Reminder and example about impact of metadata leak in Nostr DMs \ stacker news ~privacy

Reminder and example about impact of metadata leak in Nostr DMs primal.net/e/note1mjnzf542v8rxsxmkjmzqz0m739jp6xk7tq9l0efkfs7pszdj9jsse4km82

2779 sats \ 12 comments \ @ek 10 Feb privacy

zaps forwarded to @calle (100%)

Note from @calle on Oct 18, 2023, 10:18 AM:

Someone posted an image of my encrypted nostr DMs on Twitter. Of course I know that it's possible to see the metadata but I didn't realize how creepy it feels. You can see who I talk to and when. You could deduce my social circles, maybe even real world activity related to my messaging patterns.

From now on, I will stop using normal DMs on nostr. The traces they leave is horrifying and you shouldn't use DMs either.

Please do not send me any DMs from your npub if you have something to communicate to me.

Use a random npub or a giftwrap or use a different method or use a different network to reach me.

Nostr DMs have always been a complete privacy hell and I urge anyone to realize this and act accordingly.

I repeat: DO NOT DM ME. I WONT DM YOU.

I think NIP-17 (old 24) Sealed Gift-Wrapped Messages for Private DMs and Small Group Chats is going to help against this but I haven't looked into the details yet. So if someone can share details, would be much appreciated :)

this is a great candidate crosspost for ~nostr and ~privacy

view all related items

5 sats \ 2 replies \ @OT 10 Feb

Does anyone use simplex?

207 sats \ 0 replies \ @ek OP 10 Feb

I do. We also have a group there for SN. See chat in footer.

111 sats \ 0 replies \ @freetx 10 Feb

the integration of a nostr client with simplex would be a real game changer.

it would result in this weird hybrid social media + chat client + zap wallet. it could almost literally become an "everything app"

75 sats \ 3 replies \ @RAIKO 10 Feb freebie

NIP-44 is meant to address it and is already implemented in many clients, e.g., Amethyst, OxChat. https://github.com/nostr-protocol/nips/blob/master/44.md

0 sats \ 2 replies \ @ek OP 10 Feb

I don't think that NIP-44 fixes the metadata leak by itself:

Note: this format DOES NOT define any kinds related to a new direct messaging standard, only the encryption required to define one.

[...]

Every nostr user has their own public key, which solves key distribution problems present in other solutions. However, nostr's relay-based architecture makes it difficult to implement more robust private messaging protocols with things like metadata hiding, forward secrecy, and post compromise secrecy.

The goal of this NIP is to have a simple way to encrypt payloads used in the context of a signed event. When applying this NIP to any use case, it's important to keep in mind your users' threat model and this NIP's limitations.

312 sats \ 0 replies \ @RAIKO 10 Feb

Sorry I was meant to say that in itself it does not, but in combination with https://github.com/nostr-protocol/nips/blob/master/59.md it solves the metadata issue.

0 sats \ 0 replies \ @RAIKO 10 Feb

deleted by author

0 sats \ 0 replies \ @jurraca 10 Feb

imo, Nostr's publication-via-redundant-relays model makes DMs (and any "secret" message) an antipattern. The relay model is meant for public, widespread publication where metadata is a feature. If we want secrecy, it won't be via a new fancy cryptography scheme over this model.

0 sats \ 1 reply \ @fabohax 10 Feb

may we think why we need priv messages

0 sats \ 0 replies \ @ek OP 10 Feb

On nostr or in general?

0 sats \ 0 replies \ @Kathleen_Croteau 10 Feb

Nostr metadata in general is vulnerable to the same thing.

0 sats \ 0 replies \ @038089326f 10 Feb freebie

hahaa i feel this