Oddbean new post about | logout
PlasmaGuardian | 2 months ago (raw) | root | parent | reply | flag +1 
 I'd like it if they fixed the privacy of DMs first.. it's also strange that there's no way to turn them off
Hazey | 2 months ago (raw) | root | parent | reply | flag 
 Privacy is fixed with nip 17. Many clients and libraries have already switched and deprecated nip 4. I wish Damus would hurry up and implement it.
PlasmaGuardian | 2 months ago (raw) | root | parent | reply | flag 
 nostr:nevent1qqs04jkx6rxfnzs8a3dc3gxsqpvjhe9yat74y3hdmfw53efeu22g6qcpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtczyrye3ftnnuz00lljqtz5jc4227ptxnktzrt0j9dalht4s2trh7ghzqcyqqqqqqgz2ugx4
Hazey | 2 months ago (raw) | root | parent | reply | flag 
 Nip17 is a combination of nip 44 and nip 59 gift wraps, which takes care of the concerns in that message.
PlasmaGuardian | 2 months ago (raw) | root | parent | reply | flag 
 NIP-59 seems to do a good job at hiding metadata from public view but it doesn't provide

- break-in recovery.
- repudiation (deniability).
- (lack of) visibility of connection graph to observers.
- fixed message sizes (although it can be provided by the specific app)
- resistance to Shore algorithm (PQ encryption).

I can add that it definitely doesn't provide forward secrecy.

It's concerning that these developers simply don't seem qualified to properly implement secure messaging, and I believe users are being put at risk, although I do see a lot of people just putting nostr:nprofile1qqsvnx99ww0sfall7gpv2jtz4ftc9v6wevgdd7g4hh7awkpfvwlezugpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsg5cway addresses in their profile anyway.
Hazey | 2 months ago (raw) | root | parent | reply | flag 
 You are wrong on several of these if not all. I will pull it up in a bit.
PlasmaGuardian | 2 months ago (raw) | root | parent | reply | flag 
 By 'it' I mean mean NIP-44 encryption.