140
submitted 5 months ago* (last edited 5 months ago) by makeasnek@lemmy.ml to c/privacy@lemmy.ml
  • Note: "relay" is the nostr term while "instance" is the AP/Mastodon/Lemmy term. They are functionally very similar and offer the same abilities to ban annoying users from "public square" type spaces. Moderation works identically.
  • In AP/mastodon/lemmy you are connected to one "main instance" and then connect to other instances "through" that instance. In nostr, you are typically connected to multiple relays and access content more directly.
  • Nostr is an underlying protocol like AP is for Mastodon/Lemmy. The main use of nostr currently is as a twitter/mastodon clone, but it has other interfaces as well (calendaring, video sharing, etc) that I am less familiar with.
  • Both networks are decentralized in nature

AP/Mastodon/Lemmy

  • Instance admins on your instance and the instance of the user you are DMing can read your DMs, block them, or modify them without your knowledge or the knowledge of the receiving user
  • If your instance goes down, so does your access to the wider network. It will take your DMs with it, and your identity.

Nostr

  • Relays cannot read the content of your DMs as they are encrypted. They can only see that user A is DMing user B and approximate DM size. (This upgrade reduces that visibility further)
  • Relays cannot manipulate DMs as they are encrypted and will fail a signature check
  • No relay can prevent you from DMing another user as your client will automatically route the DM through another relay (unless that user has blocked you, which they can do).
  • You can receive DMs from anybody as long as one relay lets your DM through (and you are usually connected to several)
  • Your DMs and other content is replicated across multiple relays. Downed relay? No problem. You don't lose your content or your identity as your identity is a private/public keypair not "user @ instance dot com"

Bluesky

Idk anybody care to fill this section in?

Image source: nostr post

you are viewing a single comment's thread
view the rest of the comments
[-] SnotFlickerman 22 points 5 months ago

There's a reason Lemmy strongly suggests using Matrix for secure direct messaging and has a place for it on your profile. 🤷

Just feels like a slightly disingenuous take on Lemmy since it's made clear in a lot of places that its suggested to use Matrix if you want safe user-to-user communication.

[-] makeasnek@lemmy.ml 8 points 5 months ago* (last edited 5 months ago)

DMs aren't as relevant in Lemmy so I get why securing them isn't a priority, but in Mastodon or any twitter clone it seems like a relevant feature I'd like to have some security/privacy with. Instance admins, and anybody who breaks into their server, being able to see all DMs seems like a security flaw that should be engineered away. Even Facebook, the place with the worst privacy, has E2E encryption (or so they claim, who really knows)

[-] possiblylinux127@lemmy.zip 10 points 5 months ago

I think there was a E2E spec being worked on with Activity Pub. I'm not sure what happened to it.

this post was submitted on 14 Jun 2024
140 points (100.0% liked)

Privacy

31939 readers
556 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS