Am a bit confused about these two and want to learn more. Are there recommended use cases? Which one is more secure? Is there something like the “better” one?

  • Einar@lemmy.mlOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Thanks. This is a great starting point.

    Do you know how safe/private they are? Where are messages stored? Who has access to them?

    • rrobin@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Ultimately you are trusting the relay server to hold your messages If the relay is not trustworthy, it could reveal those messages.

      The only exception I know of are encrypted direct messages which are still held by the relay but are encrypted with the recipient’s key. These messages still have a cleartext recipient id (so the server can deliver them).

      So, if the relay is well behaved

      • messages are confidential between you and the relay
      • direct messages are only delivered to the recipient and are encrypted
      • most other messages are visible by anyone that can connect to the same relay
      • btw the relay can enforce a list of people that can connect (i.e. a private server) or just make it harder via proof of work (to discourage bots)

      If the relay server is operated by the forces of evil, then the only thing you can assume is that direct message content is not visible, but they can see the message src/destination/timestamp.

      I think the main motivation for nostr is censorship resistence - so if you are being blocked in one relay, you move to another - in terms of privacy/security it does not seem weaker than most other public message forums.