Post ATDBX7lBfuCFnRzmim by rad_tech@gleasonator.com
(DIR) More posts by rad_tech@gleasonator.com
(DIR) Post #ATD8pJKB7MiX0rLJBY by alex@gleasonator.com
2023-03-02T16:43:44.863483Z
3 likes, 1 repeats
Nostr discovery: anyone can take someone else’s event from one relay and put it onto another relay. There’s no authentication, it’s how the protocol works. We trust that a pubkey said something, not whether they wanted you to see it.Therefore if you get into a private relay, you could take an event from that private relay and simply insert it onto a public relay. Wacky!To mitigate this, a user can delete a message. And you could also take the deletion event and put it onto another relay, and most well-behaved relays will stop showing the event and never show it again. But interesting this can happen in the firs place.The lesson is that private events HAVE to be encrypted if you want them to be private. This makes private groups about as hard to implement as they would be on the Fediverse. You’d likely do some libsignal thing which becomes painful to scale after there are about 100 participants in the group.(Public groups could be done in a weekend, and there are already public group chats on Nostr)
(DIR) Post #ATD92k3f2BSVgr1Naa by alex@gleasonator.com
2023-03-02T16:46:10.858701Z
4 likes, 0 repeats
Btw, Nostr has encrypted DMs already which even the Fediverse doesn’t have yet. It’s way easier to do when the user has a real pubkey and is already signing events.
(DIR) Post #ATD9GaH8Ce2hP5vFho by Moon@shitposter.club
2023-03-02T16:48:44.282073Z
0 likes, 0 repeats
@alex have they bothered with perfect forward secrecy
(DIR) Post #ATDA9pl0LM0tLZEyHI by 11112011@freespeechextremist.com
2023-03-02T16:58:47.087827Z
1 likes, 0 repeats
@alex not zaped sorry
(DIR) Post #ATDBMCMeDTJ0tIJ7yq by rad_tech@gleasonator.com
2023-03-02T17:11:35.876210Z
0 likes, 0 repeats
@Moon @alex is key rotation like that even possible without a server coordinating it? if your device is compromised then everything is compromised anyway. so it’s a trade off for sure
(DIR) Post #ATDBMDDT35YZX71JJI by Moon@shitposter.club
2023-03-02T17:12:11.579904Z
0 likes, 0 repeats
@rad_tech @alex i don't think it's a huge deal just curious, i think you send a session key by ordinary means
(DIR) Post #ATDBX7lBfuCFnRzmim by rad_tech@gleasonator.com
2023-03-02T17:13:51.259119Z
1 likes, 0 repeats
@alex > You’d likely do some libsignal thing which becomes painful to scale after there are about 100 participants in the group.All you need to do is distribute a shared secret to the list of people you want to post to. When you update the list, you send a new shared secret. It doesn’t need to be that complicated.
(DIR) Post #ATDBaOmGrQgNRb415s by alex@gleasonator.com
2023-03-02T17:14:42.397127Z
0 likes, 0 repeats
@rad_tech I assume it’s a little more complicated than that if you want a perfect Facebook groups experience, but good to know.
(DIR) Post #ATDBsKuXyW28fHUKNU by rad_tech@gleasonator.com
2023-03-02T17:17:43.768695Z
1 likes, 0 repeats
@alex I am talking about private posts. Like posting to friends only on facebook vs posting publicly to the world. That is all you need in order to solve the problem that you talked about.
(DIR) Post #ATDIpwsh2usHEmQhhw by grillchen@brotka.st
2023-03-02T18:36:01.343047Z
1 likes, 0 repeats
@Moon @alex it does. pixelfed has done it https://mastodon.social/@pixelfed/109398776283771604
(DIR) Post #ATDIsQQg9pyBSUVVQG by Moon@shitposter.club
2023-03-02T18:36:26.773124Z
0 likes, 0 repeats
@grillchen @alex i meant nostr, I'm sorry.
(DIR) Post #ATDIxjIvPOFlRiPSVs by grillchen@brotka.st
2023-03-02T18:37:26.073259Z
1 likes, 0 repeats
@Moon @alex ah and i meant the initial post 😓 encrypted dms exist in fedi as of now