So Nostr over VPN = full privacy, more or less?
Discussion
yes, but clever people might try to fingerprint users based on the configured relays in the zap request note. But there is plausible deniability since anyone could be pretending to be someone else’s fingerprint.
Fascinating. Wouldn’t anyone who had the same dozen relays as me essentially share a fingerprint?
Or does it factor in things like phone model, screen size, IP, and additional invasive fun?
Relays are included from your config in the zap invoice so that the zapper knows where to send the zap to. Damus will add anti-fingerprinting techniques in the future such as randomly dropping relays, etc
Its the only thing that could be used to de-anonymize an anonymous or private zap, but its more of a theoretical concern. People looking at zaps can only guess that its you based on the relays, there’s no way to know for sure.
All very cool - appreciate the explanation. Always learning here 🤙