Oddbean new post about | logout
kukks | 1 months ago (raw) | root | parent | reply | flag +2 
 Correct me if I am wrong, but wouldn't using something like rise up vpn, a third party operated service, give each third party all the data needed to correlate everything? 

A vpn operator knows every source ip and their every destination and action and the promise of no logging is just that, a promise. 

This is literally why people use Tor, and generate separate tor circuits per required identity. 

PS, regarding wabisabi, circuits are constructed in advanced to prevent delays around tor circuit execution (although I think this is overkill), but also input, output registrations and anonymous credential reissuances  has randomized delays built into it by design to prevent such correlation. Happy to answer more if you want to know more.
Cyph3rp9nk | 1 months ago (raw) | root | parent | reply | flag 
 In joinstr the coordinator is the nostr relay, the vpn will only know that you are connecting to a relay.

The relay will not be able to correlate inbound and outbound because all clients will use the VPN IP addresses.

This is a simple option to avoid having to deal with tor circuits.
kukks | 1 months ago (raw) | root | parent | reply | flag +1 
 You are overestimating the effectiveness of a vpn here. The reality here is that we are focusing on very sophisticated difficult to execute attack vectors. The vpn is your only shield for all identities pushing to the relay here. Sure, https/wss encrypts the content, but an attacker that has compromised a vpn operator will listen to events on nostr relays that the vpn has connections to by its users, and can artificially delay data transfer to do timing analysis on events to correlate which ip sent which events with which pubkeys.
Cyph3rp9nk | 1 months ago (raw) | root | parent | reply | flag +1 
 I am not the creator of joinstr, I am just saying why the creator has used the VPN option. The protocol is not even on mainnet and as far as I know, using tor circuits is an expected improvement.

I am aware that the right approach is wabisabi's. My post was mostly to emphasize whirpool's disastrous design in managing network connections.

https://gitlab.com/invincible-privacy/joinstr/-/blob/main/NIP.md?ref_type=heads
kukks | 1 months ago (raw) | root | parent | reply | flag +1 
 Oh sure, i just perceived that the initial post was insinuating "just use a vpn" was the best choice. 

And no debate over the whirlpool one 😅
Diacone Frost | 1 months ago (raw) | root | parent | reply | flag 
 side note:

majority of devices do not have a public IP. So you're also hiding behind NAT.

I'm quite sure that my ISP is incompetent enough to fail to provide information leading to my MAC adress.

It's possible but I doubt it.
kukks | 1 months ago (raw) | root | parent | reply | flag 
 Cell phone connections are probably correlated to the imei of the sim card, and nat only hides internal devices but still gets an ip as a collective?
Diacone Frost | 1 months ago (raw) | root | parent | reply | flag 
 Oh, I meant desktops and home connections.

I'd hasitate to use phone for anything requiring privacy unless it's a pocket cash.

Imei (or a fingerprint) afaik are better way to identify you then ip. but with virtual providers and esims it's probably much harder for analitics. 

still plausible
Cyph3rp9nk | 1 months ago (raw) | root | parent | reply | flag 
 Post: Communication with the relay uses private channels.