Comment by heavyset_go
3 days ago
> White Noise stands out by merging Nostr’s decentralized network with advanced encryption.
How does White Noise address criticisms surrounding Nostr's implementation[1]:
> While nostr offers the ability to send encrypted DMs to user pubkeys, the metadata of these messages are broadcast publicly via relays. This is the same as a bitcoin transaction being viewable on the public ledger. The contents of the direct message will be encrypted, but other metadata like the sender and recipient can be viewed by anyone.
Even assuming if metadata is encrypted, does WN's implementation broadcast messages across public relays?
If you can map out social networks based on publicly available data, can tell if one user messages another, or correlate when messages were sent to/from whom, I would not call that private.
There was a project called Bitmessage which solved this problem by not having a recipient field. Your client would just try to decrypt everything, and when it succeeds, that means the message is for you.
The then immediate issue is routing becomes very inefficient since every node now needs to receive and attempt to decrypt every single message. Which they solved by having channels to split up the network and only require decrypting of every message on the same channel as your address.
Can an adversary detect who's sending a message, though? If they can observe 2 parties alternately sending messages into the network, they can probably assume these 2 parties are talking to each other.
The next step would be nodes sending random fake messages into the network at random intervals, to obfuscate who's talking to whom.
If you controlled almost the entire network you could see where a message showed up first, but you wouldn't know where it was going. And since the app was mostly desktop only and kind of slow to deliver it would be used more like email where it could be hours before you see a response.
So maybe kinda but you don't have a lot to work on. And nodes don't have persistent IDs so if they were on a VPN, CGNat, dynamic IP, you'd have a hard time tracking them over time.
That sounds easy to DoS.
You're right, which is why they used Proof of Work as a requirement of sending a message. Problem is it made sending messages on mobile kind of bad since any PoW which would stop a desktop GPU from spamming is too much for a phone SoC.
That article reeks of AI generation. The "author" also uses an AI generated profile picture. I struggle to trust anything this page says.
It's a sentiment that's spread for years and I first heard it on Mastodon, but don't have a link to it in my history.
What I posted is just the first link I found on DDG that talks about it.
This criticism of Nostr is quite outdated.
I haven't looked into the White Noise code, but Gift Wrapping is just one way this issue was solved a long time ago: https://nips.nostr.com/59
How does gift wrapping address what GP brought up? I read through and AFAICT it obscures explicit metadata in the message, but not external stuff such as source/dest ip that logging any shared relay could give you.
AFAIK the only real ways to get metadata privacy are onion routing (increase the chance of a non-compromised node) and N-anonymity (decrease the value of a discovered connection).
As for nostr layer privacy, the giftwrap is written by an anonymous key, but sent to a person's public key. So you know they received something, but you don't know who from.
IP layer privacy is left to a lower layer. VPN or Tor or whatever. Trying to re-implement onion or garlic routing in nostr is IMHO not a great idea. Why tie such functionality together in the same layer?
(fwiw, I'm not the creator of this, but am a casual user of Nostr...)
tl;dr: the answer you're looking for is probably in the explainer doc [1].
At its core, Nostr is simple: it's "just" JSON over WebSockets. But there are dozens of optional proposals to add additional functionality. And a few of those proposals are related to encrypted DMs, specifically, NIP-04 [2], and NIP-17 [3]. Most of the online criticism of encrypted DMs on Nostr is about NIP-04 (which is why it's deprecated.)
White Noise is using a different encryption standard: MLS (Messaging Layer Security) [4]. They explicitly say in their docs: "White Noise is an implementation of the NIP-EE spec." [5]. The NIP-EE proposal itself is on GitHub [6]. The explainer doc [1] I first mentioned is linked to from the proposal [6].
This is all to say: given all the links I posted here, an AI chatbot could probably give you a better answer using the prompt: "How is NIP-EE (Messaging Layer Security for Nostr) different or better than NIP-04 or NIP-17?"
(I'm a little surprised that wasn't already in the FAQ for the project.)
Thanks for the detailed post with citations, I'll have to give them a look
So you wouldn't call Signal private, right? Just wanted consistency.
Signal has sealed sender. So you can tell that a phone number is a signal user but not who they message.
How does sealed sender work? I couldn't find details. The explanations I saw seemed to start from the assumption that Signal doesn't keep logs of messages moving through their system.
5 replies →
No, if you're doing something sensitive that can get you or other people arrested, locked up, hurt or killed, you should not be using Signal for that. You should reconsider using a phone or computer at all. If you must, you must be desperate and I pity the situation you must be in, and I hope you really understand what your risk profile is, what technology can address actually it, and if that technology actually exists.
States can use metadata from Signal and ISPs to confirm that party A was in contact with party B and at what times, for example, in charges of criminal conspiracy. If one device on any end of the chats is compromised or confiscated, chats and identities are exposed. Once both devices are confiscated, messages are decrypted on both ends of the Signal app and authorities can grab the message content they used the metadata to get a warrant/subpoena/order for.
Similarly, Signal can be gag ordered to keep a record of phone numbers linked to identities if it already doesn't exist in their implementation. Signal and/or Google/Apple/ISPs/carriers can be compelled to follow wiretap laws and collect more data on specific users, push special updates to them, etc.
It's an app that forces the use of cell phone numbers linked to real identities in order to use it, clients have servers hardcoded, clients make direct connections to servers, etc. Just the first fact alone should be a red flag if your well-being depends on privacy.
Lol, nostr metadata leak was a criticism of NIP-04 , which has long been considered obsolete NIP-17 messages addressed this long time ago, but it was not scalable to large groups. MLS solves this problem so we finally have, scalable, private, decentralized messeging on the internet, all these specs are public, the very fact that you did not understand this, means no one will be able to make you understand with a comment.
Thanks for your insight