Oddbean new post about login | logout How many people have received an encrypted DM from me, recently, that they could not open, and that wasn't in response to a DM they'd sent to me? I basically never initiate DMs, y'all.
I was having a lot of trouble with DMs and was clicking all over the place, trying to get them to work, but I don't recall writing to some of you. 🤔
it's not to do with nsec compromisation, it's a bug on the client's end likely such cases go back to over a year ago
There's a client randomly DMing people nonsense and we don't know which one?
nostr:note1ctwehyl5ruwn0r5h5m32ayz6qj253htpl9hzelhzq89fp9hefv8scwngq7
there are variations and edge cases that still might be causing this bug
Oh, man.
happy to help @jb55 could maybe elaborate further on why it still happens exactly
Damus used to do this whenever you tagged a third party in a DM, but it was patched.
I got it. My guess is that it’s a bug that has something to do with the nostr devs wiki article. I was mentioned in it and I think I got the DM around when the article was published.
Which client do you use?
Damus, Primal, and Coracle mostly. IIRC I saw it on Damus.
Do you have the newest version installed?
Yeah v1.9 build 6
@jb55 looks like the bug is still there.
Damus will show dms it can’t decrypt for whatever reason. Not necessarily a bug, ive used this to find clients leaking tags accidentally
It confuses the users, though, because they can't seem to tell who sent the DM. And then they write the wrong person and it's like OMG someone is sending DMs from my npub. 😱 Would it be possible to catch that and display a clear message (DM from X could not be decrypted), or something?
Yeah we could make it a dev mode thing
Wait. What kind of client doesn't validate the signature of events before even mentioning their existence to the user? IMO if an event isn't compliant with the proper JSON format and also correctly signed, then the client should reject it at the lowest level possible and pretend it never received it at all.