damus
damus copied to clipboard
damus-io
Option to disable all image loading, or whitelist image sources
For privacy reasons outlined in https://consentonchain.github.io/blog/posts/nostr-privacy/ it would be nice to have a mode where Damus is only communicating with the relays I specify, and not loading any images from sources I don't trust. First easy win would be to disable all image loading (including / especially profile pics), and a slightly bigger lift might be an image whitelist (e.g nostr.build)
Somewhat related to Disable animations toggle https://github.com/damus-io/damus/issues/666
it would be nice to have a mode where Damus is only communicating with the relays I specify, and > not loading any images from sources I don't trust. First easy win would be to disable all image loading > (including / especially profile pics)
@futurepaul how does this user stories + acceptance criteria sound to you?
I
User Story
As a privacy conscious Damus user who is optimizing for privacy, I would like Damus to provide me with a way to disable rendering from all third party image & video hosting sources, so that I do not have my privacy compromised by automatically loading images hosted on third parties.
Acceptance Criteria
- Damus user can disable all images & videos from loading in settings
- Images & videos do not render automagically. Instead, plaintext of url or some visual indication is included that image & video rendering is disabled
a slightly bigger lift might be an image whitelist (e.g nostr.build)
II
User Story
As a privacy conscious Damus user who is optimizing for a balance of privacy and visual content, I would like Damus to provide me with a way to white list third party image hosting providers, so that I can reduce the risk of compromising my privacy, while consuming visual content from hosters I trust.
Acceptance Criteria
- Damus user can add to or remove from white list third party image & video hosters in settings (for instance nostr.build)
- Damus automatically renders content hosted on white-listed hosters
Would also need to not verify NIP5s as well
User Story
As a privacy conscious Damus user who is optimizing for privacy, I would like Damus to provide me with a way to disable NIP-05 verification from all third NIP-05 providers, so that I do not have my privacy compromised by automatically verifying NIP-05 hosted on third parties.
Acceptance Criteria
- Damus user can disable all NIP-05 from being verified in settings
- NIP-05 do not render automagically
- There is no NIP-05 checkmark next to profiles
@alltheseas these all sound great. Thanks for codifying them. I'm not sure if this should be one big "privacy" toggle or will be fine to make as separate items. Good call @benthecarman on the nip-05. Ideally you should be able to wireshark damus and only see traffic to the relays on your list, no other requests.
@alltheseas these all sound great. Thanks for codifying them. I'm not sure if this should be one big "privacy" toggle or will be fine to make as separate items. Good call @benthecarman on the nip-05. Ideally you should be able to wireshark damus and only see traffic to the relays on your list, no other requests.
Privacy toggle. This makes sense for the privacy conscious user.
@futurepaul Do you suspect the privacy conscious user would need the white-list capability? Why or why not?
No idea. The whitelist requires a higher level of expertise/decision making, probably a low priority. I personally would trust nostr.build for example but no idea what % of images that would get me.