Ephemeral, anonymous chat via QR codes over nostr \ stacker news ~nostr

Ephemeral, anonymous chat via QR codes over nostr github.com/ekzyis/nostr-qrchat

1728 sats \ 21 comments \ @ek 10 May 2023 nostr

view all related items

54 sats \ 0 replies \ @ek OP 10 May 2023

You can try the QR code on Github or this one:

Clicking on the QR code on Github also works

240 sats \ 17 replies \ @Monotone 10 May 2023

It seems to me that nostr is not suitable for anonymous chats. There are already many other good solutions

57 sats \ 7 replies \ @TonyGiorgio 10 May 2023

Agreed. Better to not go down too far down the path. Terrible foundation for chat, espeically if something is intended to be "anonymous"

55 sats \ 6 replies \ @ek OP 10 May 2023

I like the ease of use because it's just a key pair.

I don't know of any other service where you can simply generate a key pair and then send encrypted DMs to another key pair (which could also be generated on demand which I don't do here, to be fair).

Isn't that as anonymous as it can be on clearnet?

Or are you concerned because of the current state of NIP-04?

54 sats \ 5 replies \ @TonyGiorgio 10 May 2023

ease of use

Like PGP? And some things are complicated for a reason. Simple doesn't mean you should use it.

concerned because of the current state of NIP-04

That's putting it lightly.

0 sats \ 4 replies \ @ek OP 10 May 2023

No, PGP is hard to use right. (edit: Talking about usage over SMTP here)

I think you are talking more generally about using nostr for anonymous chats. Generally, I agree. Nostr is bad to stay anonymous.

However, I don't see how ephemeral key pairs as used here are not anonymous. I am talking about this specific use case where a random person just wants to contact you to exchange a few messages and then the key will never be used again.

Maybe I should be more clear: It's about the anonymity of the sender, I don't generate a new key pair for the recipient side (yet). So I am indeed not anonymous here.

0 sats \ 3 replies \ @TonyGiorgio 10 May 2023

I guess I don't really get what's the point of the project then. I just see a QR code and a github repo that says "anonymouse chat!"

Not trying to dismiss it or discourage development, but I don't see the point nor understand the claims being made.

0 sats \ 2 replies \ @ek OP 10 May 2023

Not trying to dismiss it or discourage development, but I don't see the point nor understand the claims being made.

No worries, it's still valuable feedback that the use case is not clear!

But does that mean that the mentioned use cases don't make sense to you?

put a QR code on your letter box so people at your door can reach you without any PII

put QR codes anywhere where people may want to open instant support chat sessions

put QR code at your website to let people chat with you

(just realized I forgot to add "even when you are not at home" in the first point)

However, big reasons were certainly just for fun and see how to build stuff on nostr.

I will print one QR code and put it on my letter box. Let's see if I ever get a message, haha

10 sats \ 1 reply \ @TonyGiorgio 10 May 2023

From a technical standpoint I have no idea what it's doing or how it claims to be anonymous, so from my understandings of how broken nostr DM's are, I do not like it nor want to encourage anyone going down that path.

view replies

0 sats \ 8 replies \ @ek OP 10 May 2023

Which do you have in mind?

108 sats \ 7 replies \ @Monotone 10 May 2023

As far as I remember, nostr now has metadata about who sent messages to whom and when. This is not enough for complete anonymity. Though I may not have gotten the point.)

248 sats \ 2 replies \ @ek OP 10 May 2023

Yes, NIP-04 leaks metadata as it is. But since one key pair will never be reused (at least that's my intention), I thought this should still be "anonymous".

I could also create a new ephemeral key pair for the recipient side. Then I think metadata shouldn't matter.

But I could be wrong of course.

0 sats \ 1 reply \ @Monotone 10 May 2023

This option can be useful for one-time short chats, but not for long-term communication.

5 sats \ 0 replies \ @ek OP 10 May 2023

Yes, I agree. That's why it's called ephemeral: new key pairs are generated every time you reload the page.

10 sats \ 3 replies \ @ek OP 10 May 2023

You didn't say which other solutions you were talking about. I would be interested in them.

1458 sats \ 2 replies \ @Monotone 10 May 2023

For example this: https://simplex.chat/

Not much harder to use, but more secure and much more anonymous. It doesn't even have a user ID.

5 sats \ 1 reply \ @ek OP 10 May 2023

Oh, right, I think SimpleX was also mentioned in the discussions about how to improve NIP-04 but I didn't take a look at it yet. Thanks for reminding me!

This looks indeed really promising.

Maybe I can implement the protocol for my use case with QR codes.

Thanks again!

10 sats \ 0 replies \ @Monotone 10 May 2023

You're welcome) On the other hand, I support the fact that people are trying to come up with different uses for nostres. This is a good warm-up for the brain, but before that it is better to check the existing options so as not to reinvent the wheel)

0 sats \ 0 replies \ @gzoo 10 May 2023

Like it! 👏👏👏

0 sats \ 0 replies \ @ek OP 10 May 2023

I replied to two people coming from Github but I think I replied too late and the session was already closed, haha

Sorry for being slow!

edit: Oh, I found a bug. An old tab of mine (15min+ old) could still send messages but did not receive messages anymore. I think I need to check subscription states regularly and reconnect if they are closed.