Oddbean new post about | logout
 You are overestimating the effectiveness of a vpn here. The reality here is that we are focusing on very sophisticated difficult to execute attack vectors. The vpn is your only shield for all identities pushing to the relay here. Sure, https/wss encrypts the content, but an attacker that has compromised a vpn operator will listen to events on nostr relays that the vpn has connections to by its users, and can artificially delay data transfer to do timing analysis on events to correlate which ip sent which events with which pubkeys.