Thread - Nostr Hypermedia

The site can only decrypt client side and only if the # is included. Otherwise the nostr client can pull the raw data and decrypt locally from the key in the # The server never has access to the key unless the user clicks the fallback link and the js code sends the key to their servers. Nostr clients that support these links could just render and inline image and never show the fallback link.

↑ Parent

Replies (2)

Vitor Pamplona _@vitorpamplona.com 2 years ago

If we do this, we need to remind all clients to remove # from `r` tags when creating events.

1 replies ↓

Kieran kieran@snort.social 2 years ago

void.cat does this, its all client side

1 replies ↓