Oddbean new post about | logout
 Can't client devs do some quality-control on incoming DMs, to prevent this?

@PABLOF7z @Moss @hzrd149 @Michael J @ChipTuner @fiatjaf @jb55 @Vitor Pamplona  
 if i mention you in my DMs, and i am DMing you, who shall receive this message? shall you be DMing yourself? or  Shall i receive a DM from you? how does this bug work ? and what shall be the contents of this said sent DM? 
 No, the bug is that npub1 DMs npub2 and mentions npub3 and npub2 gets a fake DM from npub3.
So, then they write npub3 and ask about the DM because they can't open it. 
 aaaaaaah oh my god. now i know why i got so many DMs. pipo were gossiping me. oh my god hahahahahaha Thank you .  
 this happened to me like six months ago.  a bunch of people wrote me saying i messaged them. and i was like, i did not. you could clearly see from my end of the chat, they started the conversation. it was so freaking weird i thought people were pranking me. and thats how i started distancing my self on #nostr from certain people.  
 I also thought it was an elaborate troll, but it was starting to come from people I doubted would troll me. 
 isnt that sort of what is supposed to happen though. petty shit coming from the ones least expected? im not surprised.  i feel sad for people with time to discuss me in their DMs. tbh .  
 Well, the person who wrote you didn't even get the DM, probably. They just got sent one that they can't read, that seemed to be from you. 
 they get the DM with the mention from who ever they are discussing with. those are the contents you cant read since you'd need either nsecs to decrypt it. dunno whether that makes sense.  
 the client should simply not tag the person that's not the recipient; we no longer need positional tagging, so there's absolutely no reason to p-tag the non-recipient
 
 yeah, clients could just not show DMs they can't decrypt.

Generally, nostr clients need to be way more defensive when accepting events.

NDK has pluggable validation methods that make it so that clients don't even see events that don't conform to whatever standard they choose for this reason.

nostr:note1k5ghx3ehxj6825tj4emzggqrc5vgp23ahn2myj7ughplcn9t9f2q22cflv
 
 Like a Nostr ORM. 
 We used to use validators in Doctrine. I think some were custom and others from Symfony. 
 That's a relay job if you ask me. 
 I consider QC everyone's job. 
 I don't have any hands on with this issue. But DMs are a totally different note kind, so when "mentioning" someone that @ or npub is stored in the ciphertext so I client cant know about the mention until its decrypted? I'm curious where parsed cihpertext model overlaps with the rendering of new message "channels". Weird. 

How is this a relay issue? Relay should be unaware of a "mention" in a DM.