Oddbean new post about login | logout @Mazin How does this Reportinator bot thing affect nostr.wine relay?
It doesn’t. No idea what all the fuss is about. You can opt-in to using it’s reports to add content warnings to your feed on @nos.social Or not. That’s really it. It has no other impact.
It's because to non devs it sounds a lot like shadowbanning and that kind of thing.
the moment major clients adhere to it, it will become shadowbanning
This. Or if relays start caring, or being made to care. Relays do a pretty diligent job of taking down reported content. Happily, no operator seems to have taken seriously the most recent incarnation of Reportinator, and we all need to make sure it stays that way...
Clients and relays are going to do whatever their developers/operators choose to do, regardless of Reportinator or anything else. There is nothing the collective “we” can do to stop anyone from making content reports, labels, or prevent anyone else from using them. If your client or relay does something you don’t like, use a new one. That’s the value of the protocol.
Good advice, but the collective "we" need to make sure the conversation continues in public, not just behind closed doors where devs and operators can be persuaded that the userbase wants something they don't. Very proud of the devs and operators we have, but we can't take this situation for granted.
There is no public. Most people on Nostr don't even see my notes or use my relay. We are all just npubs, voicing our personal opinions in our favorite private spaces and managing our private property, as we see fit. There is no "we". There is only the protocol.
I can't agree with that, dear student of Rand. The protocol developers and infrastructure operators remain largely human, and more subject to social pressure than they will admit.
That is a good thing. 😂 Being human isn't a fatal flaw. Any developer makes something implementing NIP-01 or interpreting/analyzing events is a "protocol developer", BTW. So, that includes you, now, too. Build what you want to build.
Until they change NIP-01 again - because some VC brought an e-girl to a conference... But otherwise I agree, and awwww thanks!
Ha Ha, yeah, I've read Rand. Guilty.
We are who we quote, even paraphrased... :p
Well if it's a paid relay, then leaving seems like a waste in that scenario, unless you get a refund.
Some work on subscription models, so you can just not renew.
Sucks if you paid for the year only to find out your notes are getting censored.
@Mazin I think it's only fair that people know that if they are using paid relays for premium service, that they EXPLICITLY know which relays are using 'Reportinator'/Microsoft moderation API to censor them, don't you? Does wine interact with any of those relays?
In the NIP's themselves regulations were brought up as a reason why this was necessary. Not even joking.
"Kind-1984". My hat off to whichever dev gave snitching that name. I love Nostr :D
pretty sure it was fiatjaf, he's got that kind of sense of humor
It's too 'on the nose' for my liking.
Step 1) Everyone uses the same 3 clients 😊 Step 2) Demand all controller logic only be in clients 🤓 Step 3) Top 3 clients all implement same controller 😬 Step 4) Cry about shadowbanning 😭
same top 20 relays inspite 800 more relays choosing
I know. Even the people I have offered the free use of my relay to, usually refuse to use it. There could be hundreds of people on there, but there aren't. They're all on Primal, LOL, or Damus.
A relay for all who like to visit the forest. - liked and subscribed
Nostr offers people endless options, but most people want the same thing, so they will get that. What Nostr also offers -- and this is the beautiful part -- is that people like us can choose if we also want to limit ourselves to that same thing, if we want to do our own thing, or both.
Actually, you only have the choice if you are tech savvy... I'm not 😅🤷🏽♀️
We need less-tech-savvy people, too! Who else is going to tell devs that their interface makes no sense?
I think you're on some private relays like theforest and ok0. 🤔 Check the list in your client.
I recall trying to sign up to the forest and getting a bunch of error messages. Ok0 is something that someone else signed me up to I believe... By which I mean someone once asked me if I want one of those identifyer things and I said, "sure"
I also once managed to figure out how to use that site you sent me which shoudl fix how stuff appears? 😊🤣 That took me way too log to do and I don't ever know if it worked 😅 I don't know what hat you me a by "check the list in your client" although I spose I could fumble around for a bit trying to figure it out.
Found the list! I'm on the forest, can't see okO
You could probably add ok0, since you have your NIP-05 (mouse@ok0.org) from there.
