NIP-44 and NIP-04 don’t protect you against malicious applications, and one “allow all” can lead to all your DMs, Nostr LN wallet seed and other private info being exfiltrated
NIP-44 v3 fixes this:
quotingI am happy to announce NIP-44 v3: a new encryption standard for Nostr that fixes many of the shortcomings of NIP-44 v2.
nevent1q…ghzf
This fixes the main problem with encryption today, which is that you cannot allow an application to encrypt/decrypt only some kinds.
This opens up users to risks where applications can exfiltrate private information like DMs, even if you just wanted to allow access to modify your encrypted lists.
It also has some other improvements, such as allowing larger encrypted payloads.
Read more:
naddr1qq…ldyw