From 56f84f79bd720912d08f5a7172011f7bf647b253 Mon Sep 17 00:00:00 2001 From: Bartholomew Joyce Date: Thu, 23 Mar 2023 08:54:22 -0600 Subject: [PATCH] Added NIP-04 metadata leak warning --- 04.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/04.md b/04.md index f34d09ba..60ec5e04 100644 --- a/04.md +++ b/04.md @@ -47,3 +47,7 @@ let event = { ## Security Warning This standard does not go anywhere near what is considered the state-of-the-art in encrypted communication between peers, and it leaks metadata in the events, therefore it must not be used for anything you really need to keep secret, and only with relays that use `AUTH` to restrict who can fetch your `kind:4` events. + +## Client Implementation Warning + +Client's *should not* search and replace public key or note references from the `.content`. If processed like a regular text note (where `@npub...` is replaced with `#[0]` with a `["p", "..."]` tag) the tags are leaked and the mentioned user will receive the message in their inbox.