Vitor Pamplona's avatar
Vitor Pamplona _@vitorpamplona.com 2 years ago
In this case, the site controls encryption and decryption. With Nostr, we would encrypt it directly on clients, which then requires clients to follow whatever encryption scheme the hoster is providing in their viewer. The URL also gets saved in the browser history which is not great.
↑ Parent

Replies (1)

jb55's avatar
jb55 _@jb55.com 2 years ago
The site can only decrypt client side and only if the # is included. Otherwise the nostr client can pull the raw data and decrypt locally from the key in the # The server never has access to the key unless the user clicks the fallback link and the js code sends the key to their servers. Nostr clients that support these links could just render and inline image and never show the fallback link.
2 replies ↓