I'm using a small personal relay, wss://chorus.mikedilger.com:444/

- how did you discover them?  I created it.  I wrote the software. 
- are they with people you know IRL?  Yes I know myself well enough at least.
- what do you like about using a smaller relay?  Total control, helps me debug my client
- what if anything would you change or improve?  I'm not sure right now it's pretty stable, but as soon as I think of it I will improve it. 

 I'm interested. But I think I need to do some preliminary work such as the ability to follow hashtags. 

 gossip too 

 Thank you for making it happen 

 I don't see your 10050 event anywhere. Are you not doing these DMs yourself? 

 “I can picture in my mind a world without war, a world without hate. And I can picture us attacking that world because they’d never expect it.” 

- Jack Handey. 

 I got it working, but there are so many windows and popups and I couldn't figure out how to manage them. Couldn't turn down Bob Marley (no option). Chat window covering everything and there was no minimize.  Very busy.   But looks amazing, lots of stuff in there. 

 It kicks me back to the homepage after 30 seconds or so, even after logging in. 

 firefox dev edition on linux with camera/mic permissions blocked, and even questions about camera/mic were disabled. 

 THAT is your beef with nostr? Among all the problems, you notice that kind could just be another tag and for that you want to start over?  That is trivial.

But on that topic, I think instead of a kind field there should be bitflags.  One or two bits meaning ephemeral/replaceable, one bit meaning restricted to tagged people, one bit meaning only uploadable by the author, etc.  And tag "keys" should be binary, a number not a letter. Events should be binary and don't need to be "read" by humans outside of using a note reader library (which can express them in nice english words) or in code (where they are expressed again as nice english words).  E se preferir português pode usar nomes portugueses na sua biblioteca em vez de inglês. 

 People need to configure their browsers to talk through a SOCKS5 proxy in Belarus, wireguard over to North Korea, tunnel through gopher protocol into the great wall firewall of China and out through the pacific cable to New Zealand where I will, free of charge, rewrite the source IP address of each packet and then pass them onwards to anywhere you want them to go.  The responses will return by the reverse path.  Just install this from the iPhone app store:  LINK NOT FOUND 

 Nothing to do with iPhones.

I just picked a client that isn't doing the gossip model and apparently can't see fiatjaf's quote posts, presumably because of the privacy risk. A client you might expect would be avoiding untrusted relays for privacy reasons.  And even in that case, those users already don't have privacy.  That ship has sailed. 

 Ok well then maybe I'm wrong. If _everything_ goes through that path. But the web stack has a lot of back garden pathways that people often don't think about.  This may have come from an iPhone or maybe Apple proxied it,  We could find out by doing some tests, but that's not really my point.

[IP REDACTED] [18/Jun/2024:20:10:51 +1200] "GET /RelayPrivacy.mp4 HTTP/2.0" 206 2097152 "-" "AppleCoreMedia/1.0.0.20G75 (iPhone; U; CPU OS 16_6 like Mac OS X; en_us)" 

 I'm all onboard with client-side no-trusting-servers we-can-build-our-own-thank-you-very-much.

Simplex looks like it provides good privacy. I haven't reviewed it and I don't know if you need to trust the mix network or can specify your own or whatnot. But the pieces that a privacy solution would need seem to be there so it certainly could be very good.

I wonder however that if you can send URLs over simplex and if the person clicks it you have exposed them. That wouldn't be a simplex bug, but it points out that privacy and security require closing all the holes/leaks, not just the ones you can think of right now.

We did something with sligntly less private with NIP-59, NIP-17, NIP-44, but the relay sees your client drop the giftwrap on to it, so it still can't give you ideal privacy.  Perfect privacy is just very hard without VPN/Tor. 

 I can associate your npub to your IP and get your locations and movements. I can do that to Damus users right now. I won't do it out of respect, but there is such a large set of possible ways to do it that I can't imagine this being something we could realistically prevent across the board. 

 I could only discover the location of your IP range, like country and city, not quite each toilet. But maybe I could skill up to that level... nah. 

 I didn't do it to you.  I made a video explaining how to do it, but I'm not sure I should post it. I don't want to give tools to stalkers. 

 Goddamn in 3 minutes my website has already pulled down several hundred IP addresses!  I can't believe you guys don't care about privacy! 

