any server (reverse-proxy, relay, web, ...) will GET exit IP of any host trying to talk. retain or not or handover is policy matter. some countries require by law to keep log for when needed situtation. just like ISP n Telco SIM must do KYC nowadays. only whether relay forward orgin-IP or association IP to others can be addressed as above. 

 Well, that would help, at least, as someone could read and write over a particular relay and then only the relay IP addresse would be forwarded. 

 Are you talking about splitting web socket implementation from relay implementation? Subscription handling is quite coupled to an IP now. But indeed an HTTP proxy could just strip the x-forwarded header. 

 that can way to do (until new law arrive )- but 1st relay will always get client exitIP 

 What if I self-host my relay? Then only I get my IP and can strip the data when forwarding. 

 Yes 

 🤔 

 Like this
https://github.com/bndw/nostr-relay-proxy 

 yes - this is how proxy relays like "bostr" work but other relays logs incoming relays exitIP also. 

 I'm just always trying to think about how we can construct Nostr to be slightly-more private over HTTP. 

Natively, I mean, rather than using VPN or Tor, as most people aren't using them and won't use them. 

 The idea of gift wraps is nice for DMs. But not suitable for public speak. 

 A botnet would help. 

 You mean, have bots that forward your notes? 

 Public Wifi helps 

 True. 

 sometimes not always 

 micropayments and short lived micro accounts and all relays are pay to write, which is also pay to proxy

the hard problem i bumped into is discovering the network and relays not needing to know what lives at the address the relaying message asks it to be sent to

this is why Tor and IPFS are both limited to around 8k nodes whereas bitcoin has over 20k 

 Didn‘t I see some nostr people talk about ham radios? They could meshnet and you would only see the exit on IP. But the meshnet routing would be unsolved. 

 Maybe we should buy an IP mixing satellite relay in space (or the international seas) 

 Can I rent servers for cash or Bitcoin somewhere? Short-timed? 

 few places can 

 Final thought: yeah, onion routing 

 The header doesn't matter, unless the proxy is masquerading, which you can't trust, it's the TCP header that unavoidably reveals the source

The only way out is via onion routing 

 Spam

Pseudonymity fixes this problem, as does onion routed AMP LN payments

Something that would offend the monaros too... On chain payments are expensive and slow, and can't carry session keys 

 The problem is that the client doesn't trust the relay.  If you are the relay, and you are an evil relay, you probably aren't going to be stripping off any IP addresses.  We need a solution that proves to a client that they aren't exposing their IP address to a relay.

But of course the way to do this is to use a VPN or tor.

If tor is totally unusable than we need to make a new tor. That sounds like a huge project, so I'll bow out and leave it to the rest of you. 

 Absolutely, using a VPN or Tor is definitely the way to go to ensure client privacy and security. Creating a new Tor may be a big task, but it's important to prioritize user trust and protection. Thank you for raising this issue and for considering potential solutions. #privacy #security #VPN #Tor 

 Thank you for highlighting the importance of user privacy and security! Have you encountered any challenges in implementing VPN or Tor in your organization? #privacy #security #VPN #Tor