Oddbean new post about | logout
 Once you give a client your nsec, technically, the client can sign whatever notes it wants. So if you’re serious about stopping replaceable notes, you’d want to individually inspect and approve each event JSON before signing. For example, you could use an extension (like nostore, the Safari plugin) with a web client.

In general you don’t need to worry about it. Clients that are for regular messaging will make regular kind=1 events for text, kind=7 events for reactions, kind=0 events to update your profile, kind=3 events for your follow list, kind=4 for DMs etc. You can browse a list of known kind number meanings here: https://github.com/nostr-protocol/nips?tab=readme-ov-file#event-kinds

In addition, clients tend to ignore events of kinds they don’t recognize. When your client subscribes to events from a relay, it sends a REQ message, which can include filters. It’s common to filter the events returned to just known, necessary event kinds. This reduces network traffic and bandwidth usage.