Apparently, there's a bug where mentioning me in a DM sends people a DM from me. 🤷‍♀️

nostr:nevent1qvzqqqqqqypzqhzs3s60tzrxa3e5r2h3pnq675hfyv4mn7zeeqgref0v724f80mcqqsyleg7ygkz4gd9vz96vm4hc6d74c4vfc8n6ccsvx5jqyhv8mkxsxgjjrx3p 

 It blows my mind that such a bug is even possible, since I'm not directly involved and don't even use those clients.

Someone is just gossipping about me, somewhere, and other people end up with DMs from me. 🙃 

 i've had this happen also, and dozens of other users, used to be much more prevalent back in the day, that's for sure 

 Freaky. I kept getting people DMing me like 
"I can't open it!"
"What do you want?"
"Can't read it, sorry."
And I was like huh? 

 eh, nothing to overthink about 💜

i've stressed test things a bit regarding dms way back

etc what happens when you copy paste the noteID of a dm to a post 

 😎 Love the stress testers. 

 stress tested, my lord my english has gone ratchet as of late

if you have any other questions, hmu, happy to share my experiences, as i've been here for over a year now 

 I was just worried that someone was trying to ask them for money. 😏 

 yeah nah, that's just nostr being nostr 

broken, but don't worry

we can fix her 

 Yeah, and for the record: I only beg for money in normal notes. 😂

Please zap. 

  https://i.nostr.build/GeaOQ.jpg  

 Oh, Gentleman of Zaplandia, I have hungry teenagers at home and anti-social developers I have to encourage.

https://c.tenor.com/9PpAotd6HYUAAAAC/tenor.gif 

 Can't client devs do some quality-control on incoming DMs, to prevent this?

@PABLOF7z @Moss @hzrd149 @Michael J @ChipTuner @fiatjaf @jb55 @Vitor Pamplona  

 if i mention you in my DMs, and i am DMing you, who shall receive this message? shall you be DMing yourself? or  Shall i receive a DM from you? how does this bug work ? and what shall be the contents of this said sent DM? 

 No, the bug is that npub1 DMs npub2 and mentions npub3 and npub2 gets a fake DM from npub3.
So, then they write npub3 and ask about the DM because they can't open it. 

 aaaaaaah oh my god. now i know why i got so many DMs. pipo were gossiping me. oh my god hahahahahaha Thank you .  

 this happened to me like six months ago.  a bunch of people wrote me saying i messaged them. and i was like, i did not. you could clearly see from my end of the chat, they started the conversation. it was so freaking weird i thought people were pranking me. and thats how i started distancing my self on #nostr from certain people.  

 I also thought it was an elaborate troll, but it was starting to come from people I doubted would troll me. 

 isnt that sort of what is supposed to happen though. petty shit coming from the ones least expected? im not surprised.  i feel sad for people with time to discuss me in their DMs. tbh .  

 Well, the person who wrote you didn't even get the DM, probably. They just got sent one that they can't read, that seemed to be from you. 

 they get the DM with the mention from who ever they are discussing with. those are the contents you cant read since you'd need either nsecs to decrypt it. dunno whether that makes sense.  

 the client should simply not tag the person that's not the recipient; we no longer need positional tagging, so there's absolutely no reason to p-tag the non-recipient
 

 yeah, clients could just not show DMs they can't decrypt.

Generally, nostr clients need to be way more defensive when accepting events.

NDK has pluggable validation methods that make it so that clients don't even see events that don't conform to whatever standard they choose for this reason.

nostr:note1k5ghx3ehxj6825tj4emzggqrc5vgp23ahn2myj7ughplcn9t9f2q22cflv
 

 Like a Nostr ORM. 

 We used to use validators in Doctrine. I think some were custom and others from Symfony. 

 That's a relay job if you ask me. 

 I consider QC everyone's job. 

 I don't have any hands on with this issue. But DMs are a totally different note kind, so when "mentioning" someone that @ or npub is stored in the ciphertext so I client cant know about the mention until its decrypted? I'm curious where parsed cihpertext model overlaps with the rendering of new message "channels". Weird. 

How is this a relay issue? Relay should be unaware of a "mention" in a DM.  

  https://i.nostr.build/GeaOQ.jpg  

 Oh, Gentleman of Zaplandia, I have hungry teenagers at home and anti-social developers I have to encourage.

https://c.tenor.com/9PpAotd6HYUAAAAC/tenor.gif 

 yeah, clients could just not show DMs they can't decrypt.

Generally, nostr clients need to be way more defensive when accepting events.

NDK has pluggable validation methods that make it so that clients don't even see events that don't conform to whatever standard they choose for this reason.

nostr:note1k5ghx3ehxj6825tj4emzggqrc5vgp23ahn2myj7ughplcn9t9f2q22cflv
 

 Like a Nostr ORM. 

 We used to use validators in Doctrine. I think some were custom and others from Symfony. 

 the client should simply not tag the person that's not the recipient; we no longer need positional tagging, so there's absolutely no reason to p-tag the non-recipient
 

 they get the DM with the mention from who ever they are discussing with. those are the contents you cant read since you'd need either nsecs to decrypt it. dunno whether that makes sense.