As someone who used to be in the Secure Scuttlebutt community an now works on OpenMLS, I wonder how they (you?) deal with concurrency of Commit messages. I spent quite some time thinking about ways to detect and resolve forks, and the current iteration of MLS doesn't really have good answers here.
https://github.com/nostr-protocol/nips/blob/001c516f72943081...
How does White Noise address criticisms surrounding Nostr's implementation[1]:
> While nostr offers the ability to send encrypted DMs to user pubkeys, the metadata of these messages are broadcast publicly via relays. This is the same as a bitcoin transaction being viewable on the public ledger. The contents of the direct message will be encrypted, but other metadata like the sender and recipient can be viewed by anyone.
Even assuming if metadata is encrypted, does WN's implementation broadcast messages across public relays?
If you can map out social networks based on publicly available data, can tell if one user messages another, or correlate when messages were sent to/from whom, I would not call that private.
The short version is: Traditionally, Bob needed to “log in” to be able to send a message to Alice’s inbox.
With Sealed Sender, Alice gives Bob a credential that allows him to message her from now on without logging in.
Only Alice can tell that the message she received is from Bob.
There’s some subtlety around bootstrapping these credentials and preventing abuse which means that not every message can be sent as Sealed Sender, but the vast majority are. Read the blog post for the authoritative explanation.
There’s an option in the app settings to make visible which of your messages were sent without identifying your client to the server if you’re curious.
But if so, doesn't signal still know that alice and bob are communicating because it's transferring messages between them? Even if Bob doesn't log in IP B is still sending payloads that eventually get delivered to IP A, and if law enforcement later asks signal for logs they could be correlated.
Even if they can't read it, a hostile government won't care.
There is only so much you can do against a really determined adversary thats well funded. I just want a Signal that doesn't tie everything back to a phone number.
I arrange to tell Alice in an encrypted chat that I will be doing a drop on X url after Y time and to watch it.
Alice comes picks up the drop. Done.
PS: This is another great use for cryptocurrency. When you don’t want to use account-based charging, then you allow anyone to prepay for the resources with crypto.
This happens upon initial contact and after Alice revokes her credential (which can happens if she blocks someone).
States can use metadata from Signal and ISPs to confirm that party A was in contact with party B and at what times, for example, in charges of criminal conspiracy. If one device on any end of the chats is compromised or confiscated, chats and identities are exposed. Once both devices are confiscated, messages are decrypted on both ends of the Signal app and authorities can grab the message content they used the metadata to get a warrant/subpoena/order for.
Similarly, Signal can be gag ordered to keep a record of phone numbers linked to identities if it already doesn't exist in their implementation. Signal and/or Google/Apple/ISPs/carriers can be compelled to follow wiretap laws and collect more data on specific users, push special updates to them, etc.
It's an app that forces the use of cell phone numbers linked to real identities in order to use it, clients have servers hardcoded, clients make direct connections to servers, etc. Just the first fact alone should be a red flag if your well-being depends on privacy.
tl;dr: the answer you're looking for is probably in the explainer doc [1].
At its core, Nostr is simple: it's "just" JSON over WebSockets. But there are dozens of optional proposals to add additional functionality. And a few of those proposals are related to encrypted DMs, specifically, NIP-04 [2], and NIP-17 [3]. Most of the online criticism of encrypted DMs on Nostr is about NIP-04 (which is why it's deprecated.)
White Noise is using a different encryption standard: MLS (Messaging Layer Security) [4]. They explicitly say in their docs: "White Noise is an implementation of the NIP-EE spec." [5]. The NIP-EE proposal itself is on GitHub [6]. The explainer doc [1] I first mentioned is linked to from the proposal [6].
This is all to say: given all the links I posted here, an AI chatbot could probably give you a better answer using the prompt: "How is NIP-EE (Messaging Layer Security for Nostr) different or better than NIP-04 or NIP-17?"
(I'm a little surprised that wasn't already in the FAQ for the project.)
[1]: https://github.com/nostr-protocol/nips/blob/001c516f7294308143515a494a35213fc45978df/EE.md
[2]: https://github.com/nostr-protocol/nips/blob/master/04.md
[3]: https://github.com/nostr-protocol/nips/blob/master/17.md
[4]: https://www.rfc-editor.org/rfc/rfc9420.html
[5]: https://github.com/parres-hq/whitenoise?tab=readme-ov-file#the-spec
[6]: https://github.com/nostr-protocol/nips/pull/1427I haven't looked into the White Noise code, but Gift Wrapping is just one way this issue was solved a long time ago: https://nips.nostr.com/59
AFAIK the only real ways to get metadata privacy are onion routing (increase the chance of a non-compromised node) and N-anonymity (decrease the value of a discovered connection).
IP layer privacy is left to a lower layer. VPN or Tor or whatever. Trying to re-implement onion or garlic routing in nostr is IMHO not a great idea. Why tie such functionality together in the same layer?
The then immediate issue is routing becomes very inefficient since every node now needs to receive and attempt to decrypt every single message. Which they solved by having channels to split up the network and only require decrypting of every message on the same channel as your address.
The next step would be nodes sending random fake messages into the network at random intervals, to obfuscate who's talking to whom.
So maybe kinda but you don't have a lot to work on. And nodes don't have persistent IDs so if they were on a VPN, CGNat, dynamic IP, you'd have a hard time tracking them over time.
What I posted is just the first link I found on DDG that talks about it.
I started my reply thinking it was still using Tauru but apparently things change fast!
firstly: i think the only way secure p2p messaging can work is if its decentralised. no 3rd parties to communication, how this would be done i have no idea. maybe like email but without the server?
secondly: you'd need to ensure a secure os on each end that you can trust to not take screenshots and send to hq before transmission or after reception.
since its not possible to use the internet without a source ip. its almost provably insecure (in terms of privacy), no matter what protocols are dreamed up. a 3rd party will have to be trusted to distribute packets. and thats the weak point. (unless you force the source IP to be 0.0.0.0 or something before it goes out)
couldnt we just use dns to point to recipients, force zero the source ip and send udp packets directly?
what about pgp through a tor relay?
Nostr can run over TOR.
I don't mean to be rude, but why comment then? Your core premise was incorrect, which could have been resolved within 5 seconds of reading the headings on the page linked.
I've only been able to find this coverage on the Blossom thing: https://www.nobsbitcoin.com/blossom-intro/
SeriousM•7mo ago
shark_laser•7mo ago
Run your own fork if you don't trust this one.