Oddbean new post about login | logout know your relay operators just as you get to know your devs.
Yep. Relays know everything about you: your interests, the time you spent on each post, your IP/ location, etc.
If that's the case then fucking fix it. If I can be tracked from NOSTR I'm out of here.
Yeah, the attack vector is much much larger than a centralized social platform. Instead of Facebook or Twitter knowing everything about you (which at least they protect). Here any rando could figure out a lot of things. Guess I should really not use nostr without a vpn. Though now sure how much that helps. Though VPNs somehow still leak a lot of information.
Centralized platforms knowing but "protecting" your information is a total fallacy they would like you to believe. Selling your information is how they got huge. They anonymize it maybe, but once it's sold it's out of their hands, and it is quickly de-anonymized, attached to a detailed profile, and resold.
Servers can always track you. Relays are the same. That's why we avoid connecting to random relays. You MUST trust the relay operators in your relay list. If you don't trust them, don't use them. Find better ones.
But should the easy solution be. If I see a note, and I quote it, the client should rebroadcast that not with my quote? Isn’t that just a thousand times simpler? It doesn’t solve everything, but gets rid of some issues.
Thoughts on this @Vitor Pamplona ?
We already do that. :) others should do too.
*cough cough* nostr registries *cough cough* @Laeserin *cough* *cough* first as an answer to centralized nips repository. Next as an answer to trusted relay operators and developers. Close will be our answer to DNS. Thoughts @Vitor Pamplona? https://wikifreedia.xyz/nip-event-register/npub1m4ny6hjqzepn4rxknuq94c2gpqzr29ufkkw7ttcxyak7v43n6vvsajc2jl
I am on board. We just need to keep moving on the right direction.
Can't wait for clients to run on notes.
I see you @keet dont tweet. This is what i'm referring to https://github.com/vitorpamplona/nostr-web-server/tree/main
Find better ones how exactly? Is there a central trust list?
Gotta do your research. Find each of your relay's operators, read their privacy policies and terms and conditions. You need to know who you are "in business with" and what they are and are not doing with your data. Don't delegate that due diligence to anyone else. And always remember, if it's free, you are the product.
This is not easy for non tech people.
We have to make it easy. Or we are not building anything new.
I love that you separated the relays into sections, is it possible to have a drop-down menu I relays that work in each section, that we can choose from and research or have a star system?
Yep that would be awesome to have.
If you connect to a relay, that relay knows you connected (your IP address) and what questions you asked. This is EXACTLY like a web browser. Everytime you go to a website, that website knows you connected (your IP address) and what questions you asked (the URL). People who insist on hiding their IP address use VPNs or Tor. This works perfectly well with nostr just like it works for the world wide web. Trying to avoid connecting to some relays just makes nostr dysfunctional. This problem is outside of nostr, and nostr clients are just making the problem much more complicated than it needs to be by coding connect-based relay access control lists. Just tell the user to use a VPN or Tor if they are concerned about privacy. As for AUTH, that makes more sense to me. You shouldn't just AUTH to a random relay. But fetch a note... I don't see what the big deal is.
Agree on Tor and on Auth. But we don't have a good/easy solution for Tor yet. Most people just use their regular connections on the go. So, I see as a massive privacy risk.
Does reading from a relay and not writing to it offer any changes in privacy?
It depends on which filters you send and if you have to auth or not. We just have way too many filters bundled in one subscription to risk. Gotta redesign that part of the code :(
This is another * use case for proxy relays like filter.nostr.wine which can implement inbox/outbox without leaking your IP to untrusted relays * the others being performance and spam filtering nostr:nevent1qqsxhyj9wprs3ycw753l7rx96newscqpuuhl5d5dckg5ara0u0qdrxgpz9mhxue69uhkummnw3ezuamfdejj7q3qgcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqxpqqqqqqz0j2356
how does one build trust with a relay? does each relay have an about page that is accessible in a consistent way? nostr:note1dwfy2uz8pzfsaafrluxvt48japsqree0lgmgm3v3f686lc7q6xvsp2tyf9
Literally ANY web service you use has this capacity. The only difference here is that its in the open. Many devs DO in fact advocate for privacy and security. @Ava is 🐏 and gives amazing tips and advice. Know your threat model and how to work with it. No one else is going to hold your hand and do it for you.
Ava is a nanny cunt bitch and I hate her.
Do you delete your browser history several times a day and use a vpn ? If not, you dont have to worry about little old nostr then lol
Every day.
no wonder snowden quit lol
Snowden knew that from day 1. I don't know if he quit but I can guarantee it wasn't because of this.
he just stop posting? maybe he is using another nym?
I thought #nostr only recorded time and the content of posts? You’re saying individual relays can add their own trackers for other metrics if you choose to connect to them? I guess that makes sense, different servers/websites can use different analytics so why not relays.
Sure. They receive all requests you ask for from the app. They just need to save it.
Stfu nanny bitch Ava.
How about you go fuck yourself already. Go get laid stay the fuck away from me.
Think we need to work on the ux for "nostr registries" - public documents from an npub you trust showing you the npubs, relays and clients they trust/endorse. nostr:nevent1qqs024dpmac6axvsjt5glqut9ccya5h3d2092cmnmrzcpucvjmtf74qpr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0qgsdcnxssmxheed3sv4d7n7azggj3xyq6tr799dukrngfsq6emnhcpsrqsqqqqqppdcw2y nostr:nevent1qqsdc8mjyxjefrlxjatsvt395eqx942j0fam9zdfw8wdgtzatqvfwqgprdmhxue69uhhyetvv9ujumn0wd68yurvv438xtnrdakj7q3qm3xdppkd0njmrqe2ma8a6ys39zvgp5k8u22mev8xsnqp4nh80srqxpqqqqqqz8gea8x