Challenge accepted 🫡
He doesn't seem to have AUTH setup, so you can probably at least read from there.
I don't actually know what the relays name is. Kept getting errors. That's why I went back and checked and the forest although appearing in my list is still showing errors. Every time I think I'm getting somewhere I find out I'm not. 😤
I'm on Amethyst, and my relays are giving lots of errors. Just not all at the same time! The forest is about the only one not erroring right now :)
Any requirement for relays and/or clients to moderate posts and content beyond the minimum of what is required by their local jurisdiction means nostr as a whole has failed.
Because they don't understand how Nostr works or what it is. They think it's just a new Twitter with some centralized authority picking favorites, so they are appealing to the Nostr CEO.
Its not "New Twitter", but if one dev I know got his way... On SSB, everyone is a relay. People complain about NAT, but Tor fixes that. SSB was an even harder protocol to attempt to centralise than Nostr. But he tried and tried. Wish he'd keep to his little Fediverse dictatorship, folks like this sort of thing there...
Yeah haven't a clue how it works really, but hey, you know. . . Shit sounds creepy and wierd, watchagonnado? Ask questions and stuff, try and figure it out a little. Not everyone is going to read all the nostr whitepapers and know all the nuts and bolts, but most of us care about it nonetheless. Many came here to escape censorship, and so we're emotionally sensitive to things that sound censorshippy frankly.
They stick to the application or hard-coded relays and leave the mailbox relays empty.
yeah, nostrudel doesn't set these automatically... i haven't found gossip pleasant enough to use to know anything about how it does things but i remember previously it was quite aggressive about sending replies to relays related to users relay lists before outbox became a big thing
depends on the client they are using at the time and if they added the relay to it... i think gossip just uses people's published outboxes, mine lists my relay, and if that is the case then they publish to my relay i think at the same time if they don't set them in the client like in nostrudel, it won't automatically do it, this is a key distinction between @M. Dilger gossip and @hzrd149 nostrudel implementations of outbox model i assume that probably gossip has now got some kind of rudimentary configuration to choose not to always use published inboxes to send replies/DMs to but who knows... it seems to me like this could be something useful to add to clients - as part of the ASD - which of your follows you want to inbox and whether or not you want to inbox randos there's a lot of security matters to be thought about when it comes to clients presuming to make connections and leak timing information to other parties, it probably is going to take a while to hash out the best practises and minimal user friction that provides best possible security automatically, and probably MANY more arguments about the pros and cons of specific ways of donig it haha
Gossip asks users if they want to use a new relay that they haven't already decided about, for connection, and separate if they want to auth to it. But these features are off by default since most users find them annoying. I have them on for myself. I only AUTH to relays I know and trust.
yet you give them your IP address implicitly, is this not a bit funny?
no and no
no you don't give your IP to who you send requests to? are you trying to jest? no, it's not a bit funny that you are bothered by people expecting you to sign events that they ask you to sign to authenticate to them? have you actually thought this through?
have you considered that the user could decline to identify and auth with one shot keys?
auth doesn't stop spam it enables THE PEOPLE RUNNING THE SERVER to allow IN who they allow, for whatever reason i really don't think you have thought about this
you make me sad, mike, and kinda make me wish i could punch you in the face for being so obtuse and stupid
I repeat: Gossip asks users if they want to use a new relay that they haven't already decided about, for connection, and separate if they want to auth to it. But these features are off by default since most users find them annoying. If users want privacy, they can enable this feature and then when the 'gossip model' wants to connect to a new relay they don't trust, the user gets a prompt and can say "NO". Then that relay is not connected to. How could a relay that you don't connect to get your IP address? I don't know, but apparently I'm obtuse and stupid and I still didn't do enough for you. nostr:nevent1qqswqp44g8eeyqssugfwpu84py063ul7r7rfvl74g47pjp3zlku9zvspypmhxue69uhkx6r0wf6hxtndd94k2erfd3nk2u3wvdhk6w35xs6z7qgwwaehxw309ahx7uewd3hkctcpypmhxue69uhkummnw3ezuetfde6kuer6wasku7nfvuh8xurpvdjj7tj09j7
"I have them on for myself. I only AUTH to relays I know and trust." what difference does it make when your IP address is used if you connect WITHOUT auth? that was my point
If you connect but don't auth, the relay doesn't get an association between your npub and your ipaddress. They just know that some IP address connected to them, but not who it is. Of course, once you start interacting with the relay they learn all of that too, and maybe the relay can try to figure out who you are by which posts you are interested in... and if you post they might presume you are that event's author. But you might be transmitting somebody else's message too, so it is not proof. So it gets all very complicated as to how much a relay can learn. But if you AUTH it is not complicated at all, it is pretty much just giving the relay a provable association. I've always maintained that privacy is an illusion unless you use tor, and trying to hide IP addresses is just more pretend privacy that enhances people's false sense of privacy.
