NIP Encrypted Group Messages

[Anderson-Juhasc]

This NIP introduces a way to distribute a single event that contains a message encrypted with a symmetric AES key. The AES key is then individually encrypted for each recipient using the standard NIP-44 flow. This enables efficient and private group communication within the Nostr protocol.

[staab]

Interesting approach, but introducing yet another messaging standard is not a good idea, particularly if it's a regression in terms of metadata privacy.

[vitorpamplona]

This is like what we do to share spreadsheets on http://sheetstr.amethyst.social

I think formstr uses a similar technique for private forms.

Medical data uses a similar scheme as well.

They are all fine if you don't mind the huge amount of metadata leaked (you can see who is talking to who) and that a single secret can leak from any of the participants and the message is now readable.

NIP-17 does a similar thing, but creates multiple events, one for each receiver in order to decouple this metadata. I am not sure if reverting to one event for everything makes sense. We don't seem to gain much with the approach. It's still fairly limited to small groups and trust between the participating users.

[Anderson-Juhasc]

I was looking a way to create a public event that could be only read for the recipients, maybe I could publish an event with the encrypted content for each receiver and share this event via NIP-17, what do yout think?

[vitorpamplona]

I was looking a way to create a public event that could be only read for the recipients, maybe I could publish an event with the encrypted content for each receiver and share this event via NIP-17,

1. You could just GiftWrap the signed event (like a kind 1 note) and send the wrap to each of the subscribers individually. Once the client receives and decrypts the wrap will be available in the regular feed. This is like sending an email to each subscriber.

However, once subscribers receive it, they could just broadcast the inner event to all relays and when that happens eveybody will see the signed post from your account.

2. You could also Seal and GiftWrap an unsigned kind 1 note in the exact way NIP-17 does with chat messages. That kind 1 note will appear in people's feeds once they decrypt everything, and because it is unsigned, it cannot be re-broadcasted to the network.

But, people can still copy/paste your content and post as a new Nostr user that has a profile of "Anderson Unlocked". That's how they would pirate your content if it is valuable. On this one, you would at least have a way to track them down. But it might be way too expensive to take them down. I could imagine a random user subscribing to all the valuable content out there and then reposting everything for free from North Korea, for instance.

3. You could just do 1, giftwrap a signed event, but sign the inner event with a random account too. In that way, even if users "broadcast" the inner note, the content will be out there but rarely be found, since no one is following that random user and don't know if it is really you. That could be enough of a deterrent for a private subscriber model.