Oddbean new post about | logout
 I don't know if I love it or hate it.

Could be useful for some new/unfamiliar event kind, tho. 
 It just needs to be opt-in and obviously public (like in next.nostrudel). 

Making everyone's browser history public would be insane for dsicovery too.
Few willingly opt-in to that kind of stuff. 

If you want to scare away normies from day one: make stuff public without them knowing.  
 Almost everything on Nostr is public. 😁 
 We thought about using this to re-find notes our OtherStuff clients had signed. Dunno. 
 Adding the client tag does not really change the security or privacy too much. IMO

Almost all clients have a distinct way they construct events (order of tags, supporting hashtags, mention tagging, etc) so it wouldn't be to difficult to fingerprint events and guess what client constructed them.
We kind of already do this in the nostrability repo when trying to figure out what client created bad or incompatible events

I made it opt-out because it wouldn't be very effective if every user had to go digging in the settings to turn it on. and as I said above it does not change much for privacy 
 Although it could also be a "accept cookies" like thing. so when the user first loads the app it asks them if they want to tell other users they are using it... 🤔  
 I think it's a setting in Coracle, if I remember correctly. 
 yeah it has been a setting, opt in, for a long time in #coracle  

it should be opt in

also as nostr:nprofile1qythwumn8ghj7un9d3shjtnwdaehgu3wvfskuep0qywhwumn8ghj7mn0wd68ytnzd96xxmmfdejhytnnda3kjctv9uq3wamnwvaz7tmjv4kxz7fwwpexjmtpdshxuet59uqsuamnwvaz7tmwdaejumr0dshszymhwden5te0wp6hyurvv4cxzeewv4ej7qgewaehxw309aex2mrp0yh8xmn0wf6zuum0vd5kzmp0qy2hwumn8ghj7mn0wd68ytn00p68ytnyv4mz7qpqqdjn8j4gwgmkj3k5un775nq6q3q7mguv5tvajstmkdsqdja2havqwss8ym  points out, client devs need to do more to make their event constructions more uniform

there is also security concerns related to this especially when clients get DMs working properly and exploits start appearing for snarfing metadata from relay users (actual seen times of events, user activity periods and timezone estimation etc)

anyhow, i can understand the hostility towards opt-out telemetry, the number of times i see this in server apps being targeted at devs it's getting quite alarming how normalized this spy shit is becoming

just say no to spyware! 
 I don't think it's anyones business what client I used to create notes. If I want to advertise your client I should be able to turn it on. On by default is a big no from me, sorry. Anything my client appends to my notes without my permission is too much imo. Tags are generally not user-facing. 

To be clear, I have been very against this for a really long time, but I'm a nostr nobody. I've had it on the roadmap for my signer since the spec introduced it.

https://github.com/VnUgE/NVault?tab=readme-ov-file#extension 
 This is the thing. It's additional info in the events. Don't know if a normie user would understand that.

And what about niche clients for a subset of users tagging the events? Very easy to track them. 
 I mean... There may be some.... interesting clients, eventually. 
 If you go from client to client, it's similar to a browsing history. 
 Sure I could see you swapping from desktop to mobile and so on 
 Or from some furry dating client to the interracial porn client to the Mormon homemaking client. LOL 

I mean, okay, obviously switch npubs, but still. 
 Completely randomly chosen examples. 
 It was research. For science. 
 Okay, that's enough Internet for today.
GN 
 hahahahahaha 
 I think any client that injects non-critical tags into events by DEFAULT is wrong. Build a better UX that enables users to understand their purpose. I will continue to build tools that enable hard-core users to strip these tags before signing. Client's can break this if they want, but I hope they choose to accept the signed result as authoritative.  
 Agreed. 
I prefer relying on things that are very obviously public (zaps, replies, shares, ...) for discovery/recommendations.