Oddbean new post about | logout
jeremy | 1 years ago (raw) | root | parent | reply | flag 
 That's great. Can you share what the image proxy service is? Other clients should consider using it.
Vitor Pamplona | 1 months ago (raw) | root | parent | reply | flag +1 
 We did operated a proxy. But then I realized that I not only had all the locations for our users but ALSO all their image and content requests. And I could easily associate both. The proxy doesnt only knows your location but know what you are looking at in real time. 

To me, the proxy is WAY worse from a privacy standpoint.
Martti Malmi | 1 months ago (raw) | root | parent | reply | flag +9 
 You have a point. The user's own avatar is one of the first images shown on the page, in a certain size, so you could even guess the Nostr user.

Without the proxy, requests are sent to multiple servers, making it more difficult to associate everything the user does.

On the other hand, those other image hosts might include those that are built expressly for logging and tracking users. Popular service like nostr.build or imgur.com can do that kind of analysis anyway.

Using a proxy, you can at least choose which host(s) you trust. Ultimately, the choice of proxy should be configurable, just like relays. Image loading without proxy is privacy-wise somewhat equivalent to outbox model (or nip05) where you connect to random addresses that see your requests.

Relays also know a lot about what you're looking at, and you might even reveal your identity by authenticating. The only way I see around this is onion routing where Nostr requests would be relayed on behalf of others, so there's plausible deniability.

Associating network address to a geolocation is a feature of the internet protocol. Tor and VPNs (where you also need to trust a 3rd party) seem to be the only solutions to that.

When it comes to image proxying, file size is one very pragmatic consideration. Without a minimizing proxy, avatars can be 100 times larger. Maybe multi-resolution image formats are the best solution to that.
melvincarvalho | 1 months ago (raw) | root | parent | reply | flag 
 It’s worth remembering one of the bigger concerns here—njump . me, from Daniel and fiatjaf. It silently sends IP addresses to a third party without user consent by embedding tracking software in what’s expected to be open-source software. This really crosses an ethical, and possibly legal, line. What’s troubling is that it’s linked from the protocol’s front page, which raises questions about intent.

Privacy in Nostr tends to be applied so inconsistently that it loses value. Some developers choose to look the other way when it’s convenient. The best way forward is to call out bad practices and take a more practical approach to privacy. As Martti suggests, using a proxy is one way to ensure you're only interacting with hosts you trust.