Oddbean new post about | logout
Magister Michael Dilger M.Sc. | 5 months ago (raw) | root | parent | reply | flag +6 
 If people aren't using Tor and aren't using a VPN but they care about this, then I sure hope they never open a web browser.

But giving people the head's up and asking permission is nice. People want to see the note, but they also want to feel in control.
TKay | 5 months ago (raw) | root | parent | reply | flag 
 But there is a difference between my local diner knowing about me vs anyone who wants to.
Vitor Pamplona | 5 months ago (raw) | root | parent | reply | flag 
 That's the goal. That security on Desktop is less of an issue, but mobile is crucial. You don't want people to know where you have been all the time.
cloud fodder | 5 months ago (raw) | root | parent | reply | flag +2 
 Yes, having used this option in gossip I can tell you @Vitor Pamplona with confidence that absolutely no one will use this option and leave it on to be bombarded by hundereds of questions whenever they open nostr..
Magister Michael Dilger M.Sc. | 5 months ago (raw) | root | parent | reply | flag +1 
 We made the questions just a number in the lower left.  AND after you answer all the several hundred questsions, they don't keep repeating eventually you catch up with it.  BUT YES your point is very valid.  It is fucking annoying to approve every relay.

But I'm also coming around to the idea that an 'nevent' is kind of like phishing, getting you to go to a relay that is malicious, just like a link in an email trying to send you to a malicous website.  Whitelisting relays is one solution, painful as it is.
keet dont tweet | 5 months ago (raw) | root | parent | reply | flag 
 what about a proxy relay for those connections? a relay relay
Rand | 5 months ago (raw) | root | parent | reply | flag +1 
 sounds like drugs/  prohibition etc   crazydays/metadata?
cloud fodder | 5 months ago (raw) | root | parent | reply | flag +1 
 It is, and so is media loading.. which no one ever talks about they just harp on relays.  VPNs or relay proxies that you trust are the only solution. And probably image proxies if you're doing the proxy option.  Tho I applaud the efforts in attempting a UI for connections, it has enabled me to see that using nostr means you go to weird servers all the time.  At least nevents don't have JavaScript payloads or anything, it's safer than browsing (I think).  But images, yeah those are likely the most dangerous thing.
keet dont tweet | 5 months ago (raw) | root | parent | reply | flag 
 have you tried keet.io ? p2p imho is the solution
liminal | 5 months ago (raw) | root | parent | reply | flag +2 
 Media loading was the straw that cascaded this conversation in January. Malicious user posting people's ip from loading an image sent as a dm.
keet dont tweet | 5 months ago (raw) | root | parent | reply | flag 
 its the internet you have an ip, its well known how to hide it
cloud fodder | 5 months ago (raw) | root | parent | reply | flag +1 
 Yeah, but then they quickly cascaded into ranting about relays about 5min later.
liminal | 5 months ago (raw) | root | parent | reply | flag 
 sequence of events reads very familiar 🤔
Hazey | 5 months ago (raw) | root | parent | reply | flag 
 What can a malicious relay do to you besides spy on your IP?
Magister Michael Dilger M.Sc. | 5 months ago (raw) | root | parent | reply | flag +1 
 It could ask for AUTH and if your client allows it your client will tell it (and prove) your npub.  Then it knows WHO is at that IP.  This IMHO is a step too far and clients shouldn't AUTH to random relays w/o asking the user.  But gossip lets users turn that off if they don't care.
Crusty 👨‍💻 | 5 months ago (raw) | root | parent | reply | flag 
 That's also hard, because what "requests" do you allow, and what "requests" do you ask the user? At the end, if every key interaction is asked, it is the safest, but the most annoying.
Magister Michael Dilger M.Sc. | 5 months ago (raw) | root | parent | reply | flag +1 
 I'm not really sure how malicious a relay could be.