 As to the wireguard thing, wireguard wont set the "dont fragment" bit.  Wireguard tries to operate as if it didn't exist, and I appreciate that. 

 I got your DM about still not getting my DMs.  We can debug it tomorrow.  Maybe gossip isn't AUTHing to your DM relay, or if it doesn't need that maybe it is doing something else dumb.  I found a handful of dumb bugs today I'm sure there will be more bugs tomorrow. 

 You could even tell people to follow other people at their own domain, like follow "mike@mikedilger.com" and it would get my NIP-05, find my relays, and gossip away. Works without even NIP-65 relay lists for discovery, no npubs required, no user interaction with relay setup required. Seriously easy 1-step 1-click experience.  The only thing people MUST do is to sign up for at least one relay that serves their stuff. 

 I was just being cheeky. But right you are. 

 MTV baby 

 Are you saying you want me to address that question in a video?  Or just give my opinion here on nostr?

I think what I call a "client proxy" is a reasonable architectural component that keeps clients from contacting strange untrusted relays, so long as (1) the client can totally trust the client proxy, and (2) you don't care if the client proxy's IP address is leaked.  But it is hard for both of those things to be true.

If only people weren't so embarrassed about losing their bitcoin keys in so many consecutive tragic boating accidents then they wouldn't be so concerned about maintaining their privacy  (I know Edward Snowden says different, I don't really mean what I'm typing, I'm just trying to be funny) 

 A trade off is what it is. You may have to trust a little bit that things aren't getting censored, and that the proxy won't abuse your IP information.  And in return your client can be simpler, maybe doesn't need to open as many connections, and you get a bit better privacy without really doing privacy right.  That works for some people, which is why I think it's a viable idea.  I'm not working on such a thing because it doesn't really work for me, but I'm not against it. 

 Yep. 

 Should Neil have just said "wow you are so smart" and moved on?  How do you be nice in this situation?  Neil in fact did something extremely nice but something that Terrance couldn't appreciate because I think Terrance isn't all there.  Sad really. 🫂 

 Do not eat that sheep. Not organic. 

 I would join that call. 

 Love habla. 💜 

 There is funding.

But there are other problems. We don't have a unified vision, we don't have unified management, we are cats running in different directions, there are scores of different software all trying to interoperate by speaking a protocol that keeps having breaking changes and which has different interpretations and wildly different schemes added on that are not part of the protocol, and where there are still very hard problems like key rollover that nobody seems to be able to solve. 

 grrrr 

 Here is a link to your event at your relay (for testing):

nostr:nevent1qqsv2zg6aephnyr6upm60v9tgm3hjzjdmks425mcj3c0erv9re00d9spzemhxue69uhkzat5dqhxummnw3erztnrdakj7qrq2tw 

 Lemme try that again (I got bugs on my side)

no nostr prefix this time

nevent1qqsv2zg6aephnyr6upm60v9tgm3hjzjdmks425mcj3c0erv9re00d9spzemhxue69uhkzat5dqhxummnw3erztnrdakj7qrq2tw 

 So a few questions.

I presume gossip tried, but it did not load this event from auth.nostr1.com.   It did find it from hotrightnow and nostr.wine.

Also, I presume gossip would have asked me for AUTH approval if it had tried auth.nostr1.com and been AUTH challenged. But I was not asked. So I think that means the relay neither auth-challenged me nor supplied the event. But that is a lot of presumptions, there may be a bug or two on my side. 

 Oh that makes sense. Dumb assumption on my part. 

 They are kind 17 now too, on master branch, if you and your partner both have DM relays advertised. 

 If you got a DM from me, then it works.  If you didn't, it might still have problems.  I get the 'cc' giftwrap back to myself, but that doesn't prove that the outbound giftwrap worked. 

 I haven't seen any DMs from you.  I have giftwrap DMs from other people going back quite a long time even.

I've fixed enough bugs for today though, this one will have to wait for tomorrow. 

 I fixed a bunch of problems with DMs this morning. I sent you another one from gossip (I sent you one from amethyst last night).  Did you get either of those?  I've gotten yours now, and the carbon-copies of mine. 

 That is a 1-in-a-milion shot with all three cats so intensely animated at the same time. 

