It’s worth remembering one of the bigger concerns here—njump . me, from Daniel and fiatjaf. It silently sends IP addresses to a third party without user consent by embedding tracking software in what’s expected to be open-source software. This really crosses an ethical, and possibly legal, line. What’s troubling is that it’s linked from the protocol’s front page, which raises questions about intent.

Privacy in Nostr tends to be applied so inconsistently that it loses value. Some developers choose to look the other way when it’s convenient. The best way forward is to call out bad practices and take a more practical approach to privacy. As Martti suggests, using a proxy is one way to ensure you're only interacting with hosts you trust.