Oddbean new post about login | logout Someone posted an image of my encrypted nostr DMs on Twitter. Of course I know that it's possible to see the metadata but I didn't realize how creepy it feels. You can see who I talk to and when. You could deduce my social circles, maybe even real world activity related to my messaging patterns. From now on, I will stop using normal DMs on nostr. The traces they leave is horrifying and you shouldn't use DMs either. *Please do not send me any DMs from your npub if you have something to communicate to me.* Use a random npub or a giftwrap or use a different method or use a different network to reach me. Nostr DMs have always been a complete privacy hell and I urge anyone to realize this and act accordingly. I repeat: DO NOT DM ME. I WONT DM YOU.
Replayed in DM.
Hahahahahahahaha
I saw Jameson Lopp take a dig at DMs on Mastodon the other day (which I already knew about). The message should be don’t use DMs for anything important on any social media platform. I’m new to Nostr so still learning how it works so thanks for pointing this out.
Try SimpleX.
The doctor has a point. nostr:nevent1qqsdef3y624xr3ngrdmfd3qp8algjeqart09szlhu5myc0qcpxezeggpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygzsm98u9kzcp35zkpc62shck8335gqtq5yt4w26xwl0pp2a72qavvpsgqqqqqqslnx8sr
Maybe disabling DM’s on nostr apps can be a very useful feature. I’d disable DM’s in a heartbeat
Yes, I wrote a note on this the last week, I'll repost it here: A piece of OpSec advice for #nostrplebs: #Nostr is fantastic and wonderful, but its resilience against censorship comes with inevitable trade-offs: Nostr is entirely public and open. Every single event you broadcast to the relays can be consumed by anyone in the world, and this doesn't just include the notes. For example, I can know with whom you've exchanged DMs and at what time (though the content of the messages remains encrypted). I'm not saying that #nostrices should hide who they are and what they think, quite the opposite! Just be cautious not to reveal personal information that could get you into trouble.
Merci beaucoup et ça m'étonnera toujours à chaque fois que j'entends, lis voit ce que l'être humain est capable de faire et me demande pour quel intérêt.. Dans la chaîne l'être humain peut être l'une des espèces la plus dangereuse du fait de sa propension à surfer avec ses aspects dantesques
Let's attach a @simplex recommendation to this
Use dm to send your simplex invite
Nostr has never promised privacy. I often try to push for more privacy in nostr, but it's often an unpopular opinion. "tracking" is pretty standard, I am told. It is, but there should be an alternative. NIP-04 goes a long way, but it would be even better if it was transpoted in a more private way, over HTTP or with privacy respecting sites or relays.
nostr:note1mjnzf542v8rxsxmkjmzqz0m739jp6xk7tq9l0efkfs7pszdj9jsse4km82 This is ridiculous. Nostr DM's aren't the most secure thing ever but they are encrypted. Who cares if they can see who you message? The content is what matters and no one can see that.
We should boost @simplex imo.
I don't get why the Nostr community (clients & relays) has given up on supporting NIP-42. It'd prevent random users from doing this (but not the operators of the relays you use). Nevertheless feels like low hanging fruit. @semisol @fiatjaf you authored the NIP, any insights on this? https://github.com/nostr-protocol/nips/blob/master/42.md
Thats why I directly this DM stuff. A few months ago.
If you used simplex couldnt someone also post a screenshot of that chat?
you need to be a party of that chat to do that. The nostr dm meta data is public for any third party to map and visualize / track. Messages are encrypted, but reciever and timing is public in nostr dms.
Oh i thought someone posted the dm content. Yes metadata for dms on nostr has always been available.
Aight, then we got that sorted out :)
At the same time i dont see a HUGE problem because.. they are DMs, not PMs. Direct message, not private message.
Fair point. The DMs might be a good place to share contact info to private messages, for instance. So I agree with you here.
DMs are just for sharing SimpleX links. 😅🤣
Based 🗿
In which sense based?
I imagined a prompt reply with a SimpleX link on any message, no matter what xD
Interesting view. Does this change your mind, @calle 👁️⚡👁️?
How often do you plan to burn accounts and start fresh? Is this the solution here. This plus no changing on nsec means horrible privacy and security. nostr:nevent1qqsdef3y624xr3ngrdmfd3qp8algjeqart09szlhu5myc0qcpxezeggpzpmhxue69uhkummnw3ezuamfdejsygzsm98u9kzcp35zkpc62shck8335gqtq5yt4w26xwl0pp2a72qavvpsgqqqqqqsv7r4e7
What is a giftwrap?
See Amethysts for example. Can't explain technically at the moment. h/t @Vitor Pamplona
I'm in Amethyst right now, but still don't fully understand. I appreciate the effort of guiding me towards an example though :)
Months ago a relatively large figure on nostr publicly said they were going to ask another user if they could reveal their identity in relation to a questioning post from a third party. They then proceeded to DM the public profile of the anonymous user using nostr DMs with public metadata. It was a relatively insignificant thing and the identity was shared publicly after so I didn’t raise this as a big deal, but it was still a fail from someone who should have been aware of the issue.
dawg, you realize you're just one "cyber pandemic" away from the metadata *and data* of your twitter dm's being public right?