 That must take a long time and a lot of patience 

 There are two ways a client could find and load that note:

The nevent is:
  id=3800be8bb2d802b05ff3c4e9e003d89e6c669ea9aa2e5fbf8e618693b8eee034
  relays=wss://relay.westernbtc.com/

The quote 'q' tag is:
  [
      "q",
      "3800be8bb2d802b05ff3c4e9e003d89e6c669ea9aa2e5fbf8e618693b8eee034",
      "wss://relay.westernbtc.com/"
  ]
 

 nostr:nevent1qqsrsq973wedsq4stleuf60qq0vfumrxn6565tjlh78xrp5nhrhwqdqprdmhxue69uhhyetvv9ujuam9wd6x2unwvf6xxtnrdakj7kte022 

 Well my event includes an 'nevent' that points right at it.  It also includes a 'q' tag that points right at it.

I'd take up the issue with your client developer. 

 On Jan 5, 2023, in my very first telegram convo with fiatjaf, he said:
"I think clients must not talk to a bunch of relays as if they were all the same"
and then
"I think they must find and follow people in wherever relays they are"
to which I said
"This is a paradigm nobody seems to understand or talk about except you and I.  Lots of people are confused about how it could possibly work, and there is some massive event duplication going on in the background."
to which fiatjaf said
"I've been talking about that incessantly"

Based on that final statement, I'd say fiatjaf was saying this before the gossip client was doing it.  So with that I disclaim all responsibility, I didn't start this thing ;-)

There was no NIP saying this, and NIPs are all optional anyways.

This discussion has come up over and over and we have not settled on a direction, the community has instead split. I *hate* telling people what to do, I think people are free to copy notes and avoid connecting to strange relays and I *still* have mad respect for all the devs who do it that way.

I'm not sure it has to be one way or the other BUT I will stump for my way, and you have to live with the consequences of your way.  For example, not being able to see fiatjaf's quote posts, running massively overloaded relays, finding it easier to be banned from nostr than you thought, burning through network traffic between relays, realizing you have faux-privacy and you've actually just deceived your users by only patching the biggest privacy holes while leaving the little ones open, etc.

To me it is just decision -> consequence.  I don't care what other people choose to do, but I will try to predict the consequences. 

 Touchy subject but I'll weigh in.  I think the "line" is restricting visibility.  Therefore downraking false theories is censorship, but not illegal if not done by the government.  But flagging posts or labelling them with additional information is not censorship, it is literally "more speech".  When done by a platform, it is the platform speaking, which they have a right to do.

I prefer a nostr system where we all flag each other, and we each get to choose whose flags we listen to or care about or display. 

 I agree with point B. 

 Through no fault of @fiatjaf the relay hint in this note is totally whack.  I am working to fix this bug in gossip.

Nonetheless, the nevent is correct and the note should be findable via the nevent.  I can see the note. 

 That is precisely the reason @fiatjaf is producing all these posts... to put the problem into developers faces so they can smell it up close.

Without the ability for clients to fetch notes from (perhaps the only relay that doesn't censor them) as specified in the nevent that points exactly to where that note can be found..... then what was the point of making a decentralized protocol? 

 If people aren't using Tor and aren't using a VPN but they care about this, then I sure hope they never open a web browser.

But giving people the head's up and asking permission is nice. People want to see the note, but they also want to feel in control. 

 If you connect to a relay, that relay knows you connected (your IP address) and what questions you asked.  This is EXACTLY like a web browser.  Everytime you go to a website, that website knows you connected (your IP address) and what questions you asked (the URL).

People who insist on hiding their IP address use VPNs or Tor.  This works perfectly well with nostr just like it works for the world wide web.

Trying to avoid connecting to some relays just makes nostr dysfunctional. This problem is outside of nostr, and nostr clients are just making the problem much more complicated than it needs to be by coding connect-based relay access control lists.  Just tell the user to use a VPN or Tor if they are concerned about privacy.

As for AUTH, that makes more sense to me. You shouldn't just AUTH to a random relay. But fetch a note... I don't see what the big deal is. 

 We made the questions just a number in the lower left.  AND after you answer all the several hundred questsions, they don't keep repeating eventually you catch up with it.  BUT YES your point is very valid.  It is fucking annoying to approve every relay.

