Why would amethyst connect to relays there are not on my list?
In the outbox model, you would do this to see other people's posts.
So my client automatically connects to someone outbox even if I don't have it as relay? nostr:nprofile1qqswuyd9ml6qcxd92h6pleptfrcqucvvjy39vg4wx7mv9wm8kakyujgpypmhxue69uhkx6r0wf6hxtndd94k2erfd3nk2u3wvdhk6w35xs6z7qgwwaehxw309ahx7uewd3hkctcpypmhxue69uhkummnw3ezuetfde6kuer6wasku7nfvuh8xurpvdjj7a0nq40
Yes. If you want to follow my world-wide-web content, you have to get it from https://mikedilger.com/. You cannot get it from your own local website. The outbox model is the same thing, and so is RSS. If you want my microblog, you get it from where I post it. Under the outbox model, clients figure out where stuff is and then they go and get it... on relays you may have never even heard of. This is no different than going to a website, and that website telling your browser to grab a font from fonts.google.com or to fetch a javascript library from a CDN, or to grab advertisements from doubleclick. If you have a problem connecting to "strange relays" that you have not vetted, then you should use a VPN or Tor. They were designed expressly to address that concern. Trying to re-invent them inside of nostr is a fools errand. And by the way, it is safest to use Tor via a system designed to use Tor, e.g. on qubes or whonix. Torsocks should also be safe since it replaces DNS lookups at the DLL layer. I'm not sure if using Orbot on Android avoid all the sidechannel DNS leaks, but I hope Amethyst did it right. I just don't know enough about Android to say one way or the other. But for desktop apps like gossip, Tor should NOT be builtin, users must use torsocks or one of the systems I mentioned which will always be more secure than anything I could code.
I have read your description of outbox in your website, but your explanation now is much better. I suggest you add this to your site :)
Ok. I rewrote that old webpage. https://mikedilger.com/gossip-model/
Nice, I have read it. It got better. When you say "Asking only for one URL, a website will direct my browser to load lots of other things from other URLs, grabbing fonts from google (why are you telling google I came to your website!?), grabbing javscript libraries from CDNs (hey! I don't trust that CDN), grabbing ads from doubleclick, etc. ", it gives the impression that it might "steal my data, or inject something malicious on me", but when you propose VPN or Tor to solve it, I get the impression that the worst that can happen is my IP to be misused. Is my understanding right? I guess it depends if I am on a web client (which can be Very dangerous) or on amethyst/Gossip, right? Regarding the diagram on the explanation, it's confusing because it has many arrows and no boxes named using the outbox/inbox naming conventions, and the arrows are confusing. But thanks again!
Thanks for that feedback. I agree the web risks go beyond privacy and maybe I shouldn't divert attention to that that on this page. I didn't do the diagram so I can't really edit it, and it is the best I have at the moment.