very flimsy, that's my point you send req that correlates to your follow list? free relay = honey pot the sooner people get it the better and yes, to be selective... @Laeserin has been talking a lot this last couple of days about the problem of blacklisting in general
Since you refuse to take my point over and over, I am now muting you. Long ago I nicknamed you "bitchy mleku" and that moniker never failed to represent.
Oh, I wish you wouldn't. I'm learning so much from the discussion.
in that way whole nostr is is honeypot for datadigging. its open n everyone see it. free relays are MUST n essential even with AUTH sign with random key.
Everyone needs at least one free one, to start off, otherwise they can't even make a profile event or an introduction note.
i disagree... first you get the LN address then you subscribe to two paid relays... and then you bitch out the client devs for impeding the growth of the relay service industry
nothing of that is needed just use BASIC nostr social without ZAPs except user tech knowledge
then you get the honey pot problem would you think it was a good idea for contactless cards to not have transaction limits when they are so easy to swipe? same problem with user data, leaving people wide open like this is irresponsible for those who know to allow and condone
You probably need to have some American servers wide open, for those politically persecuted, elsewhere. Nobody has solved for that use case effectively, yet.
Sender initiated LN payments can be as anonymous as Tor traffic, and I devised a scheme that uses the preimages to carry session pubkeys. https://github.com/indra-labs/indranet It's fairly close to being complete except I think libp2p needs to be replaced with an ad hoc p2p transport built on QUIC with gossip peer advertising like bitcoin's p2p layer
if u stop the Hello DAN note calling it SPAM (best is mute it at end user level such whiteHAT testing notes) then u essentially partly KYC or STOP ALL NPUBS from posting with WoT near 0 and not giving them opportunity to build WoT slowly
It only makes sense to identify something as spam, at the relay level, when it's an obvious pattern. So, one Hello DAN note is not spam, but 20 of them probably is.
Agree about the WoT problem, as I set it to 2 and had to dig some real npubs back out of the hidden notes. They were just newbies. Now, I'm opening all the hidden notes, to be sure, so it defeats the purpose, as I'm staring at bot notes all day. 😂
best way find new fresh genuine npubs is to browse "global of each relay" and ignore any note NOT suitable to EACH ONE's TASTE n likings - so simple. WoT filter replies from junkies in conver. threads (also nostr global or anythign else similar NOT for Kids without parental guidance.)
Is there a technical reason why we can't use a waiting room to loosen the association of IP addresses and npubs? Like, the IP address gets stripped once it arrives at the relay into the waiting room, and the relay processes the events thereafter? Or is that really stupid??
any server (reverse-proxy, relay, web, ...) will GET exit IP of any host trying to talk. retain or not or handover is policy matter. some countries require by law to keep log for when needed situtation. just like ISP n Telco SIM must do KYC nowadays. only whether relay forward orgin-IP or association IP to others can be addressed as above.
Are you talking about splitting web socket implementation from relay implementation? Subscription handling is quite coupled to an IP now. But indeed an HTTP proxy could just strip the x-forwarded header.
that can way to do (until new law arrive )- but 1st relay will always get client exitIP
What if I self-host my relay? Then only I get my IP and can strip the data when forwarding.
