Oddbean new post about login | logout Some of my many opsec mistakes: - Buying domains with a credit card - Using AWS with my name and credit card - Doing KYC with CloudFlare - Showing my face at conferences and podcasts - Antagonizing KYC Bitcoin companies - Not being careful about nostr posts, which cannot be deleted
🤔
And these contributed to having nodeless taken down, I suppose?
I doubt it. The timing of his note is likely coincidence.
Well, it would help the authorities know who they had to strong arm. If he was completely undoxxed it would be harder, right? Assuming nodeless was hosted on AWS etc
Not completely sure. I’d speculate authorities could just work backwards through the webhost to shut down services if he did not comply. Maybe all they needed was ip addresses or numeric identifiers from the vendor account. Maybe real name wasn’t needed to shut all his stuff down.
You live in a commie state, doesn’t matter how good your opsec is
That's my thinking. That if they get me they get me. What can I do. I cannot do anything useful, effective or important to fight the dark side. Just a few notes and comments here and there. What's the point of taking all the precaution? Or it's my lazyness.
Thank you for your unintended sacrifice. By sharing all this, it serves as a reminder to the community 1) We are firmly in the "they fight you" stage. 2) stay vigilant and 3) continue to practice good opsec. nostr:nevent1qqs2tcl492f4fcm2jtqsgx9wjh2hxe52qmeekan8y4k9y9zzjtrp7rqprfmhxue69uhkummnw3ezuargv4ekzmt9vdshgtnfduhsyg8zenmu7gzq8ulj5jj4kv50ph3muwz43f747vmr9ld2alrjdswgavpsgqqqqqqsmdj8ag
Just a helpful list in general, this entire thing has convicted me to be way more anxy nostr:nevent1qqs2tcl492f4fcm2jtqsgx9wjh2hxe52qmeekan8y4k9y9zzjtrp7rqpzpmhxue69uhkummnw3ezuamfdejsyg8zenmu7gzq8ulj5jj4kv50ph3muwz43f747vmr9ld2alrjdswgavpsgqqqqqqsezygq3
https://image.nostr.build/954489ef9fba47fc7336319b52bae130117470fdc0f354f3c7a15b2e39e4937a.jpg nostr:nevent1qqs2tcl492f4fcm2jtqsgx9wjh2hxe52qmeekan8y4k9y9zzjtrp7rqpz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzpckv7l8jqspl8u4y54dn9rcduwlrs4v2040nxce0m2h0cunvrj8tqvzqqqqqqyenmsk8
Your face and name is safe with me 🫂 I have amnesia 😭
How to buy a domain without a credit card please?
I honestly wonder at least a couple times a week if I should stop using my real name and profile pic. nostr:nevent1qqs2tcl492f4fcm2jtqsgx9wjh2hxe52qmeekan8y4k9y9zzjtrp7rqpzemhxue69uhhqatjwpkx2un9d3shjtnrdakj7q3qutx00neqgqln72j22kej3ux7803c2k986henvvha4thuwfkper4sxpqqqqqqzqqjpt4
I think about this, too, but also know it’s easier to trust social media when you see “real” people. I think it depends on how you want the world to see you and how that affects your ability to interact with it.
These are fair points and I believe the success of Nostr Plebs and my travels speaking about Nostr at various conferences has benefited from being doxxed. I could be wrong.
All good points. I guess it also depends on the conference, which ones were they?
Fuck me. I typed them all out and almost hit send.
Uvita, Costa Rica Miami, Florida Toronto, Canada Riga, Latvia 😁
I wonder what those conferences were all about… 🤔
🤣😂
I think the not being able to delete posts is one of the strongest reasons to use a nym. We’re constantly seeing people’s old tweets being dug up from 10+ years ago when the tweeting culture was completely different from what it is now. So imagine 10 years from now, if nostr has a super strong search function and has become big enough where people dig up old posts…will the culture that’s the norm here currently still hold up then? Hard to say.
I regret leaking that I am a cat. Now everyone thinks I’m a pussy.
I regret leaking I’m a wolf. Now everyone thinks I sniff asses.
I regret leaking I’m a frog. Now everyone thinks I’m a French Canadian
You’re not?
I said too much already 🤐🤣🤣
😂 I’ve got my suspicions 🤔😜
🤣🤣
Watch this mf be straight outta Montreal.
Dog, but same. I'd neeeeeeever do that...
Big if true.
Wait, so you were investigated, not because you are a registered company, but because you were an anon hobbyist that technically self doxxed?
So this is a checklist for anyone who wants to reboot the project.
Rationale behind the second last point?
Thanks for sharing so we may learn. Sad that privacy isn't the default in our world. Too few normies value privacy, and won't until it's gone. 😥
Thanks for sharing so people can learn. The inability to delete messages is both a truly excellent feature, while also a little problematic; such as in the instance you described, but also problematic for people who might get unknowingly entangled or snared into copyright/trademark issues/lawsuits for posting an image/text/document without legitimate authorization from copyright/trademark owners or trolls. Without the ability to take the note/post down permanently and comply with the cease/desist orders, this can become a living nightmare for some.
