Oddbean new post about login | logout 2nd attempt. What do you see in this picture? 👀 #hackstr #trickstr https://headers2image.vercel.app/api/image.png
😉
@jb55 as you can see, Nostr is not private at all
Who said it was?
You don’t think this is a problem? Stalkers stalking?
use a vpn? this is true of most of the internet, email, etc.
I do. That’s not the point. What % of users do you think use a VPN? What % do you think even know how to use one?
for images we can use an optional image proxy (not even web browsers do this), for relays we can use MASQUE (apple private relay) it's not that its not solvable, but I think people exaggerate the issue. whats the threat model exactly? someone learns the rough geographical area that you're posting from?
The main issue I see here is not privacy, but the fact that someone can “share” a media file (link to an image/video), and some users will see a different file if the server is malicious. This could be solved if the event contained the sha256 of the media file, so clients could verify.
Looks like I'm in Europe? Never been.
Wait, you see a different IP? So the photo is specific to the viewer?
Yes 😁
So, VPN work. Nice 🤣🤣🤣
That Damus doesn’t use private relay.
This is not enough to be defined as a bug or a feature. What's behind a URL depends on what it ends up addressing in the network.
I do find it problematic that the media file that I see might not be what the original author intended to share (due to a malicious server). The media file (or its sha256) should be included in the event signature, and clients should verify it.
