Oddbean new post about | logout
oren_z0 | 1 months ago (raw) | root | parent | reply | flag +2 
 I do find it problematic that the media file that I see might not be what the original author intended to share (due to a malicious server).
The media file (or its sha256) should be included in the event signature, and clients should verify it.
CXPLAY | 1 months ago (raw) | root | parent | reply | flag 
 That's why we have NIP-94.
oren_z0 | 1 months ago (raw) | root | parent | reply | flag 
 Great, I didn’t know about it. So now we only need the attention of the devs.