Oddbean

Yeah, and it's actually not that big of a problem. If you're on a "Chicago Friends" group, and leave reviews for restaurants in Chicago, and everyone can see that you're in Chicago, it's like oh well. Some people see these conversations and freak out because they think everyone has their mailing address.

Few know this. nostr:nevent1qvzqqqqqqypzphtxf40yq9jr82xdd8cqtts5szqyx5tcndvaukhsvfmduetr85ceqydhwumn8ghj7argv4nx7un9wd6zumn0wd68yvfwvdhk6tcpzamhxue69uhk6mr9dd6jumn0wd68yvfwvdhk6tcqypsq9lpxwvkq97acv4vncvktg3gxm8sx7fxk2jped9akvywgrz7074kcz6f

Computers have private and public IP addresses and the public one is to your Internet service provider (ISP), usually listed in a nearby city, not to your physical computer. That ISP then has a private address that it uses to route traffic to you, individually. Using a VPN or similar simply moves the knowledge of the traffic source from your ISP to your VPN provider. You have to reveal your traffic source to someone, otherwise the traffic can't be transmitted.

An alternative to using a VPN, within Nostr, is using a caching or broadcasting relay. Then you only reveal your public IP address to them, and they pass your events on using their public IP address. Using a VPN is most useful if it is very trustworthy, you use it always and everywhere, and you have never posted any information that might reveal the region you live in.

can't be done on the same protocol layer i built most of the encoding and decoding for a layered encryption scheme like Tor but using the same routing principles as Lightning ran out of time getting it to a point where it could be turned into actual relays but decided that using libp2p was not going to scale well enough anyway, needed to design a p2p network protocol a bit like a hybrid of bitcoin and bittorrent, where relays didn't have to know about every other relay so clients could construct routes, and i started working on fork/join paths as well, like actual lightning bolts... anyhow i got some help from geyser for it about a year ago, and talked to spiral and they weren't interested and didn't give any feedback... will have to do it self funded at some point in the future so i work for a company that chases grants from shitcoin projects to build social networking systems

It is not /meant/ to be private at all. The priority here censorship resistance, just like Bitcoin. Now given censorship resistance, you can work on privacy and security, or at least thats how I've constructed it in my mind. From Vitor's Amethyst repository: > Privacy and Information Permanence Relays know your IP address, your name, your location (guessed from IP), your pub key, all your contacts, and other relays, and can read every action you do (post, like, boost, quote, report, etc) except for Private Zaps and Private DMs. While the content of direct messages (DMs) is only visible to you and your DM counterparty, everyone can see when you and your counterparty DM each other. If you want to improve your privacy, consider utilizing a service that masks your IP address (e.g. a VPN or Tor) from trackers online. The relay also learns which public keys you are requesting, meaning your public key will be tied to your IP address. Information shared on Nostr can be re-broadcasted to other servers and should be assumed permanent for privacy purposes. There is no way to guarantee the deletion of any content once posted. And Mike Dilger's Gossip: > Privacy Options: in case someone wishes to remain secret they should use Gossip over Tor - I recommend using QubesOS do to this. But you could use Whonix or even Tails. Don't just do it on your normal OS, because on a plain OS sometimes data leaks around Tor (things like DNS lookups). Gossip supports using native TLS certificates so you can configure trust for .onion sites. Gossip provides options to support privacy usage such as not loading avatars, not loading images, not necessarily sharing who you follow, etc.

i'd also add that even VPNs can be a problem on linux on wifi with a malicious device on the same LAN via a recently discovered exploit that amusingly doesn't work on android VPNs, there is a workaround, i forget what it's called just now, but the wireguard people have published a mitigation you can set up involving linux kernel namespaces (this is why it doesn't work on android, android extensively uses namespaces) also i'd further add that the relays only can *surmise* your NPUB based on the frequency of your queries for it, especially requests for your profile and follow list, but with auth they know for sure at that IP lives that NSEC anonymity on nostr requires the use of a VPN, but i think that even as lightweight as a VPS with wireguard like i use still deflects any cheap attacks on my location because it will say "romania" and ALL of my traffic (on my phone as well) goes through it and my VPS provider doesn't KYC me so even if they go there and subpoena all they then get is my IP address here, which is in yet another jurisdiction and i could easily make it even harder by chaining two of these together, for example one to kazakhstan and then one to romania, good luck with that

cost me USD$35 for a whole year btw, up to 9tb traffic per month, and better than a dedicated WG vpn service because the IP is not associated with VPN services (i still get some sites pissing on me because they see a VPS IP address owned by a VPS provider but they don't know whether the origin is there or elsewhere)