Oddbean new post about | logout
Tim Bouma | 2 months ago (raw) | root | parent | reply | flag +1 
 The next step would be private, personal relays running on your device/phone.  I am working with the assumption that your personal data is being stored by an adversary to begin with. It’s all about tradeoffs.
ChipTuner | 2 months ago (raw) | root | parent | reply | flag +2 
 > It’s all about tradeoffs.
For sure I just wonder how hard we should be relying on nip44 (I wrote the reference C impl) to protect us from ciperhtext hoovers and leakage, since it should be assumed the instance you publish your encrypted note its available to anyone in the world within seconds probably.
Tim Bouma | 2 months ago (raw) | root | parent | reply | flag +2 
 Good question. @Max Hillebrand suggested to additionally encrypt the content with AES/password before encrypting with NIP-44. So long the password is stored out of band completely, it still should be protected if the nsec is compromised. 

In the end, all security relies on the protection of a private key stored somewhere. I’d like to have that under my control versus a randomly trusted admin.