Added NIP-04 metadata leak warning

author: Bartholomew Joyce <work@bartholomewjoyce.com> 2023-03-23 08:54:22 -0600
committer: fiatjaf_ <fiatjaf@gmail.com> 2023-03-23 15:40:41 -0300
commit: 56f84f79bd720912d08f5a7172011f7bf647b253 (patch)
tree: 595da5e1ab6dc2d69f265ec940390a5161b25d8c
parent: 2394e5cc630741e036e6d0554e59a6611a123030 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/04.md b/04.md
index f34d09b..60ec5e0 100644
--- a/04.md
+++ b/04.md
@@ -47,3 +47,7 @@ let event = {
 ## Security Warning
 This standard does not go anywhere near what is considered the state-of-the-art in encrypted communication between peers, and it leaks metadata in the events, therefore it must not be used for anything you really need to keep secret, and only with relays that use `AUTH` to restrict who can fetch your `kind:4` events.
+## Client Implementation Warning
+Client's *should not* search and replace public key or note references from the `.content`. If processed like a regular text note (where `@npub...` is replaced with `#[0]` with a `["p", "..."]` tag) the tags are leaked and the mentioned user will receive the message in their inbox.
author	Bartholomew Joyce <work@bartholomewjoyce.com>	2023-03-23 08:54:22 -0600
committer	fiatjaf_ <fiatjaf@gmail.com>	2023-03-23 15:40:41 -0300
commit	56f84f79bd720912d08f5a7172011f7bf647b253 (patch)
tree	595da5e1ab6dc2d69f265ec940390a5161b25d8c
parent	2394e5cc630741e036e6d0554e59a6611a123030 (diff)

diff --git a/04.md b/04.md index f34d09b..60ec5e0 100644 --- a/04.md +++ b/04.md
@@ -47,3 +47,7 @@ let event = {
47	## Security Warning	47	## Security Warning
48		48
49	This standard does not go anywhere near what is considered the state-of-the-art in encrypted communication between peers, and it leaks metadata in the events, therefore it must not be used for anything you really need to keep secret, and only with relays that use `AUTH` to restrict who can fetch your `kind:4` events.	49	This standard does not go anywhere near what is considered the state-of-the-art in encrypted communication between peers, and it leaks metadata in the events, therefore it must not be used for anything you really need to keep secret, and only with relays that use `AUTH` to restrict who can fetch your `kind:4` events.
		50
		51	## Client Implementation Warning
		52
		53	Client's should not search and replace public key or note references from the `.content`. If processed like a regular text note (where `@npub...` is replaced with `#[0]` with a `["p", "..."]` tag) the tags are leaked and the mentioned user will receive the message in their inbox.