Oddbean

Really wish people would stop shilling Nostr as a "privacy" protocol. Nostr is an awesome decentralized protocol, but it is absolutely NOT privacy-respecting by default. #cybersecgirl #privacy #nostr nostr:nevent1qqsfysr087p8dxc2k6phg994meftq7674l4re4lujs8p7h2qjgksedqpr3mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmqzyp8t3qcs666wm9wx6e4rjkea8n64nwzl4my0w6ga4l2qt2fwq4wk6qcyqqqqqqgg3ktkt

Agreed. It's not really privacy violating either, which is important. It's open about what it does and how. We can run #Amethyst, for example, over Tor and use fake info, protect our nsecs, etc if we want, which is good enough for me. I agree that people should explain that instead of calling it privacy respecting. It's closer to privacy neutral in my opinion. The user has to choose. I use my real image and name, so I chose zero privacy. But I could have chosen privacy.

Yes, it's important to set proper expectations when purple pilling. Nostr does not give you privacy by default. You still have to practice good OPSEC just like anywhere else on the internet. And, because of the data and metadata all these relays run by literally anyone have access to, maybe even moreso than usual.

That's why I find it odd when people using Nostr have a problem with data scraping for AI training, etc. This makes it a lot easier for governments, companies, etc as far as I can tell. That's why I treat it like I'm speaking in a public place. I also don't trust it for sending secure data. Lots of misconceptions indeed.

Yes, some basic examples include using a VPN or connecting over TOR (or both) so relays will not have acess to your actual IP, you can also use SimpleX (far more secure and private) for sensitive DMs. Running lightning nodes can also be made more private, but that's a post for another day.

While they can see your ip address and the address of who you’re talking to, the content of nostr DM’s are encrypted with no one in the middle who can decrypt them. At best, they have circumstantial evidence. It’s not perfect, but it’s a step in the right direction. Public notes were never meant to be private.

Yes, just like is says in the post. But i will emphasize that metadata is not your friend, when combined with all the other activities visible to all relays, it can reveal much, especially if you are not using a VPN. 3 letter agencies can and regularly do find people based on metadata alone. Malicious relays aside, all it takes is fov pressure to make relay runners hand over what they have. Nostr is not a "no logs" kinda protocol, so it's important for users to reduce the data they provide by themselves.

Non-content metadata is more important than the content. That allows passive eavesdroppers to build relationship graphs for surveillance prioritization. Encrypted messages exchanged in public view with sender and recipient metadata announce to the whole world who your are communicating with. If we have a cleartext message without names or identifying information yet with no metadata linking the parties the eavesdropper would have nothing but a unsolvable riddle. But if you post an encrypted message where the eavesdropper can see who is talking to who, the eavesdropper can graph that and build a relationship graph for making decisions on who to surveil, terrorize, arrest, kidnap, blacklist, censor, sue, or assassinate. The designers of nostr should be held to explain and then remedy this oversight. If they have enough skill to implement encrypted exchange of private messages, then they really have no excuse for exposing the metadata. All it takes is simple mix routing for private messages using the same cryptographic primitives already present in the protocol. Users should always presume they have zero percent privacy when using this network. No sensitive communication should ever occur over nostr that you wouldn't want publicly read in front of a jury. Just being encrypted does not equal privacy. I repeat, just because your private messages are encrypted does not mean they are private. Everyone who wants to know easily knows **who** you are talking to privately. If you desire to use nostr for secure private messaging then BOTH parties must be absolutely certain they are connecting through an anonymizing network such as Tor/Onion or I2P. If you connect even a single time through clearnet then all your anonymity is lost. I am not being alarmist in the slightest. This network is as OP says, not a privacy network, just like bitcoin is **not** a privacy payment system. And I say again, like a broken record, hoping others will remember and repeat when necessary, "encryption does not mean privacy."

I’m inshore, at the moment so, I’m just using regular 5G. For offshore, I’ll probably go with StarLink. But the new StarLink satellites have 5G built in. So I may not need to buy a dish, soon. For safety’s sake, I need to be findable. When I go to other countries, I’ll just buy a new sim card and use local calling plans.

What is this word “taxes” everyone keeps telling me about? Why is everyone so concerned about lying prostrate to the state? They cannot confiscate it. They cannot jail us all. Stand for what you believe, or, die for nothing. The choice is yours.

The internet does not give you privacy by default. Users should take proper measures if seeking privacy. Nostr is privacy respecting as it does not REQUIRE you to provide identifying information. The world is your oyster.