Privacy in Mostro
The communication between Mostrod and users is carried out through the Mostro clients using NIP-59 messages. These messages have their content and the sender’s public key encrypted and "wrapped" by an ephemeral key, preventing the identity of whoever is interacting with Mostro from being publicly revealed. To enhance privacy, the Mostro clients should automatically generate a new private key for users for each order they take or create. Thus, when Mostro sends NIP-59 messages to users, the generated event will display a public key that will only be used for that transaction, guaranteeing a new identity for each exchange and preventing buy and sell transactions from being associated with a single person.
The Mostro clients will not share users' private keys with any Mostro instance, and consequently with its administrator, under any circumstances.
The communication between the buyer and seller during a transaction is client-to-client, using messages encrypted with the NIP-44 algorithm. Although this reveals the public keys involved in the communication, users always must use a new Nostr identity for each transaction, ensuring their privacy. Additionally, these messages are not sent to Mostrod, meaning that it does not access or collect users' personal information.
Moreover, NIP-44 allows the client to create a conversation key associated with the key pair of the two users involved in a transaction, to which only they have access. This conversation key has a copy of the conversation between both users, and in case of a dispute, if the users wish, they can provide it to the administrator handling their case as evidence of the facts.