'DM Reporter Bot' Serves A Reminder About The Current State of Nostr DMswww.nobsbitcoin.com/dm-reporter-bot-nostr/
701 sats \ 10 comments \ @kepford 2 May 2023 nostr
write
preview
related posts
346 sats \ 8 replies \ @kepford OP 2 May 2023
The contents of private messages on Nostr are encrypted, but when and who you are talking to is currently 100% public information.
Important to understand how your comms work. Nostr is not a replacement for privacy messaging apps.
reply
206 sats \ 3 replies \ @ek 2 May 2023
We kill people based on metadata
-- NSA Director General Michael Hayden
https://abcnews.go.com/blogs/headlines/2014/05/ex-nsa-chief-we-kill-people-based-on-metadata
reply
10 sats \ 2 replies \ @shyfire 2 May 2023
Thanks for reminding me of this gem.
reply
0 sats \ 1 reply \ @ek 2 May 2023
I even made a small collage for my friends which were too lazy to move away from WhatsApp:
slides from a university lecture I attended + paper about WhatsApp leaking metadata. I censored the logo of my university for privacy reasons
They didn't respond
reply
0 sats \ 0 replies \ @shyfire 2 May 2023
Yeah there was also recently a high profile case of users in India who were recently convicted because of WhatsApp
https://scroll.in/article/1044425/how-a-cross-border-love-story-illustrates-the-extent-of-whatsapp-surveillance-in-india
reply
0 sats \ 3 replies \ @shyfire 2 May 2023
With all the big social media apps rolling out E2E encrypted DMs, people will just naturally assume that DMs are private. While you are correct, I do not expect noobs and first timers to know that Nostr DMs are horribly broken.
reply
10 sats \ 2 replies \ @kepford OP 2 May 2023
I would argue direct messages should never be assumed to be private messages. ESPECIALLY on a social media site. I've never trusted Twitter or Facebook DMs. That is what needs to change. Something not being public doesn't mean it is secret. Of course Nostr is not really ready for the type of folks you are referring to. I don't expect normies to be on it for a long time. And that's good. Its new and rapidly changing.
reply
0 sats \ 1 reply \ @shyfire 2 May 2023
Facebook:
Learn more link:
https://www.facebook.com/help/messenger-app/786613221989782
They're clearly investing a lot in it. Like it or not, normies are becoming used to their DMs on social media platforms being secure. iMessage, WhatsApp, Signal, etc
reply
100 sats \ 0 replies \ @kepford OP 2 May 2023
They are getting used to being told their DMs are secure. That is my point.
The solution is to educate. If it isn't open source you are just trusting the company.
Also secure is different from private. The messages probably are secure, in that they info isn't leaked. But I don't trust these social media platforms. Like bitcoin, not your keys not your messages.
reply
0 sats \ 0 replies \ @orthzar 4 May 2023
Re-using pubkeys is the chief problem -- a problem which Bitcoin devs figured out more than a decade ago. Using either Signal's or Matrix's cryptography library would get you 80% of the way to not leaking meta-data. The remaining 20% consists of (a) using random relays; and (b) having some way for people to contact you without requiring the recipient to either to post a pubkey publicly or host an online method just to generate addresses.
I am tempted to quit my job to work on this, but I have no idea if there's enough money on the table to fund the work.
reply