Split online personalities is highly recommended nowadays, when we're living through the privacy apocalypse, we probably can't make it through but at least we have to try. Befriend the shadows. nostr:nevent1qqs2tcl492f4fcm2jtqsgx9wjh2hxe52qmeekan8y4k9y9zzjtrp7rqppamhxue69uhkummnw3ezumt0d5pzpckv7l8jqspl8u4y54dn9rcduwlrs4v2040nxce0m2h0cunvrj8tqvzqqqqqqywsu8cq
How is Wikileaks even online in spite of state attacks?
More trouble than I feel it's worth taking. Until I figure out how to truly unplug from the matrix I'll just keep shit posting. And letting the government know how much I hate their guts.
Even if nots could could be deleted - internet doesnt forget.
Your post is making an impact. Added to the https://nostraco.in/hot feed
Most Bitcoiners can add to that: Not utilising #Monero when it is literally made for an adversarial environment. nostr:nevent1qqs2tcl492f4fcm2jtqsgx9wjh2hxe52qmeekan8y4k9y9zzjtrp7rqppamhxue69uhkummnw3ezumt0d5pzpckv7l8jqspl8u4y54dn9rcduwlrs4v2040nxce0m2h0cunvrj8tqvzqqqqqqywsu8cq
🫡 Thanks for the honesty and postmortem (mid-mortem?). So, what can we learn from this? 0) If you want to make a difference, regardless of how right or moral you are, you should probably be more paranoid and careful than you are now. Things could get more authoritarian than they seem now. 1) Hosting: some options https://www.privacytools.io/private-hosting 2) Use a reseller or see #1 3) I can understand the legitimate reasons why people use cloud flare, but they are an anathema to privacy and are taking over the web. We need better ways to combat problematic users without the CF goblin. 4) Either go @ROCKSTAR and cover face (though voice matching is trivial these days) or disassociate your developer self from your legal/official self (though this might preclude invites to conferences—a paradox?) 5) I dunno what to say here. They suck and probably deserve antagonism 6) Think before you post. Always use a VPN/Tor. Carefully screen images for unintended content and strip metadata for what you post ⚡️🫡💪 thanks for being open. You are on the front lines currently but we are in this together
I'm afraid our dog did some similar mistakes... Maybe I should stop abusing his accounts, but not quite yet!
ask @will to nuke if needs nostr:nevent1qqs2tcl492f4fcm2jtqsgx9wjh2hxe52qmeekan8y4k9y9zzjtrp7rqpz9mhxue69uhkummnw3ezuamfdejj7qgewaehxw309ac82cnvd93juun9d3shj6twvuhxjme0qy88wumn8ghj7mn0wvhxcmmv9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcpr3mhxue69uhhyetvv9ujucnfw33k76twwpshy6ewvdhk6tcpzdmhxue69uhhqatjwpkx2urpvuhx2ue0qydhwumn8ghj7un9d3shjtnwdaehgunfvd5x2uewdaexwtcprpmhxue69uhkummnw3ezuendwsh8w6t69e3xj730qywhwumn8ghj7mn0wd68ytndw46xjmnewaskcmr9wshxxmmd9uq3gamnwvaz7tm8v9hzu7t9wd68ytnyv9uj75rup4l
Let's be honest for a second here. Sure, not doing any of that would have delayed the detection, but can one otherwise truly hide their identity while being relatively active on social networks, developing a project, or providing an online service? I'm not talking to you, Satoshi. You might have actually made it, but that is an exception. nostr:note15h3l225n2n3k4ykpqsv2a9w4wdng5phnndmxwftv2g2y9ykxruxqa7z9q3
I think if one is seriously concerned about opsec, they should pull the plug on everything and start all over. Then, as a genral rule, treat everything as if it’s compromised. This is also coming from someone with bad opsec. My paranoia can only go so far.
Stopped posting on nostr because of this. Its their wet dream to be able to hang you in 15y because you did some wrongspeak. Not being able to delete your words and its echo living on together with most likely IP adresses ect, is the major flaw of Nostr.
Serious question: How does one buy domains without a credit card...?
Nostr is the worst platform for privacy ;)
there are some mastodon instances with IP cleanup from their servers every 24 hrs
the LARP video you made about a relay was hilarious, “just click yes” you just have to be like Bruce Wayne / Batman Have a public profile if you want to grow in normie land and have an opsec identity
Snort lets you delete posts, but it's not perfect. Honestly, even if it was perfect, screenshots last forever. https://snort.social/
maybe comes handy to someone else in this scenario https://bitcoin-vps.com/
I hate the credit card/ internet transaction opsec issues. Lots of inconveniences
Thank you for this list of missteps... I am so sorry about your current consequent struggles... No one deserves the state boot heel.😠😡🤬
Anyone know what happened to @utxo the webmaster 🧑💻 ? nostr:nevent1qqs2tcl492f4fcm2jtqsgx9wjh2hxe52qmeekan8y4k9y9zzjtrp7rqpz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzpckv7l8jqspl8u4y54dn9rcduwlrs4v2040nxce0m2h0cunvrj8tqvzqqqqqqyenmsk8
