Why Nostr? What is Njump?
2024-10-12 03:49:49
in reply to

Dr. Hax on Nostr: I like the idea, but there are serious problems with leaking metadata with #nostr ...

I like the idea, but there are serious problems with leaking metadata with #nostr DMs. Not sure people care, but having the ciphertext available to everyone is a risk.

It can be mitigated by having a unique relay for each group, but requiring people to do advanced relay management is not a recipe for success.

This could be fixed at the protocol level. E.g.
Client: give me the encrypted notes for key ID 0xabc123
Server: Sign this nonce with that key and they're yours
Client: here's the sig
Server: here's the encrypted DMs

It still lets the relay see who is messaging whom, when and how often, but that is very much like Signal. But unlike Signal, nostr could pick a different subset of relays for each message so no single relay has all the information. As long as everyone in the group is using the same set of relays, that should be reliable.
Author Public Key
npub16v82nr4xt62nlydtj0mtxr49r6enc5r0sl2f7cq2zwdw7q92j5gs8meqha