Thread

nip17 dm client. no metadata is revealed on relays.

Brilliant fuck yah!! Thank you for working on this!

but you can't trust group messages, so ...

giftwraps are mainly 1 on 1

giftwraps are cool. I use them for secure backend channel communication for my app.

I'd say they are *only* 1 on 1, really. Unless among close friends.

check out kernel's PR! i'm about to merge it

amazing. im stoked.

What's wrong with

Coop

Chat Freely, Stay Private on Nostr.

?

yeah definitely, but you do get inbox relays so there is not a pile of encrypted messages in one place

we plan on adding forward secrecy in the future, but there hasn't been an established standard yet adopted by many clients. baby steps

Yeah. DMs on Nostr are an atrocious situation, there’s like a dozen different ways to send a DM. Honestly the fragmentation makes mass adoption impossible. My client doesn’t support NIP-17 and I recently noticed I’d missed a handful of DMs from friends when I opened a NIP-17 supporting client to receive my emails via @npub1p5m9...jnut Imagine a normal person finding out that they didn’t receive messages addressed for them because there are multiple DM specs. They are going to come to the conclusion that Nostr is trash.

things just move slowly, once the tech gets built out it will all smooth over. it took awhile before I was able to get to even nip17 since I decided I needed to build a custom database first to ensure there were no performance issues 😅

Signal had a protocol spec from day 1 with nearly all basic requirements of a messaging service. Nostr has 2 NIPs, neither of which have been well thought out by someone who understands cryptography. NIP-17’s spec mentions “optional forward secrecy” but the author doesn’t seem to understand that forward secrecy means something in a cryptographic context or how it might be achieved. And if you have forward secrecy, why would you make it optional? Most messengers people actually use have forward secrecy as part of the protocol, with no way to opt-out. Signal, WhatsApp, FaceTime, and Facebook messenger. The only messengers that arguably do not have it are Viber and Telegram, the latter having it optional for its “secret chats”. “Things just move slowly” is a poisonous phrase in terms of making a widely adopted technology product. And it is less about moving slowly and more about people just going in completely different directions. Right now if things were moving faster, the ecosystem would just fragment faster. There’s not even an attempt to put developers on the same page or curate NostNostrents towards a reasonable standard. It’s a clusterfuck. Ideally, people would be seeking to copy White Noise, as it properly uses Double Ratchet (much like Signal and WhatsApp) instead of NIP-17. But even everyone agreeing to use NIP-17 would be better than the current situation, which is a multitude of incompatible methods that vary by the whim of each client’s developer.

unfortunately integrating white noise is a lot more complex, giftwraps are more general for more use cases beyond dms, and are simpler to implement. devs are time constrained, the slowness is more an economic reality even if its “poisonous”. Centralized dev can move faster of course and doesn’t have these issues of working with third parties and slower schedules. The benefit is that each implementation keeps other implementations in line. It’s harder to sneak through security vulnerabilities without being noticed by other clients.