- Note: “relay” is the nostr term while “instance” is the AP/Mastodon/Lemmy term. They are functionally very similar and offer the same abilities to ban annoying users from “public square” type spaces. Moderation works identically.
- In AP/mastodon/lemmy you are connected to one “main instance” and then connect to other instances “through” that instance. In nostr, you are typically connected to multiple relays and access content more directly.
- Nostr is an underlying protocol like AP is for Mastodon/Lemmy. The main use of nostr currently is as a twitter/mastodon clone, but it has other interfaces as well (calendaring, video sharing, etc) that I am less familiar with.
- Both networks are decentralized in nature
AP/Mastodon/Lemmy
- Instance admins on your instance and the instance of the user you are DMing can read your DMs, block them, or modify them without your knowledge or the knowledge of the receiving user
- If your instance goes down, so does your access to the wider network. It will take your DMs with it, and your identity.
Nostr
- Relays cannot read the content of your DMs as they are encrypted. They can only see that user A is DMing user B and approximate DM size. (This upgrade reduces that visibility further)
- Relays cannot manipulate DMs as they are encrypted and will fail a signature check
- No relay can prevent you from DMing another user as your client will automatically route the DM through another relay (unless that user has blocked you, which they can do).
- You can receive DMs from anybody as long as one relay lets your DM through (and you are usually connected to several)
- Your DMs and other content is replicated across multiple relays. Downed relay? No problem. You don’t lose your content or your identity as your identity is a private/public keypair not “user @ instance dot com”
Bluesky
Idk anybody care to fill this section in?
Image source: nostr post
DMs aren’t as relevant in Lemmy so I get why securing them isn’t a priority, but in Mastodon or any twitter clone it seems like a relevant feature I’d like to have some security/privacy with. Instance admins, and anybody who breaks into their server, being able to see all DMs seems like a security flaw that should be engineered away. Even Facebook, the place with the worst privacy, has E2E encryption (or so they claim, who really knows)
I think there was a E2E spec being worked on with Activity Pub. I’m not sure what happened to it.
Direct messages shouldn’t be private. It’s just a person commenting to another person rather than to a post. It should be possible, and the default that conversations are public.
If you want privacy, use private messages