this post was submitted on 05 Jul 2023
7 points (88.9% liked)

Open Source

31366 readers
119 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Am a bit confused about these two and want to learn more. Are there recommended use cases? Which one is more secure? Is there something like the "better" one?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 1 points 1 year ago (1 children)

Thanks. This is a great starting point.

Do you know how safe/private they are? Where are messages stored? Who has access to them?

[โ€“] [email protected] 1 points 1 year ago

Ultimately you are trusting the relay server to hold your messages If the relay is not trustworthy, it could reveal those messages.

The only exception I know of are encrypted direct messages which are still held by the relay but are encrypted with the recipient's key. These messages still have a cleartext recipient id (so the server can deliver them).

So, if the relay is well behaved

  • messages are confidential between you and the relay
  • direct messages are only delivered to the recipient and are encrypted
  • most other messages are visible by anyone that can connect to the same relay
  • btw the relay can enforce a list of people that can connect (i.e. a private server) or just make it harder via proof of work (to discourage bots)

If the relay server is operated by the forces of evil, then the only thing you can assume is that direct message content is not visible, but they can see the message src/destination/timestamp.

I think the main motivation for nostr is censorship resistence - so if you are being blocked in one relay, you move to another - in terms of privacy/security it does not seem weaker than most other public message forums.