Are Nostr DMs really private? The honest answer

"Nostr has encrypted DMs" is true and misleading. The content is encrypted. The metadata is not, by default. This is the gap that matters, and it is worth understanding before you use Nostr DMs for anything you would not say publicly.

This guide is the frank assessment in April 2026.

Nostr DM content is encrypted. Under NIP-04 (older, weaker) or NIP-44 (newer, stronger), only you and the recipient can decrypt. But sender and recipient are visible to relays by default. NIP-17 gift wraps hide metadata, but adoption is partial. For casual DMs, Nostr is fine. For sensitive conversations, use Signal.

When you are ready, grab your @nostr.blog address →

The three DM standards, layered

Nostr has had three generations of DM specification. Each is still used somewhere; knowing which your client uses matters.

NIP-04: the original. Event kind 4. Content encrypted with ECDH-derived keys. Simple, effective at hiding the message body, but uses older cryptographic conventions (AES-256-CBC with a specific encoding). Sender and recipient pubkeys are visible in the event tags. Widely supported because it was the first and oldest clients still only speak this one.

NIP-44: the modern encryption. Stronger cryptographic scheme: ChaCha20 with Poly1305 authentication, better padding, HKDF key derivation. Same metadata exposure as NIP-04 (sender and recipient visible), but the encryption is harder to attack and does not leak the message length. Most mainstream clients supported this by mid-2025.

NIP-17 gift wraps: metadata hiding. An extra layer on top of NIP-44. Your actual DM event is wrapped inside a "seal" event, which is wrapped inside a "gift" event with a randomized pubkey. Relays cannot tell who sent the gift-wrapped message or who it is for; they just see encrypted events floating around. Solves the metadata problem at the cost of needing both parties' clients to support it.

The three are complementary: NIP-44 is used for the actual encryption in the best case; NIP-17 adds the metadata hiding layer.

What each level protects

A concrete comparison:

The "No" column means the threat does not succeed under that standard. NIP-44 is a clear upgrade over NIP-04. NIP-17 is a clear upgrade over NIP-44 for metadata.

If your threat model is "nobody can read what I wrote to my friend," any of the three suffices. If your threat model is "nobody can tell I was even talking to that person," only NIP-17 works.

What is still visible

Even with NIP-17, three things remain visible.

Your IP address, to the relays you use. Any relay you connect to sees your IP. Using Tor or a VPN hides this at the transport layer; without them, the relay knows where you are.

The fact that you are using Nostr. Anyone observing your network traffic sees WebSocket connections to known Nostr relay endpoints. This is not specific to DMs; it is a fingerprint of Nostr usage generally.

Your patterns of activity. When you come online, how often, for how long, correlated across accounts if someone is actively watching. No protocol fixes this completely.

Combined, these mean: even with the best Nostr DM privacy settings, a sufficiently motivated adversary can still know you are a Nostr user and probably identify you. Not the same as knowing what you are saying.

When Nostr DMs are fine

Most use cases.

Casual friend conversations. Gossip, plans, jokes. If you would post it on a group chat without encrypting, Nostr DMs are more private than that.

Light professional contact. A quick question to a colleague, a coordination message. Nobody important is mining your Nostr DM metadata for business intelligence.

Meeting someone you met on Nostr. The DM moves the conversation off a public feed; you might later switch to Signal for a more private continuation.

Temporary arrangements. "I'll zap you for the link" kind of exchanges.

All of these work fine under NIP-04 or NIP-44. If your client supports NIP-17, even better, but the marginal benefit is small for casual use.

When Nostr DMs are not fine

Four scenarios where the metadata exposure matters.

Whistleblowing. A source talking to a journalist needs metadata protection. Even with NIP-17, the Nostr transport is WebSocket over internet; not hardened against nation-state surveillance. Use a dedicated tool.

Communication across jurisdictions with hostile governments. If one party is in a country where being seen talking to the other party is itself dangerous, Nostr is not sufficient. Signal with Tor transport is better; in-person meetings are best.

Coordinating illegal activity. Obvious, but worth stating. If your DMs become evidence, metadata alone can build a case. Do not rely on Nostr.

Long-term covert operational security. Nostr DMs keep improving but are not the primary design target for OPSEC-critical communication. Use tools designed for that purpose.

The rough rule: if you would not use Telegram's default chats for something, do not use Nostr DMs either. Telegram's default chats and Nostr DMs have comparable metadata exposure. Both are better than fully unencrypted email; neither is Signal.

Does your client support NIP-17

As of April 2026:

• Damus: yes, since 2024.
• Primal: yes, mostly.
• Amethyst: yes, strong support.
• nostr.blog web client: yes.
• Older clients and some web-only tools: partial or no.

If you DM someone whose client does not support NIP-17, your message falls back to NIP-04 or NIP-44 (visible metadata). The fallback is automatic; you might not know it happened.

Check in your client's DM settings whether NIP-17 is the default or requires opt-in. Enabling it by default, where supported, costs nothing and upgrades every DM you send.

What relay operators see

To make this concrete: a relay serving encrypted DM traffic sees, under each standard:

NIP-04 or NIP-44: "Alice (pubkey X) sent an encrypted message of length Y to Bob (pubkey Z) at time T." Encrypted content; everything else visible.

NIP-17 gift wrap: "Some random pubkey W published an encrypted event of length Y at time T." No indication that Alice sent anything; no indication that Bob received anything; the gift wrap pubkey is throwaway. Content fully encrypted.

The difference is large for adversarial relays. For most relays it does not matter much in practice (they are not specifically targeting anyone); for some users it matters a lot.

What about group DMs

Nostr supports group messaging via a variant of the DM spec. Same privacy properties: encryption works, metadata exposure depends on whether the group DM is gift-wrapped.

Group DMs have additional challenges: member lists are usually visible to the relay in some form, and any single compromised group member can leak messages. Group chats are fundamentally harder to make private than one-on-one, and Nostr's group DM features reflect this.

For small groups of close friends, Nostr group DMs are fine. For larger groups or groups where not everyone trusts each other, use Signal groups or similar purpose-built tools.

What to expect going forward

Active work in 2026:

• NIP-44 becoming universal. The older NIP-04 will eventually be deprecated; clients are moving their defaults.
• NIP-17 adoption growing. More clients shipping gift-wrapped DMs by default.
• Better integration with Tor. Some clients have Tor-first modes; more expected.
• Signer-based DM access. Using an external signer (Amber) to decrypt DMs without exposing the nsec to the client.

Nostr DMs in 2028 will likely be meaningfully more private than in 2026. The trajectory is clear; the pace depends on ecosystem adoption.

The realistic recommendation

For 95% of users, 95% of the time: Nostr DMs work fine. They are encrypted, the metadata exposure is not relevant to your actual threat model, and the convenience of DMing someone from the same client you read them on matters.

For the remaining cases, switch tools. Use Signal for sensitive personal, Signal with extras for sensitive professional, in-person meetings for anything above that. Nostr is not trying to be Signal, and you should not ask it to be.