Luxas on Nostr: With Bitchat's DMs the claimed sender (rumor.pubkey) is an unauthenticated, ...
With Bitchat's DMs the claimed sender (rumor.pubkey) is an unauthenticated, self-asserted plaintext field. Nothing cryptographically ties the message to that identity and the only key that signs anything is a random per-message ephemeral key.
Anyone can set rumor.pubkey to any identity and Bitchat will display it as from that person. So it's a genuine deviation from NIP-17, and it means Bitchat's DMs has no sender authentication at all.
Whether this was intended as a deniability/privacy choice or an oversight, I can't say from the code alone. That said, starting today on #Nymchat, each message in 1:1 PM or group chat now shows a padlock icon with colored status and a detailed explanation when clicked.
https://nymchat.appPublished at
2026-05-29 01:14:40 UTCEvent JSON
{
"id": "53ed837513bac5a3d67db021281dc4e761dd1f8243524c53ecb1858971f4f9cc",
"pubkey": "d49a9023a21dba1b3c8306ca369bf3243d8b44b8f0b6d1196607f7b0990fa8df",
"created_at": 1780017280,
"kind": 1,
"tags": [
[
"client",
"Yakihonne",
"31990:20986fb83e775d96d188ca5c9df10ce6d613e0eb7e5768a0f0b12b37cdac21b3:1700732875747"
],
[
"t",
"Nymchat,"
],
[
"imeta",
"url https://file.nostrmedia.com/p/d49a9023a21dba1b3c8306ca369bf3243d8b44b8f0b6d1196607f7b0990fa8df/089ebb5f7c9c25477db9c9c93f137a0980c5dc1a1e757273639c84ff3df427df.png",
"x 089ebb5f7c9c25477db9c9c93f137a0980c5dc1a1e757273639c84ff3df427df",
"m image/png",
"dim 628x438",
"fallback https://24242.io/089ebb5f7c9c25477db9c9c93f137a0980c5dc1a1e757273639c84ff3df427df.png"
],
[
"imeta",
"url https://file.nostrmedia.com/p/d49a9023a21dba1b3c8306ca369bf3243d8b44b8f0b6d1196607f7b0990fa8df/87efd451496e1feea9c48a45e9dea305469c151ea15d50519b51eafa9c992c29.png",
"x 87efd451496e1feea9c48a45e9dea305469c151ea15d50519b51eafa9c992c29",
"m image/png",
"dim 622x440",
"fallback https://24242.io/87efd451496e1feea9c48a45e9dea305469c151ea15d50519b51eafa9c992c29.png"
]
],
"content": "With Bitchat's DMs the claimed sender (rumor.pubkey) is an unauthenticated, self-asserted plaintext field. Nothing cryptographically ties the message to that identity and the only key that signs anything is a random per-message ephemeral key. \n\nAnyone can set rumor.pubkey to any identity and Bitchat will display it as from that person. So it's a genuine deviation from NIP-17, and it means Bitchat's DMs has no sender authentication at all.\n\nWhether this was intended as a deniability/privacy choice or an oversight, I can't say from the code alone. That said, starting today on #Nymchat, each message in 1:1 PM or group chat now shows a padlock icon with colored status and a detailed explanation when clicked.\n https://file.nostrmedia.com/p/d49a9023a21dba1b3c8306ca369bf3243d8b44b8f0b6d1196607f7b0990fa8df/089ebb5f7c9c25477db9c9c93f137a0980c5dc1a1e757273639c84ff3df427df.png https://file.nostrmedia.com/p/d49a9023a21dba1b3c8306ca369bf3243d8b44b8f0b6d1196607f7b0990fa8df/87efd451496e1feea9c48a45e9dea305469c151ea15d50519b51eafa9c992c29.png\n\nhttps://nymchat.app",
"sig": "4a24749787509982c36ad8b27831b07bf8626949df955eebe6b78774fb229bfa9bda2a4e7016c95012ec91eef80dea31e1d24a66bbee27e89043b4d8c0ad8251"
}