I'm just always trying to think about how we can construct Nostr to be slightly-more private over HTTP. Natively, I mean, rather than using VPN or Tor, as most people aren't using them and won't use them.
micropayments and short lived micro accounts and all relays are pay to write, which is also pay to proxy the hard problem i bumped into is discovering the network and relays not needing to know what lives at the address the relaying message asks it to be sent to this is why Tor and IPFS are both limited to around 8k nodes whereas bitcoin has over 20k
The problem is that the client doesn't trust the relay. If you are the relay, and you are an evil relay, you probably aren't going to be stripping off any IP addresses. We need a solution that proves to a client that they aren't exposing their IP address to a relay. But of course the way to do this is to use a VPN or tor. If tor is totally unusable than we need to make a new tor. That sounds like a huge project, so I'll bow out and leave it to the rest of you.
yeah, nostrudel doesn't set these automatically... i haven't found gossip pleasant enough to use to know anything about how it does things but i remember previously it was quite aggressive about sending replies to relays related to users relay lists before outbox became a big thing
yet you give them your IP address implicitly, is this not a bit funny?
no and no
no you don't give your IP to who you send requests to? are you trying to jest? no, it's not a bit funny that you are bothered by people expecting you to sign events that they ask you to sign to authenticate to them? have you actually thought this through?
have you considered that the user could decline to identify and auth with one shot keys?
auth doesn't stop spam it enables THE PEOPLE RUNNING THE SERVER to allow IN who they allow, for whatever reason i really don't think you have thought about this
you make me sad, mike, and kinda make me wish i could punch you in the face for being so obtuse and stupid
I repeat: Gossip asks users if they want to use a new relay that they haven't already decided about, for connection, and separate if they want to auth to it. But these features are off by default since most users find them annoying. If users want privacy, they can enable this feature and then when the 'gossip model' wants to connect to a new relay they don't trust, the user gets a prompt and can say "NO". Then that relay is not connected to. How could a relay that you don't connect to get your IP address? I don't know, but apparently I'm obtuse and stupid and I still didn't do enough for you. nostr:nevent1qqswqp44g8eeyqssugfwpu84py063ul7r7rfvl74g47pjp3zlku9zvspypmhxue69uhkx6r0wf6hxtndd94k2erfd3nk2u3wvdhk6w35xs6z7qgwwaehxw309ahx7uewd3hkctcpypmhxue69uhkummnw3ezuetfde6kuer6wasku7nfvuh8xurpvdjj7tj09j7
"I have them on for myself. I only AUTH to relays I know and trust." what difference does it make when your IP address is used if you connect WITHOUT auth? that was my point
If you connect but don't auth, the relay doesn't get an association between your npub and your ipaddress. They just know that some IP address connected to them, but not who it is. Of course, once you start interacting with the relay they learn all of that too, and maybe the relay can try to figure out who you are by which posts you are interested in... and if you post they might presume you are that event's author. But you might be transmitting somebody else's message too, so it is not proof. So it gets all very complicated as to how much a relay can learn. But if you AUTH it is not complicated at all, it is pretty much just giving the relay a provable association. I've always maintained that privacy is an illusion unless you use tor, and trying to hide IP addresses is just more pretend privacy that enhances people's false sense of privacy.
very flimsy, that's my point you send req that correlates to your follow list? free relay = honey pot the sooner people get it the better and yes, to be selective... @Laeserin has been talking a lot this last couple of days about the problem of blacklisting in general
Since you refuse to take my point over and over, I am now muting you. Long ago I nicknamed you "bitchy mleku" and that moniker never failed to represent.
Oh, I wish you wouldn't. I'm learning so much from the discussion.
in that way whole nostr is is honeypot for datadigging. its open n everyone see it. free relays are MUST n essential even with AUTH sign with random key.
Everyone needs at least one free one, to start off, otherwise they can't even make a profile event or an introduction note.
i disagree... first you get the LN address then you subscribe to two paid relays... and then you bitch out the client devs for impeding the growth of the relay service industry
nothing of that is needed just use BASIC nostr social without ZAPs except user tech knowledge
then you get the honey pot problem would you think it was a good idea for contactless cards to not have transaction limits when they are so easy to swipe? same problem with user data, leaving people wide open like this is irresponsible for those who know to allow and condone
You probably need to have some American servers wide open, for those politically persecuted, elsewhere. Nobody has solved for that use case effectively, yet.
