Amen. I really wish people understood that nostr isnt the only thing out there and everyone thinks its gonling to take over everything lol  

 I love nostr, it very well might, but it's important to know what it is, and what it isn't. 

 Should have this bold and underlined. 

Def no later than chapter 2 or 3 in the Learn to Nostr book 

 Agreed. It's not really privacy violating either, which is important. It's open about what it does and how. We can run #Amethyst, for example, over Tor and use fake info, protect our nsecs, etc if we want, which is good enough for me. I agree that people should explain that instead of calling it privacy respecting. It's closer to privacy neutral in my opinion. The user has to choose. I use my real image and name, so I chose zero privacy. But I could have chosen privacy. 

 Yes, it's important to set proper expectations when purple pilling. Nostr does not give you privacy by default. You still have to practice good OPSEC just like anywhere else on the internet. And, because of the data and metadata all these relays run by literally anyone have access to, maybe even moreso than usual. 

 That's why I find it odd when people using Nostr have a problem with data scraping for AI training, etc. This makes it a lot easier for governments, companies, etc as far as I can tell. That's why I treat it like I'm speaking in a public place. I also don't trust it for sending secure data. Lots of misconceptions indeed. 

 Thanks for raising awareness for the non technical always in a simple but very explicative way Ava 🫂💜 

 🫂🤙💜 

 By default means you can make it more private? 

 Yes, some basic examples include using a VPN or connecting over TOR (or both) so relays will not have acess to your actual IP, you can also use SimpleX (far more secure and private) for sensitive DMs. Running lightning nodes can also be made more private, but that's a post for another day. 

 Thx. SimpleX is another Nostr client? 

 No. It's a private chat client that doesn't use nostr at all 

 Thanks! 

 While they can see your ip address and the address of who you’re talking to, the content of nostr DM’s are encrypted with no one in the middle who can decrypt them. At best, they have circumstantial evidence.  It’s not perfect, but it’s a step in the right direction.  Public notes were never meant to be private. 

 Yes, just like is says in the post. But i will emphasize that metadata is not your friend, when combined with all the other activities visible to all relays, it can reveal much, especially if you are not using a VPN. 3 letter agencies can and regularly do find people based on metadata alone. Malicious relays aside, all it takes is fov pressure to make relay runners hand over what they have. Nostr is not a "no logs" kinda protocol, so it's important for users to reduce the data they provide by themselves. 

 Non-content metadata is more important than the content. That allows passive eavesdroppers to build relationship graphs for surveillance prioritization. Encrypted messages exchanged in public view with sender and recipient metadata announce to the whole world who your are communicating with.

If we have a cleartext message without names or identifying information yet with no metadata linking the parties the eavesdropper would have nothing but a unsolvable riddle.

But if you post an encrypted message where the eavesdropper can see who is talking to who, the eavesdropper can graph that and build a relationship graph for making decisions on who to surveil, terrorize, arrest, kidnap, blacklist, censor, sue, or assassinate.

The designers of nostr should be held to explain and then remedy this oversight. If they have enough skill to implement encrypted exchange of private messages, then they really have no excuse for exposing the metadata. All it takes is simple mix routing for private messages using the same cryptographic primitives already present in the protocol.

Users should always presume they have zero percent privacy when using this network. No sensitive communication should ever occur over nostr that you wouldn't want publicly read in front of a jury. Just being encrypted does not equal privacy. I repeat, just because your private messages are encrypted does not mean they are private. Everyone who wants to know easily knows **who** you are talking to privately.

If you desire to use nostr for secure private messaging then BOTH parties must be absolutely certain they are connecting through an anonymizing network such as Tor/Onion or I2P. If you connect even a single time through clearnet then all your anonymity is lost.

I am not being alarmist in the slightest. This network is as OP says, not a privacy network, just like bitcoin is **not** a privacy payment system. And I say again, like a broken record, hoping others will remember and repeat when necessary, "encryption does not mean privacy." 

 I also live on a sailboat so if I need to move at a moment’s notice, is as easy as weighing the anchor or casting off some dock lines. 

 Indeed. International waters certainly do have tax benefits among many others. Are you using something like a Calyx 5G hotspot service? 

 I’m inshore, at the moment so, I’m just using regular 5G.  For offshore, I’ll probably go with StarLink.  But the new StarLink satellites have 5G built in.  So I may not need to buy a dish, soon.  For safety’s sake, I need to be findable.  When I go to other countries, I’ll just buy a new sim card and use local calling plans. 

 What is this word “taxes” everyone keeps telling me about?  Why is everyone so concerned about lying prostrate to the state?  They cannot confiscate it. They cannot jail us all.  Stand for what you believe, or, die for nothing. The choice is yours. 

 The internet does not give you privacy by default.
Users should take proper measures if seeking privacy.
Nostr is privacy respecting as it does not REQUIRE you to provide identifying information.

The world is your oyster. 

 Nothing in life is 100% secure. Grey man is a valid tactic, but not applicable for every situation. Grey man doesn't help when you need to do something that will make you stick out. 

 Like a sailboat?  Not if you’re in Annapolis, the sailing capital!  Unless you’re making yellow cake, nothing sticks out if you do it right. 

 >  Noting online is 100% secure.

If your goal is that of remaining "private", Nostr isn't even 50% secure. Or 1% secure.
You are 100% guaranteed that, unless you use some kind of protection that exists outside of the Nostr protocol itself, all relays you are using will know your IP.

It's not a risk, it's an absolute certainty. 

 > I’m not buying monero.  I rely on just being not interesting enough to be worth paying attention to.

Good thing that none was suggesting you should buy Monero, or anything else for that matter.
What you find interesting is a subjective feeling.

The cryptographic properties of Monero and Bitcoin, however, are not subjective, regardless of what you or anyone else find interesting. 

 The thing is, who wins between Nostr and mainstream social media in terms of privacy really depends on your situation and priorities.

In the case of mainstream social media, you're trusting one specific party. If you trust that party, and if that party is trustworthy, certain things will remain confidential between you and that party. I can't know who you message, for instance. If the party turns out not to be trustworthy, or is attacked, information that you didn't wish to be revealed may became public.

On Nostr certain things that are normally confidential become public by default. If you don't trust any party, that's not really worse than what happens on mainstream social media platforms. If you, as most people, trust that mainstream platforms are at least very unlikely to ever reveal, for example, who you message, to the public, then Nostr is worse in this regard.

Of course, using Nostr there is the benefit that posts can be faked by another party, unless they have your private key or you are using delegation.