Oddbean new post about | logout
 What can a malicious relay do to you besides spy on your IP? 
 It could ask for AUTH and if your client allows it your client will tell it (and prove) your npub.  Then it knows WHO is at that IP.  This IMHO is a step too far and clients shouldn't AUTH to random relays w/o asking the user.  But gossip lets users turn that off if they don't care. 
 That's also hard, because what "requests" do you allow, and what "requests" do you ask the user? At the end, if every key interaction is asked, it is the safest, but the most annoying. 
 I'm not really sure how malicious a relay could be.