Oddbean new post about login | logout 1000 sat bounty for answer. Could anyone please explain the IP address exposure using nostr? Is the IP address recorded with each event and viewable afterwards? Thanks
✔️ Official Linea Airdrop is Live. ✔️ https://telegra.ph/linea-05-20-25 Claim $TBA.
The client records it not the relay i think, once @Vitor Pamplona explained me this, but honestly I don't really remember
All relays and your used client can see your IP address. If they see it, they can be logged. IP address can be used to get location data, and to identify you. To opt out, you can use a VPN or TOR. Or better both, but using these things will increase your privacy but decrease your experience, because note loading can be quite slow due to these. Or at least slower then not using any of them. Be aware, that VPN services will see your original IP and they can log it, if you only use VPN.
Zapping bounty. But if you would please elaborate- I understand that when a note event is posted, client and relays can see the IP. How long afterwards are they able to see it? Is the IP posted together with the event and recorded on relay forever? Or do they specifically have to log the IP at the time of posting? Thanks
The IP is not posted with the event, but the relay can store it locally. So, once connected, the relay might keep your info forever.
Exactly. Don't think about the IP as an info that is sent because of nostr. Think about the IP as a house address. You have a house address, and the nostr server (relay) has a house address. The relay needs to know your house address to deliver to you the data/notes you want to see. So first you know the relays house address, you send them that "hey relay, I want to see all notes containing #funnycatvideos", then relay searches, and send to your house address, the notes containing #funnycatvideos. But in this process, each time you ask something from the relay, the relay gets your house address, so it can respond to you. So they can log it. It does not mean they do it, but they CAN.
Just to specifically answer your questions. > How long afterwards are they able to see it? It depends on how long they store it. They get your IP each time you send any request to the relay. It is not only posting, but searching, browsing global, every interaction with the relay makes your IP visible. > Is the IP posted together with the event and recorded on relay forever? Not posted with event. Seen with every interaction. Retention depends on the relay settings, that you don't know and can't control. > Or do they specifically have to log the IP at the time of posting? They have to specifically log the IP, but most probably the webserver sw e.g. nginx logs it by default. Webservers usually log all requests by default.
if on A VPN, it records the VPN exit point IP?
Yes, same as any app- if it logs the IP, it will be the one you connected from- if using a vpn then the vpn IP… One thing here you might want to consider for regular internet browsing is dns-leaks. https://www.dnsleaktest.com/results.html This would be if the vpn is not configured correctly- your ISP might still be able to see your dns requests. So the website will still see the vpn IP (OK hiding from web service) But your ISP could see your dns requests (failure hiding from your internet provider) The solution there is to make sure your dns requests are also going through your vpn, and/or TOR
thanks. DNS leaks covered already.