diff --git a/src/nostr.rs b/src/nostr.rs
index 3cc8ba0..5d8a51d 100644
--- a/src/nostr.rs
+++ b/src/nostr.rs
@@ -82,6 +82,15 @@ impl WebSocketService {
 
         let authorized_user = self.authorized_user().await;
 
+        // NOTE on private events (DMs, GiftWraps)
+        // Most relays check if you are seeking them, and of which pubkey, and if you are
+        // not AUTHed as that pubkey you get a 'auth-required', or if you are AUTHed as
+        // a different pubkey you get a 'restricted'.
+        // We take a different tack. You can ask for these events, and we even load them,
+        // but then we filter them out in screen_outgoing_event() and don't send events they
+        // aren't supposed to see. This prevents sending errors and having them ask again. It
+        // is also faster as we don't have to do any filter analysis at this point in the code.
+
         // Serve events matching subscription
         {
             let mut events: Vec<Event> = Vec::new();
@@ -99,10 +108,16 @@ impl WebSocketService {
                         .user_keys
                         .contains(&event.pubkey());
 
+                    let authored_by_requester = match self.user {
+                        None => false,
+                        Some(pk) => event.pubkey() == pk,
+                    };
+
                     if screen_outgoing_event(
                         &event,
                         authorized_user,
                         authored_by_an_authorized_user,
+                        authored_by_requester,
                     ) {
                         events.push(event);
                     }
@@ -367,17 +382,8 @@ fn screen_outgoing_event(
     event: &Event<'_>,
     authorized_user: bool,
     authored_by_an_authorized_user: bool,
+    authored_by_requester: bool,
 ) -> bool {
-    // Allow if authorized_user is asking
-    if authorized_user {
-        return true;
-    }
-
-    // Everybody can see events from our authorized users
-    if authored_by_an_authorized_user {
-        return true;
-    }
-
     // Allow Relay Lists
     if event.kind() == Kind(10002) {
         return true;
@@ -388,6 +394,23 @@ fn screen_outgoing_event(
         return true;
     }
 
+    // Forbid if it is a private event (DM or GiftWrap) and the author isn't them
+    if event.kind() == Kind(4) || event.kind() == Kind(1059) {
+        if !authored_by_requester {
+            return false;
+        }
+    }
+
+    // Allow if an authorized_user is asking
+    if authorized_user {
+        return true;
+    }
+
+    // Everybody can see events from our authorized users
+    if authored_by_an_authorized_user {
+        return true;
+    }
+
     // Do not allow the rest
     false
 }
diff --git a/src/web.rs b/src/web.rs
index 8fc79eb..2d4da75 100644
--- a/src/web.rs
+++ b/src/web.rs
@@ -35,21 +35,21 @@ pub async fn serve_nip11(peer: SocketAddr) -> Result<Response<Body>, Error> {
 fn build_rid(config: &Config) -> String {
     let mut rid: String = String::with_capacity(255);
 
-    const SUPPORTED_NIPS: [u8; 4] = [
+    const SUPPORTED_NIPS: [u8; 6] = [
         1,  // nostr
+        4,  // DMs
         11, // relay information document
         42, // AUTH
+        59, // GiftWrap
         65, // Relay List Metadata
     ];
-    const _UNSUPPORTED_NIPS: [u8; 10] = [
-        4,  // DM
+    const _UNSUPPORTED_NIPS: [u8; 8] = [
         9,  // Event Deletion
         26, // Delegated Event Signing
         28, // Public Chat
         40, // Expiration Timestamp
         45, // Counting results
         50, // SEARCH
-        59, // GiftWrap
         94, // File Metadata
         96, // HTTP File Storage Integration
     ];