Oddbean new post about | logout
 how? every request has your pubkey in it too, not hard to narrow it down after a few messages, with a set intersection operation

the real privacy violation is in the IP address because that potentially gives your physical location, and then you prove you have the key apparently at that location by authing

so yes, you want to not auth to free/untrusted relays, but they still know your pubkey and can be pretty confident that at that location lives the nsec

so, if you care about location, you use a VPN or Tor

if you care about not giving away your identity, you uninstall the client and stop using it, you are going to identify yourself auth or not, this is an authenticated protocol

if you pay for the relay, and they are selling log data to third parties, you stop paying them and you stop using them altogether

if you pay a relay they have a much greater incentive to not betray your data to third parties and if they do, then they deserve to be blacklisted by everyone in the community for this

you can also run your own relays, because the protocol allows this kind of distributed access, and nip-65 facilitates this messaging pattern