GuardianPlasma on Nostr: I hope you're being sarcastic but you really shouldn't joke when it comes to privacy ...
I hope you're being sarcastic but you really shouldn't joke when it comes to privacy and security. Nostr DMs, the way they're currently implemented in most clients, are simply unsafe. NIP-04 and NIP-44 don't provide forward secrecy, break-in recovery, deniability (if either sender or recipient is compromised, or wants to prove a message was sent), or post-quantum cryptography. GiftWraps appear to do a good job at protecting DM metdata from public view, but not the server operators.
Published at
2024-09-13 22:46:52Event JSON
{
"id": "215fd4a7a26dce1b17c69331c4a2f8d9c26c63c6e043d1cc7aee57e6dd4db36e",
"pubkey": "f3f2589280adfd611d4693a24dd711f6b49053aeb5c856c5baa50318c12d20ef",
"created_at": 1726267612,
"kind": 1,
"tags": [
[
"e",
"71f1870e386b3a11387beb5f477fb0a27ae025484b095914f0b4b97341c361bf",
"",
"root"
],
[
"e",
"48b0cc56e8e0a52cc6c10161191cf28ee29e50ba1d3bdb4a23d878ade54ed46b",
"",
"reply"
],
[
"p",
"85d5ae354755bb90373f20485a20aa2a07d5fac3572f2bcf416f5294681a1f6b"
],
[
"p",
"7726c437ccf791f6ded97dbac1846e62019e5fbd24f42e9db2f640f231c3c09a"
]
],
"content": "I hope you're being sarcastic but you really shouldn't joke when it comes to privacy and security. Nostr DMs, the way they're currently implemented in most clients, are simply unsafe. NIP-04 and NIP-44 don't provide forward secrecy, break-in recovery, deniability (if either sender or recipient is compromised, or wants to prove a message was sent), or post-quantum cryptography. GiftWraps appear to do a good job at protecting DM metdata from public view, but not the server operators.",
"sig": "a14bb9546553704f6f2b525ae0916ed5d4fdb68b933825e6cfcaf9f505000ee197b9a00ac956eaddcdfa672fb468c43d5355d485a70ccbf2624fdd1962977cb2"
}
