypermedia

Oof. I'm sorry you feel that way. I consider SimpleX to be far superior. And it has been independently audited. NIP-17 is no where near as private or secure as SimpleX which is far more robust as a dedicated privacy message system. I am curious, why do you think that? Was it your NIP?

↑ Parent

Replies (6)

Vitor Pamplona _@vitorpamplona.com 1 year ago

We saw the flaws on SimpleX when building NIP-17. Basically, with SimpleX you have to trust the server you are using (both sides) to not log anything down. And they are upfront about this in their docs. For instance, their recommendation is to use a different server and different IP address for each contact in your list. But their app just bundles everything as one. So, servers can see a LOT. They have promised to not log things down, but if they want, they can (I run a server for a while to test these tracking capabiltiies out). Ideally, you should never user their default servers because if they can see both the receiver and the server channels in the same machine they can link a lot of people together and slowly figure out who is who. NIP-17's goal was to reduce the metadata leaks to the relay you are using such that you don't need to trust to not track you down. With the help of broadcasting relays, it's virtually impossible for relays, including your own inbox DM relays, to figure out who you are talking to.

3 replies ↓

HODLBurger 1 year ago

Also curious.

crany 👽🧡🗿 crypt0cranium@nostrcheck.me 1 year ago

reading up...

GitHub

nips/17.md at master · nostr-protocol/nips

Nostr Implementation Possibilities. Contribute to nostr-protocol/nips development by creating an account on GitHub.

Ava ava@nostrplebs.com 1 year ago

Thank you for the reply. I understand your point. What do you say about their "private message routing" that was added earlier this month?

SimpleX network: private message routing, v5.8 released with IP address protection and chat themes

1 replies ↓

Mike Dilger ☑️ mike@mikedilger.com 1 year ago

Yes it was his NIP. @Vitor Pamplona and @hodlbod and with NIP-44 @npub10jcn...3kag as well as some other people providing lesser contributions. NIP-44 was audited, but NIP-17 wasn't. I thought it was a great idea and put initial GiftWrap support into gossip very early (9 months ago). But NIP-17 DMs don't do everything SimpleX does. Neither is strictly better than the other. Still I think NIP-17 DMs are good enough. They use ephemeral keypairs so just like SimpleX it is like there are no IDs. And I don't think forward secrecy is really worth it.

frphank 1 year ago

Your "broadcasting relays" idea scales like shit.

3 replies ↓