Echoes v0.4.2
You can now share a note with another nostrich, by simply adding his pubkey or his nip05 in the share button.
Echoes v0.4.0 — Shared Notes
The headline feature: share a note with other Nostr users, end-to-end encrypted, with live collaboration — plus a security-hardening pass on everything the new feature touches.
Multi-user note sharing
Share any note with other Nostr users straight from the editor — each recipient gets their own NIP-44-encrypted copy, so "stop sharing with X" actually cuts X off from future updates (and retracts their copy via NIP-09)
Recipients can edit a shared note: edits sync back to the owner, who merges them (last-write-wins, same rule as multi-device sync) and re-publishes to everyone
Leaving a shared note is permanent — it's removed locally and can't silently reappear
Attachments in shared notes stay encrypted and are fetched https-only, hash-checked; local file paths never travel in either direction
Recipient picker
Add recipients by npub, hex pubkey, or NIP-05 identifier
(name@domain) Contact autocomplete: type a few letters and pick from the people you already follow — matched entirely on-device, nothing you type is sent to any search service
Live identity preview (avatar + name + npub) while typing, and an explicit confirmation dialog showing exactly who you're about to share with before anything is published
Recipient lists and "shared by" rows show real names and avatars instead of bare npubs
Fixes
Profile metadata (name/avatar) could silently fail to load: the fetch resolved as soon as the fastest relay answered, discarding whatever the relay that actually had the profile was still sending. Now waits for every relay, same as note fetching
The share sheet no longer overflows when the keyboard is open Smoother sheet animations (content resizes and keyboard insets now ease instead of jumping)
Security hardening
Profile and contact-list events are now signature-verified and author-checked before anything trusts them — a malicious relay can no longer attach an arbitrary name/avatar to a pubkey, swap identities
between your contacts, or inject strangers into the autocomplete
Display names are sanitized before display (invisible/bidirectional control characters stripped, length capped) so a crafted profile name
can't spoof the confirmation dialog
All third-party HTTP fetches (NIP-05 lookups, avatars) are now size-capped, streamed, and follow redirects only to https targets — no silent downgrade to cleartext, no unbounded downloads
NIP-05 typing is debounced conservatively so partially-typed domains are (almost) never contacted while you're still writing
Notes
3 new translated strings across all 27 supported languages
As always: your notes never leave your device unencrypted, and nothing is published without an explicit action
Fixes a serious regression in v0.4.0's share sheet: recipient search and identifier parsing could stop responding while typing, eventually freezing the app until Android killed it.
What was wrong
The contact list powering the autocomplete was being torn down and re-fetched from relays on virtually every keystroke, so suggestions never had a chance to appear
Profile/contact signature verification (introduced in v0.4.0's
hardening pass) ran on the UI thread — with a whole follow list's worth of profiles to verify, that added up to seconds of frozen interface, re-triggered while typing
What changed
The contact list is now fetched once when the share sheet opens and kept for its whole lifetime — suggestions are ready by the first keystroke
Signature verification now runs on a background isolate: same security guarantees (verified against live relay data — byte-for-byte identical verdicts), zero impact on the UI thread
All v0.4.0 features and security protections are unchanged.
