Did you know that any client will let you login with someone else's public key as a read-only user, but you can still view all their notifications and messages? The message itself is encrypted but the sender isn't.
Seriously, why does it even let you login without a private key? What's the purpose of read-only accounts? Am I the only one who thinks this a huge design flaw? Not to mention creepy, wrong and kind of violates any argument for privacy?
Derek Ross (npub18am…p424) PABLOF7z (npub1l2v…ajft) Vitor Pamplona (npub1gcx…nj5z) and if y'all can boost this to other people involved in either ecosystem or protocol development, would be awesome. Or maybe it's just me 🤔