Oddbean new post about login | logout Looks like my nsec is compromised.
🥹
It is a complete coincidence that I discovered this after writing a post on encryption. But, oh, the irony.
Apparently, there's a bug where mentioning me in a DM sends people a DM from me. 🤷♀️ nostr:nevent1qvzqqqqqqypzqhzs3s60tzrxa3e5r2h3pnq675hfyv4mn7zeeqgref0v724f80mcqqsyleg7ygkz4gd9vz96vm4hc6d74c4vfc8n6ccsvx5jqyhv8mkxsxgjjrx3p
It blows my mind that such a bug is even possible, since I'm not directly involved and don't even use those clients. Someone is just gossipping about me, somewhere, and other people end up with DMs from me. 🙃
i've had this happen also, and dozens of other users, used to be much more prevalent back in the day, that's for sure
Freaky. I kept getting people DMing me like "I can't open it!" "What do you want?" "Can't read it, sorry." And I was like huh?
eh, nothing to overthink about 💜 i've stressed test things a bit regarding dms way back etc what happens when you copy paste the noteID of a dm to a post
😎 Love the stress testers.
I was just worried that someone was trying to ask them for money. 😏
yeah nah, that's just nostr being nostr broken, but don't worry we can fix her
Yeah, and for the record: I only beg for money in normal notes. 😂 Please zap.
Oh, Gentleman of Zaplandia, I have hungry teenagers at home and anti-social developers I have to encourage. https://c.tenor.com/9PpAotd6HYUAAAAC/tenor.gif
Can't client devs do some quality-control on incoming DMs, to prevent this? @PABLOF7z @Moss @hzrd149 @Michael J @ChipTuner @fiatjaf @jb55 @Vitor Pamplona
if i mention you in my DMs, and i am DMing you, who shall receive this message? shall you be DMing yourself? or Shall i receive a DM from you? how does this bug work ? and what shall be the contents of this said sent DM?
No, the bug is that npub1 DMs npub2 and mentions npub3 and npub2 gets a fake DM from npub3. So, then they write npub3 and ask about the DM because they can't open it.
this happened to me like six months ago. a bunch of people wrote me saying i messaged them. and i was like, i did not. you could clearly see from my end of the chat, they started the conversation. it was so freaking weird i thought people were pranking me. and thats how i started distancing my self on #nostr from certain people.
I also thought it was an elaborate troll, but it was starting to come from people I doubted would troll me.
isnt that sort of what is supposed to happen though. petty shit coming from the ones least expected? im not surprised. i feel sad for people with time to discuss me in their DMs. tbh .
Well, the person who wrote you didn't even get the DM, probably. They just got sent one that they can't read, that seemed to be from you.
That's a relay job if you ask me.
I don't have any hands on with this issue. But DMs are a totally different note kind, so when "mentioning" someone that @ or npub is stored in the ciphertext so I client cant know about the mention until its decrypted? I'm curious where parsed cihpertext model overlaps with the rendering of new message "channels". Weird. How is this a relay issue? Relay should be unaware of a "mention" in a DM.
