Oddbean

In joinstr the coordinator is the nostr relay, the vpn will only know that you are connecting to a relay. The relay will not be able to correlate inbound and outbound because all clients will use the VPN IP addresses. This is a simple option to avoid having to deal with tor circuits.

You are overestimating the effectiveness of a vpn here. The reality here is that we are focusing on very sophisticated difficult to execute attack vectors. The vpn is your only shield for all identities pushing to the relay here. Sure, https/wss encrypts the content, but an attacker that has compromised a vpn operator will listen to events on nostr relays that the vpn has connections to by its users, and can artificially delay data transfer to do timing analysis on events to correlate which ip sent which events with which pubkeys.

I am not the creator of joinstr, I am just saying why the creator has used the VPN option. The protocol is not even on mainnet and as far as I know, using tor circuits is an expected improvement. I am aware that the right approach is wabisabi's. My post was mostly to emphasize whirpool's disastrous design in managing network connections. https://gitlab.com/invincible-privacy/joinstr/-/blob/main/NIP.md?ref_type=heads

side note: majority of devices do not have a public IP. So you're also hiding behind NAT. I'm quite sure that my ISP is incompetent enough to fail to provide information leading to my MAC adress. It's possible but I doubt it.

Oh, I meant desktops and home connections. I'd hasitate to use phone for anything requiring privacy unless it's a pocket cash. Imei (or a fingerprint) afaik are better way to identify you then ip. but with virtual providers and esims it's probably much harder for analitics. still plausible