But I'm also coming around to the idea that an 'nevent' is kind of like phishing, getting you to go to a relay that is malicious, just like a link in an email trying to send you to a malicous website.  Whitelisting relays is one solution, painful as it is. 

 It could ask for AUTH and if your client allows it your client will tell it (and prove) your npub.  Then it knows WHO is at that IP.  This IMHO is a step too far and clients shouldn't AUTH to random relays w/o asking the user.  But gossip lets users turn that off if they don't care. 

 I'm not really sure how malicious a relay could be. 

 I'm trying to say inappropriate things to stir up controversy, things you won't find on other social media platforms, nostr "exclusives" to draw people over to see stuff they don't see discussed anywhere else.

And why not understand better the French Revolution or the Russian Revolution? It's useful to understand history to predict the future.

I've never killed anybody. I'm not going to start.

But if I was going to start I wouldn't start with a squirrel!  Squirrels are so cute and innocent!  I'd start with a rabbit. 

 Ah man!  I wanted to get an autographed copy of your next book! 

 That is a reasonable basis for an argument, I don't disagree.  Western Ukraine would not be "tamed" by Russia, and IMHO I don't think Russia would care to try.  So if you want to argue that Donetsk and Luhansk are pro-West and hate Russia and are trying to push Russia out you can make that argument. I don't think it's true, but facts are my weakest tool since I'm not in possession of facts any better than anyone else is, I have to make judgement calls about what I think the facts probably are. In my judgement, Donetsk and Luhansk are mostly pro-Russian, even moreso pro-independence from both of them. I could be wrong. I've heard a lot of 'facts' and I don't know which ones are bullshit.

My point is just that any negotiation needs to start from the way things are, not the way things were or are wished to be, and if you want to use this argument about various regions that is totally fine with me.

Swing around to Israel-Palestine and you see the same thing. Palestine argues from their position in 1948... In fact they argue from their position prior to the Belfour Declaration in 1917.  That is an unreasonable position for negotiation because the actual on the ground situation isn't anywhere close to that.  Maybe they are right about what should have happened, but chanting "from the river to the sea Palestine will be free" is not only pointless, it hurts their cause.  Gaza is isolated from the West Bank, fuctionally Israel divided them in 1947, and even more so in 1967.  Refusing to accept their loss and insisting on getting it all back is not a negotiating position that will ever succeed, even if it is morally justified.  Israel negotiates with Hamas because effectively, defacto, Hamas is the government of Gaza.  And Hamas accepts deals that don't go anywhere close to "from the river to the sea" because when it comes to negotiations, that is simply how it works -- you start from the actual situation right now, not the one you wish were true or that you remember.

I've never seen Western leaders (including Ukraine) admit that they lost land to Russia and negotiate from the current situation. Putin has said talks have to start from the current situation, and Western leaders insist they start from a prior situation.  Such a demand ensures peace talks cannot happen, which is probably their intention. 

 Or maybe villians become men in power 

 That is a long video, and it is hard to watch because a lot of it is untrue or badly sourced or rumors, so I feel like I'm being led down the conspiracy theory garden path..... even if some of it is true and interesting and useful to know.  I wish he (or someone else) had made a shorter more well researched and defendable movie on the same topic.  I can't seem to get myself to watch that whole thing. 

 The quote from Rothschild was the first thing that got me fact checking.  Of course controlling the money is more power than being the elected leader... but there is no source - I don't believe the Rothschilds ever said the quote, or if they did it was scrubbed from history because there is no credible source. The person who is claimed to have said it (as shown in his movie) wasn't even alive in World War I, he died in the 1800s, but the movie at that point leads you to believe otherwise. So that kind of pissed me off and led me to feel like I was being deceived and indoctrinated rather than being educated.

I totally believe the JFK assassination was multiple shooters arranged by powerful people and the CIA was somehow involved. But I don't conclude precisely who or why because I haven't dug that deep. Maybe this movie could give me more info, but it's hard to watch when I already don't trust it. 

 OK I'm watching it again. It does have a lot of truthful information in there. Lots of other things I'm checking on check out as true and there's a hell of a lot of info in this movie.  If most of it is true, and it weaves a narrative to an interesting conclusion, it is worth suffering through a few poorly sourced bits.