Wow, that sounds really stupid. Instead of one company using and selling our metadata, let's put it all out in the open including who we talk with. NGL, I had a very different idea of what Nostr is, I remember hearing the phrase "you own all data", well that's not true, is it?
Discussion
Nostr is completely public. It is up to you to protect yourself and protect your own data. Nostr isn't a license to put all of your information out with no care in the world, by contrast it merely takes power away from the snake oil salesmen.
Consider this. The snake oil salesmen tell you that you can put your personal information out in the world, don't worry, we'll protect it. In fact they own it. So now they know who you are, what you say, who you follow, when you log in, and they give you the sense of control by giving you tools to control who can see what, but there are no tools to hide anything from themselves.
Data leaks and you wonder why? The snake oil salesmen told me they'd look after it! That's when people start to pay attention.
It gets worse though. They own your messages. The only way to find out what you said is by logging into their platform and asking them. If they want to silence you, they have that ability, maybe just shadow ban you so you get less engagement than usual. This is terrible especially for businesses.
It gets worse though. They need to make sure that when they ban you, or when they decide to take any action, that they are dealing with the person behind the account, not the account itself. You need to give your phone number, address, date of birth, real name. Things that you can't fake. You can't use a custom email, no it must be from Google, Microsoft or some well known provider. Oh that number? It's been used before (even though phone providers often reallocate numbers to you from old inactive accounts when you buy a new SIM card)
As time goes by, you rely on their services more and more, you accept that they advertise to you, you accept that you need to pay $8 per month for a blue check to be anyone on that platform... I mean, what else can you do?
The only cardinal sin that they never do, but that maybe they will one day, who knows... Is they never write messages on your behalf. Either you sent a message, or you were hacked. This is why we use these platforms, they give everyone an anchor, somewhere to discover people, and once discovered, they know they are always talking to the same person.
Actually, even Elon took some accounts away from some users, I believe the owner of @music had their account taken from them with no recourse.
-------------------
Nostr: the data doesn't rely on a trusted third party. The problem we're solving isn't privacy, but we're also not taking steps to prevent privacy.
You can create an account at any time. No email, no phone number, create 100 accounts, who cares, each account is a persona and no one is there to police the accounts.
You own the messages you send. No one can send a message on your behalf (even though twitter doesn't do that) and no one can take over your account. Whenever there's freedom, there's responsibility. YOU protect your account. If you get hacked, it's not twitter's fault, it's yours. Fortunately the security model is based on the most basic and most secure system in the world: asymmetric key cryptography.
You control what you can see, if there's a persona online you don't like, tell your client to not show you their content and that's all there is to it. You cannot control what others see. Why should you have any power over others?
If you decide that you want to support a charity that is maybe controversial, create a new persona, don't mention one from the other. You can't be cancelled if no one knows you are the one sending the unpopular posts.
You don't need to have just one account. We never used to before, this one account thing was imposed upon us over time by those who wished to control the internet and we the people who use it.
There is no where for a government agency to go to when they want to suppress free speech. You have evidence about malpractice by big pharma, no one can stop it from spreading wide and far. The best anyone can do is attempt to tarnish your name, discredit you, try to find your identity and come for you directly, but by then you will have already gotten the message out, they'll need to come for you and everyone else who's spreading the message. They can't just tell twitter to block messages about the thing they don't like.
Finally, let's talk about relays and clients. Your data isn't on one server, it's on many. The data doesn't rely on twitter verifying which messages are from you, you self sign your messages. One of those servers can be yours. This way you can make sure none of your posts ever disappear. It's the only way to be 100% sure.
If a client tries to push ads onto you, you can switch clients. Your data isn't stuck to your client. The relays don't even hold your data hostage, that's just not how nostr works.
Hopefully you're starting to see the benefits. You're trading off the promises that you thought you had: the ability to say whatever to whoever with some guardian angel protecting you... For actual freedom and the hard truth... There is no Santa Claus.
I get it. This is 100% about censorship resistance, 0% about privacy.
Still think it's just common sense that people shouldn't be able to see who send private messages to, as well as the message itself.
A lot of people here recommend using simplex for private messaging and there is hope that someone will develop a standard protocol to integrate simplex into nostr clients and that clients all jump for that.
In fact, if you look at the original spec for how DMs are handled, it says at the top that it shouldn't be used. https://github.com/nostr-protocol/nips/blob/master/04.md
We're in a traditionary period, especially because developers are always scared of breaking anything that users may be using, even if that thing is not recommended to use.
Often there needs to be a migration plan before developers consider dropping a feature.
Transitionary period*
The point is that only you yourself can send any notes under your npub. And you cannot be censored. Even if a relay censored your notes, you can just go to another one.
So yeah, you own your data in the sense that it cannot be taken from you. But not on the sense that you can keep others from accessing it. (except private DMs)
Is something like my ip address also public?
If you use a VPN, no. If you don't, then you're trusting the relays not to collect your IP and use it against you or share it.
Collecting your IP is not part of the Nostr protocol, so there's nothing stopping you from taking steps to prevent it. And if someone does take those steps, they're competing with those who don't take those steps.
The market will ensure there is always optionality and Nostr is open for all to build on and use however they see fit.
Not normally to other clients, but the relays can see your IP address, yes. There are also some other possibilities, like sending someone an image that is served by a server you control.
On the other side: Of you use Twitter/X, Facebook, etc., they can always see your IP address. If you must hide that, then you can use Tor/Orbot for example. The #Amethyst client has that built in for example.