Oddbean new post about | logout
 Yes, having used this option in gossip I can tell you @Vitor Pamplona with confidence that absolutely no one will use this option and leave it on to be bombarded by hundereds of questions whenever they open nostr..   
 We made the questions just a number in the lower left.  AND after you answer all the several hundred questsions, they don't keep repeating eventually you catch up with it.  BUT YES your point is very valid.  It is fucking annoying to approve every relay.

But I'm also coming around to the idea that an 'nevent' is kind of like phishing, getting you to go to a relay that is malicious, just like a link in an email trying to send you to a malicous website.  Whitelisting relays is one solution, painful as it is. 
 what about a proxy relay for those connections? a relay relay 
 sounds like drugs/  prohibition etc   crazydays/metadata? 
 It is, and so is media loading.. which no one ever talks about they just harp on relays.  VPNs or relay proxies that you trust are the only solution. And probably image proxies if you're doing the proxy option.  Tho I applaud the efforts in attempting a UI for connections, it has enabled me to see that using nostr means you go to weird servers all the time.  At least nevents don't have JavaScript payloads or anything, it's safer than browsing (I think).  But images, yeah those are likely the most dangerous thing. 
 have you tried keet.io ? p2p imho is the solution 
 Media loading was the straw that cascaded this conversation in January. Malicious user posting people's ip from loading an image sent as a dm. 
 its the internet you have an ip, its well known how to hide it 
 Yeah, but then they quickly cascaded into ranting about relays about 5min later. 
 sequence of events reads very familiar 🤔 
 What can a malicious relay do to you besides spy on your IP? 
 It could ask for AUTH and if your client allows it your client will tell it (and prove) your npub.  Then it knows WHO is at that IP.  This IMHO is a step too far and clients shouldn't AUTH to random relays w/o asking the user.  But gossip lets users turn that off if they don't care. 
 That's also hard, because what "requests" do you allow, and what "requests" do you ask the user? At the end, if every key interaction is asked, it is the safest, but the most annoying. 
 I'm not really sure how malicious a relay could be.