Agreed, DMs feel more like meta data for the protocol than protected messages

I was wondering about the same thing few days back View quoted note →

Can we just like advertise a signal link on our profiles or something? Idk how that works lol

SimpleX recommends sharing the connection string out of band, so nostr would be good for that

💯

DM ≠ PM DMs are fine as is but still should have a true PM option with clear expectation between the two options

🤙

great

pull DMs from Damus?

agree

I love your style! That would be amazing but I just think our government will never go for it unless there was a law set for them. It’s a nice dream for sure.

Perhaps integrate with wire.com ?

Yeah, Simplex is cool. Another alternative is Session app.

このあたりの話かな？ View quoted note →

I currently agree strongly.

My2sats: NOSTR for some kind of public key distribution with built in social verification and then transition over to holepunch (used by keet) to do direct p2p messaging.

The NSA is laughing... They can get everything quite easily..

So true. Nostr is currently entirely public.

It would be able to delete DM.

Just integrate and add SMP & XFTP protocols.

Can I ask how Nostr DM’s arent private? I thought they are encrypted messages between two parties?

Nostr for public stuff and @SimpleX Chat for private stuff. That simple…

Check Elastos and its Carrier 2, which is P2P protocol. Suited well for private coms.

Elastos - Web3 Infrastructure Secured by Bitcoin

Elastos is building a decentralized internet infrastructure that gives users true digital ownership and privacy, secured by Bitcoin

Have you seen Arcade? (:

The content is. But DMs leak.. - who is sending messages to who - about what time (and more certainty when DMs back and forth in succession) - size of message

Even without full privacy, Nostr DMs are still very useful for messaging with entities where you don't want to spam your followers with junk as most clients filter them out from view or don't retrieve DMs that can't be read by the recipient in the first place. View quoted note →

nope

a friend told me to just use the Sessions app but i’m definitely curious about SimpleX as Jack knows a thing or two about privacy and technology. will try both and would love to hear any opinions if someone’s tried both

Ok thanks for clarifying

Where does this info leak?

Agreed

+1

When an event is posted to relays. Anyone that operates the relay or can read from the relay can receive those events and make determinations noted, even though they can't decrypt the contents. Think of the DM as the letter inside an envelope that is addressed to received, has a sender, postage stamp is marked. Anyone can see the envelope but can't see the message.

Cool. Thanks for clarifying once more. So for full privacy, the parties would just have to run and connect to their own private node?

I mean relay

If they could connect direct to each other bypassing nostr or public relays sure. There's some other strategies to consider - participants (A, B) could make new ephemeral keys (Ae, Be) for communicating and exchange that information in a normal direct DM. This still shows correlation between those new key sets, but can obscure who is talking to who if there's enough traffic otherwise. - an initiator (A) could send a DM to an intermediate recipient (I) to facilitate passing ephemeral pubkey (Ae) in nested encrypted messages the intermediary itself can't read. The intermediary is effectively a remailer, forwarding the nested encrypted message from A to B, and B then creates a new key (Be) to initiate message back to (Ae) The intermediary represents a central weakpoint though and if compromised would reveal to the compromiser that A is talking to B, but it's better than it being directly obvious - taking the above this could be chained through multiple remailer intermediaries. That's similar to what things like Tor and SimpleX do, just slower, and the initiator is setting up the path from the beginning. We need to learn from past approaches to remailera in the physical and digital world, and wrapping encrypted messages.

I had both, but I recently uninstalled simplex because the last version drained my phone battery. Maybe I'll reinstall it latter

So what is the best practice to securely point someone to a signal phone number? Place a text file or an image to a proton drive with a pasword on it. Send the link to the file and the password in the nostr dm. Erase when download is confirmed by the other side? There may be more ellegant solutions with other messengers (one time links with an expiration) perhaps. Could there be a "cache" in the nostr client (that you could link to in a dm), that would be accessible via a p2p connection for one time to exchange a secret? Is this how a security nightmare looks like? 😎🙈

XMPP

thnx, yeah simplex is prenew so i’m sure they’ll optimize it to use less juice soon. will download both and do some testing as well