fiatjaf's avatar
fiatjaf _@fiatjaf.com 3 months ago
You do have a way of knowing: if your DMs are going to a semi-trusted relay and you have to AUTH to it in order to read them (as you should under NIP-17) that relay may inform you about who has read them, when and from what IP address. If we implement
GitHub
nip4e: decoupling encryption from identity by fiatjaf · Pull Request #1647 · nostr-protocol/nips
this is inspired by MLS, but much simpler, and definitely not trying to be a group communication system, but only a way for users to encrypt things...
 that will also kill the attacker ability's to read anything in the first place unless he wants to reveal himself by registering his bogus device or publishing new encryption keys.
↑ Parent

Replies (1)

Repeatedly nuked profile's avatar
Repeatedly nuked profile 3 months ago
Agree those are potential fixes for NIP17 DMs, albeit they rely on all the things you mentioned. How many people are going to exclusively use auth-enabled relays with IP access alerts? And those alerts could also work backwards and inform the attacker of the true holder's IP, which needs to be accounted for. I mean it's all doable but these dumb relays sure are getting pretty smart.
1 replies ↓