Sender initiated LN payments can be as anonymous as Tor traffic, and I devised a scheme that uses the preimages to carry session pubkeys. https://github.com/indra-labs/indranet It's fairly close to being complete except I think libp2p needs to be replaced with an ad hoc p2p transport built on QUIC with gossip peer advertising like bitcoin's p2p layer
if u stop the Hello DAN note calling it SPAM (best is mute it at end user level such whiteHAT testing notes) then u essentially partly KYC or STOP ALL NPUBS from posting with WoT near 0 and not giving them opportunity to build WoT slowly
It only makes sense to identify something as spam, at the relay level, when it's an obvious pattern. So, one Hello DAN note is not spam, but 20 of them probably is.
Agree about the WoT problem, as I set it to 2 and had to dig some real npubs back out of the hidden notes. They were just newbies. Now, I'm opening all the hidden notes, to be sure, so it defeats the purpose, as I'm staring at bot notes all day. 😂
best way find new fresh genuine npubs is to browse "global of each relay" and ignore any note NOT suitable to EACH ONE's TASTE n likings - so simple. WoT filter replies from junkies in conver. threads (also nostr global or anythign else similar NOT for Kids without parental guidance.)
Is there a technical reason why we can't use a waiting room to loosen the association of IP addresses and npubs? Like, the IP address gets stripped once it arrives at the relay into the waiting room, and the relay processes the events thereafter? Or is that really stupid??
any server (reverse-proxy, relay, web, ...) will GET exit IP of any host trying to talk. retain or not or handover is policy matter. some countries require by law to keep log for when needed situtation. just like ISP n Telco SIM must do KYC nowadays. only whether relay forward orgin-IP or association IP to others can be addressed as above.
Are you talking about splitting web socket implementation from relay implementation? Subscription handling is quite coupled to an IP now. But indeed an HTTP proxy could just strip the x-forwarded header.
that can way to do (until new law arrive )- but 1st relay will always get client exitIP
What if I self-host my relay? Then only I get my IP and can strip the data when forwarding.
I'm just always trying to think about how we can construct Nostr to be slightly-more private over HTTP. Natively, I mean, rather than using VPN or Tor, as most people aren't using them and won't use them.
micropayments and short lived micro accounts and all relays are pay to write, which is also pay to proxy the hard problem i bumped into is discovering the network and relays not needing to know what lives at the address the relaying message asks it to be sent to this is why Tor and IPFS are both limited to around 8k nodes whereas bitcoin has over 20k
The problem is that the client doesn't trust the relay. If you are the relay, and you are an evil relay, you probably aren't going to be stripping off any IP addresses. We need a solution that proves to a client that they aren't exposing their IP address to a relay. But of course the way to do this is to use a VPN or tor. If tor is totally unusable than we need to make a new tor. That sounds like a huge project, so I'll bow out and leave it to the rest of you.
if u stop the Hello DAN note calling it SPAM (best is mute it at end user level such whiteHAT testing notes) then u essentially partly KYC or STOP ALL NPUBS from posting with WoT near 0 and not giving them opportunity to build WoT slowly
It only makes sense to identify something as spam, at the relay level, when it's an obvious pattern. So, one Hello DAN note is not spam, but 20 of them probably is.
Agree about the WoT problem, as I set it to 2 and had to dig some real npubs back out of the hidden notes. They were just newbies. Now, I'm opening all the hidden notes, to be sure, so it defeats the purpose, as I'm staring at bot notes all day. 😂
best way find new fresh genuine npubs is to browse "global of each relay" and ignore any note NOT suitable to EACH ONE's TASTE n likings - so simple. WoT filter replies from junkies in conver. threads (also nostr global or anythign else similar NOT for Kids without parental guidance.)
You probably need to have some American servers wide open, for those politically persecuted, elsewhere. Nobody has solved for that use case effectively, yet.
Sender initiated LN payments can be as anonymous as Tor traffic, and I devised a scheme that uses the preimages to carry session pubkeys. https://github.com/indra-labs/indranet It's fairly close to being complete except I think libp2p needs to be replaced with an ad hoc p2p transport built on QUIC with gossip peer advertising like bitcoin's p2p layer
