nostr protocol inherently gives away npub ownership at minimum in frequency in requests - fixing this would require caches and proxies to distribute and obfuscate request origins

you only need to hold a short window of time in the cache to do this matching, sufficient records to perform a reliable intersection, and then you can throw away the records... so, to do it in practise just requires a database with access times stamped in and a garbage collector 

 and yeah, the data size... you'd want to devise a compact storage and working memory architecture for this, but it isn't nearly as much resources as you'd think since you can almost certainly get away with a 32 bit serial for each npub and you can use a caching structure where you prune out extraneous data below the median threshold or so, this would keep only the high confidence data there 

 have you actually written client code for showing a user's view?

which list, for example, is most commonly requested by all clients in order to build a feed? oh yeah, the user themselves

what reason is there to request a follow list for others unless the client is reading their follow lists follow lists? that's about as deep as it's gonna go, but the client is going to ask for the users follow list every time, guaranteed

and that's just that one thing

there is other lists as well, all DM requests are going to include the client's npub, how many ways does this get used? it's basically the first thing a signer asks you permission to do and if you made it ask you every time you'd have to permit it for every action repeatedly 

 and virtually every feed request on a thread is gonna include the user's npub because they want to read their own posts in the thread

lol, i doubt the heuristics required to positively identify the npub used by a client not authing would barely fill a screen 

 Yeah this is very relevant, imagine. 

 You're not requesting the same things from all relays, because that obviously doesn't scale and outbox model is a thing. Also many clients will (and most should) bundle together requests for lists such that yours is mixed with others. DMs requests are (in sane situations) definitely not going to all relays, just to one or two, and they must use auth already, but just for DMs and relays that implement that and users that opt-in to NIP-17. 

 Anyway, can you tell me how do you envision this world of AUTH? Is it really that all clients will send AUTH always to all relays? What are the big advantages we get from that? 

 monetization of service provision

that is enough reason to make it universally supported

can't run this shit on donations for ever, unless you live in some la la land socialist theory of gift economy, like #v4v mostly sounds like most of the time 

 Someone wants others to read what they write, can't they pay for the servers instead of charging everybody who wants to read?

You know webpages are basically free to read and have been for decades, the publisher pays for the server. 

 But sure, there may be use cases in which charging for reads is necessary. It's not helping to get that point across to just yell about clients that don't implement AUTH, as if implementing AUTH fixed anything by itself. 

 helps users of paid relays, which i am one

so, full auth support makes it easier for me to do that... i still don't get full use of the filter.nostr.wine because i have to prod nostrudel to do it, it can do it, but it's still not following the protocol by doing it automatically for me

and there will never be private relay clusters for business use cases without auth on the clients and none of the funders seem to see it as a priority, thus the woeful state of it

yes, auth helps a lot of things... and privacy is one of them if the relay is trustworthy 

 auth will help relays avoid having to rate limit by IP address ( a terrible, horrible, and frankly useless method of fending off greedy connections).  instead you can use your npub with auth, and either stay within a regular client usage tier, or pay more to go insane with queries.

i do think most if not all relays will do this eventually, or theyll end up exactly like every website that blocks and captchas vpn connections. (even free relays) 

 fiatjaf hasn't even considered that clients could be configured to make a new key every auth request except for to paid relays also, defeating the privacy invasion angle completely and pointing back to the IP tracking problem 

 i just think he's in denial about the fact that relays are inherently trusted third parties, and reconciling that with the "free anti-censorship" features

a relay requiring auth to post is not censorship, and without auth you still get an IP address, and if that's a VPN address spam from such a vector will blanket block all use in this way

paying for use of a relay doesn't doxx you... that would require using a doxxable payment route and not using tor/vpn to access the relay

so, ip/npub as ways to decide what will be stored and relayed are both inevitable mechanisms, and being against censorship does not also mean being against paying for the goddang infrastructure lol