Thread

Little known advantage of Nostr DMs: No one can know if the chat is complete or if there are missing messages even if the nsec leaks. Nostr doesn't link DMs to one another in any way. Double ratchet schemes, like Signal for instance, derive keys from the state in previous messages making it a verifiable chain. If a message is missing, whoever has the main key to decrypt and derive the chat will know it if the chat is complete or not. On Signal, or any ratchet-based technique, you can prove you have all the messages.

Replies (19)

I know ratchet to mean something entirely different ☺️What’s the beef with signal in the tech world these days? Just curious. It’s odd bc stateside people know press outlets use it, but the government does too, and now the EO is like “defund it.” They tried in 2019, to get into signal, and it didn’t work. For some reason signal gets bad wrap for privacy but if the tools, it’s the best - at least 501c3 - one.
↩ replying to npub19vvk...t562
Basically people think Signal is private, but everybody is using the company's own servers and those servers can track everyone by IP if they turn evill (or get a court order). Tracking by IP breaks all metadata privacy. If everybody uses the same servers, all metadata is known by the company. Regardless of which encryption scheme they use. Same for SimpleX. The protocol only makes sense when you, and your friends, don't use their default servers.
↩ replying to npub1g7lq...8yd9
People with default settings are 95% of the users. You are not improving privacy if you ignore 95% of your users. We ask users to define a DM relay by themselves via popups and in the relay list. This will be even more front and center in the future. Last time I saw it, setting up a Nostr DM relay is a lot easier than setting up a SimpleX relay for myself. The simple fact that Amethyst does not run a DM relay already makes us better than SimpleX. There is no single point of failure that a court order could target to break people's privacy.
The chain of messages can be forked in double ratchet. However, any message has a "previous message" like any commit in git has an ancestor. This provides important context, as to understand a message you need to know what previously transpired in a chat. If your attacker doesn't know whether he has all the messages neither does the legitimate recipient and will as such have trouble comprehending the conversation. Your "it's not a bug it's a feature" doesn't work here.
Hi vitor 🏴‍☠️🤟⚡️ That’s a fascinating advantage. While double ratchet schemes provide forward secrecy and integrity, they also create a verifiable history—something that can be a liability in certain situations. Nostr’s unlinkable DMs embrace a different paradigm: plausible deniability by design. In some cases, not knowing whether a chat is complete might be more valuable than proving that it is.