Yes but we're still small.
Yeh it’s pretty bad for privacy. Surely there’s a way to fix this overtime?
Never should have beem created in the first place imo. Many great messaging options, like Simplex. Keep nostr simple imo
The protocol is able to handle it simple, i think. But too simple got privacy threatening.
Same thoughts on Nostr DMs, avoid. nostr:note1mjnzf542v8rxsxmkjmzqz0m739jp6xk7tq9l0efkfs7pszdj9jsse4km82
Wait until you see the zap metadata.
Follwoing you right now. 🫂
I don't reply to DM's, I don't reach out via DM's either. ✊🏽🍊💊⚡️ nostr:nevent1qqsdef3y624xr3ngrdmfd3qp8algjeqart09szlhu5myc0qcpxezeggpp4mhxue69uhkummn9ekx7mqzypgdjn7zmpvqc6ptqud9gtutrcc6yq9s2z96h9dr80hss4wl9qwkxqcyqqqqqqgsngc9x
Keet.io just launch beta and its awesome. Keet and Greet Beta pear://keet/yrbionfcjybapcuf6fusx96idy9skttaf8zpoyh8iitx7pgz5gjcre8zktxhmcmbw1u77899txynynsofjhuiqrek8pdrhrf8mibgn6tzds64cuf
runs like shit for me, laggy and slow and buggy
No. Thats the old version. Version 2.1.2?
yep latest runs way worse for me
is your room still up?
Yes. 40+ 🍐🍐
cant join, new version sucks
nostr dm's are a mistake should be hidden until a method of hiding the metadata is deployed nostr:note1mjnzf542v8rxsxmkjmzqz0m739jp6xk7tq9l0efkfs7pszdj9jsse4km82
Is there a NIP for that? nostr:note1mjnzf542v8rxsxmkjmzqz0m739jp6xk7tq9l0efkfs7pszdj9jsse4km82
Pulsar is pretty cool, private messaging on Nostr. TOR is down, but it works on clear net. Star it on Github. https://github.com/supertestnet/pulsar
It's a feature not a bug
Thanks for the heads up! 🫡
nostr:nevent1qqspm5x4j5mmwalcpd6e5cq0e9kntgexu4k5s39jj56fxrf26khxsqcppamhxue69uhkummnw3ezumt0d5pzql0rmmudyyveckk8hqnntjemd76gxl0mc0xnzv9cluy965xrsj6rqvzqqqqqqyyah7jw
Good to keep in mind! btw: https://simplex.chat/contact#/?v=1-4&smp=smp%3A%2F%2FN_McQS3F9TGoh4ER0QstUf55kGnNSd-wXfNPZ7HukcM%3D%40smp19.simplex.im%2FqYyRY9xFvqZIBH6IwTciuyAd4KuEwf8K%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEAuuwwKZLE3eVzYAl-rXKpJHWVyMylKfzyS2bL1sSrEnQ%253D%26srv%3Di53bbtoqhlc365k6kxzwdp5w3cdt433s7bwh3y32rcbml2vztiyyz5id.onion nostr:nevent1qqsdef3y624xr3ngrdmfd3qp8algjeqart09szlhu5myc0qcpxezeggpz3mhxue69uhkummnw3ezummcw3ezuer9wcpzq5xeflpdskqvdq4swxj59793uvdzqzc9pzatjk3nhmcg2h0js8trqvzqqqqqqyvdg3q9
nostr:note1mjnzf542v8rxsxmkjmzqz0m739jp6xk7tq9l0efkfs7pszdj9jsse4km82 This seems like a serious issue.
Ask questions. Don't trust, verify nostr:nevent1qqsdef3y624xr3ngrdmfd3qp8algjeqart09szlhu5myc0qcpxezeggprpmhxue69uhhyetvv9ujumn0wd68ytnrdakjuct4qgs9pk20ctv9srrg9vr354p03v0rrgsqkpggh2u45va77zz4mu5p6ccrqsqqqqqpuwuxzw
Simple X @simplex
DM lewat nostr adalah buruk . mengapa? nostr:note1mjnzf542v8rxsxmkjmzqz0m739jp6xk7tq9l0efkfs7pszdj9jsse4km82
nostr:note1mjnzf542v8rxsxmkjmzqz0m739jp6xk7tq9l0efkfs7pszdj9jsse4km82 I didn't know Nostr DMs had such metadata. Bitcoin maxis were shilling Nostr so much that I forgot to verify the features myself and trusted too much. Lesson learned. Don't use Nostr DMs as they are not private as you might think. Privacy apps are in the making.
nostr:nevent1qqsdef3y624xr3ngrdmfd3qp8algjeqart09szlhu5myc0qcpxezeggpz3mhxue69uhkummnw3ezummcw3ezuer9wcpzq5xeflpdskqvdq4swxj59793uvdzqzc9pzatjk3nhmcg2h0js8trqvzqqqqqqyvdg3q9