Event JSON
{
"id": "f36d1e81cd9c80b5e79321e7fbf02547c44a58c52213ef405e90278146eaf664",
"pubkey": "97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322",
"created_at": 1696963410,
"kind": 1,
"tags": [
[
"p",
"79c2cae114ea28a981e7559b4fe7854a473521a8d22a66bbab9fa248eb820ff6",
"wss://relay.damus.io",
"Alex Gleason"
],
[
"e",
"2c640d5af2046ce69686fe57e43a90386b62db9ab04776afc420aa5c81d92e14",
"wss://relay.mostr.pub",
"root"
],
[
"e",
"61048da4295d2bee2fe44267c7d14dacb23616f5d5ca610c71b817b48cc1c257",
"wss://relay.mostr.pub",
"reply"
],
[
"p",
"7bdef7be22dd8e59f4600e044aa53a1cf975a9dc7d27df5833bc77db784a5805",
"wss://relay.damus.io",
"daniele"
]
],
"content": "Malicious in the sense of surveillance/phishing. So say someone sends you an email with a link pointing to `/notes?relays=wss://bad-relay.com/myemailinbase64`, you click on it and your client auto-signs an AUTH challenge, bingo bongo they have correlated your email/pubkey. Basically an injection attack. As it happens, nostr:nprofile1qqs8hhhhhc3dmrje73squpz255ape7t448w86f7ltqemca7m0p99spgpp4mhxue69uhkummn9ekx7mqprpmhxue69uhhyetvv9ujuumwdae8gtnnda3kjctvqythwumn8ghj7enfd36x2u3wdehhxarj9emkjmn9keq8hx pointed out that this is already possible using nprofile/nevent 😬",
"sig": "aad99223f6875d40f364da1b0f3ff22fce4d198888141e7990da15de793be86ea91a258e72ea7545156936316ed67670b932ebf2636195b7f4bee8caa930b030"
}