Replying to Avatar Laeserin

Some of them have mailboxes, but the people don't use them.
Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago 💬 1

depends on the client they are using at the time and if they added the relay to it... i think gossip just uses people's published outboxes, mine lists my relay, and if that is the case then they publish to my relay

i think at the same time if they don't set them in the client like in nostrudel, it won't automatically do it, this is a key distinction between nostr:npub1acg6thl5psv62405rljzkj8spesceyfz2c32udakc2ak0dmvfeyse9p35c gossip and nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr nostrudel implementations of outbox model

i assume that probably gossip has now got some kind of rudimentary configuration to choose not to always use published inboxes to send replies/DMs to but who knows... it seems to me like this could be something useful to add to clients - as part of the ASD - which of your follows you want to inbox and whether or not you want to inbox randos

there's a lot of security matters to be thought about when it comes to clients presuming to make connections and leak timing information to other parties, it probably is going to take a while to hash out the best practises and minimal user friction that provides best possible security automatically, and probably MANY more arguments about the pros and cons of specific ways of donig it haha

Reply to this note

Please Login to reply.

Discussion

Avatar
Mike Dilger ☑️ 1y ago 💬 1

Gossip asks users if they want to use a new relay that they haven't already decided about, for connection, and separate if they want to auth to it. But these features are off by default since most users find them annoying.

I have them on for myself. I only AUTH to relays I know and trust.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago 💬 1

yet you give them your IP address implicitly, is this not a bit funny?

Avatar
Mike Dilger ☑️ 1y ago 💬 1

no and no

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago 💬 1

no you don't give your IP to who you send requests to? are you trying to jest?

no, it's not a bit funny that you are bothered by people expecting you to sign events that they ask you to sign to authenticate to them?

have you actually thought this through?

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago 💬 1

have you considered that the user could decline to identify and auth with one shot keys?

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago 💬 1

auth doesn't stop spam

it enables THE PEOPLE RUNNING THE SERVER to allow IN who they allow, for whatever reason

i really don't think you have thought about this

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago 💬 1

you make me sad, mike, and kinda make me wish i could punch you in the face for being so obtuse and stupid

Avatar
Mike Dilger ☑️ 1y ago 💬 4

I repeat: Gossip asks users if they want to use a new relay that they haven't already decided about, for connection, and separate if they want to auth to it. But these features are off by default since most users find them annoying.

If users want privacy, they can enable this feature and then when the 'gossip model' wants to connect to a new relay they don't trust, the user gets a prompt and can say "NO". Then that relay is not connected to. How could a relay that you don't connect to get your IP address? I don't know, but apparently I'm obtuse and stupid and I still didn't do enough for you.

nostr:nevent1qqswqp44g8eeyqssugfwpu84py063ul7r7rfvl74g47pjp3zlku9zvspypmhxue69uhkx6r0wf6hxtndd94k2erfd3nk2u3wvdhk6w35xs6z7qgwwaehxw309ahx7uewd3hkctcpypmhxue69uhkummnw3ezuetfde6kuer6wasku7nfvuh8xurpvdjj7tj09j7

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago 💬 2

"I have them on for myself. I only AUTH to relays I know and trust."

what difference does it make when your IP address is used if you connect WITHOUT auth?

that was my point

Avatar
Mike Dilger ☑️ 1y ago 💬 4

If you connect but don't auth, the relay doesn't get an association between your npub and your ipaddress. They just know that some IP address connected to them, but not who it is. Of course, once you start interacting with the relay they learn all of that too, and maybe the relay can try to figure out who you are by which posts you are interested in... and if you post they might presume you are that event's author. But you might be transmitting somebody else's message too, so it is not proof. So it gets all very complicated as to how much a relay can learn.

But if you AUTH it is not complicated at all, it is pretty much just giving the relay a provable association.

I've always maintained that privacy is an illusion unless you use tor, and trying to hide IP addresses is just more pretend privacy that enhances people's false sense of privacy.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago 💬 4

very flimsy, that's my point

you send req that correlates to your follow list?

free relay = honey pot

the sooner people get it the better

and yes, to be selective... nostr:npub1m4ny6hjqzepn4rxknuq94c2gpqzr29ufkkw7ttcxyak7v43n6vvsajc2jl has been talking a lot this last couple of days about the problem of blacklisting in general

Avatar
Mike Dilger ☑️ 1y ago

Since you refuse to take my point over and over, I am now muting you. Long ago I nicknamed you "bitchy mleku" and that moniker never failed to represent.

Avatar
Laeserin 1y ago 💬 1

Oh, I wish you wouldn't. I'm learning so much from the discussion.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

it's nothing you can't learn by reading some texts on signals intelligence

and when ego becomes more important than science we have a problem

Avatar
Laeserin 1y ago

I don't look at the bots, but always funny to watch them chit-chat with each other, at the bottom of threads. Bizarre.

Avatar
Laeserin 1y ago

I think his point is that there is too much Illusion of privacy being created, that gives people a false sense of security.

Security will only exist if we use a different method for sharing information.

Avatar
captjack 🏴‍☠️✨💜 1y ago 💬 4

in that way whole nostr is is honeypot for datadigging. its open n everyone see it. free relays are MUST n essential even with AUTH sign with random key.

Avatar
Laeserin 1y ago 💬 2

Everyone needs at least one free one, to start off, otherwise they can't even make a profile event or an introduction note.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago 💬 1

i disagree... first you get the LN address then you subscribe to two paid relays... and then you bitch out the client devs for impeding the growth of the relay service industry

Avatar
Laeserin 1y ago

Or that. 😂

Avatar
captjack 🏴‍☠️✨💜 1y ago 💬 2

nothing of that is needed just use BASIC nostr social without ZAPs except user tech knowledge

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago 💬 1

then you get the honey pot problem

would you think it was a good idea for contactless cards to not have transaction limits when they are so easy to swipe?

same problem with user data, leaving people wide open like this is irresponsible for those who know to allow and condone

Avatar
Laeserin 1y ago

You probably need to have some American servers wide open, for those politically persecuted, elsewhere. Nobody has solved for that use case effectively, yet.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

Sender initiated LN payments can be as anonymous as Tor traffic, and I devised a scheme that uses the preimages to carry session pubkeys.

https://github.com/indra-labs/indranet

It's fairly close to being complete except I think libp2p needs to be replaced with an ad hoc p2p transport built on QUIC with gossip peer advertising like bitcoin's p2p layer

Avatar
captjack 🏴‍☠️✨💜 1y ago

if u stop the Hello DAN note calling it SPAM (best is mute it at end user level such whiteHAT testing notes) then u essentially partly KYC or STOP ALL NPUBS from posting with WoT near 0 and not giving them opportunity to build WoT slowly

Avatar
Laeserin 1y ago 💬 1

It only makes sense to identify something as spam, at the relay level, when it's an obvious pattern. So, one Hello DAN note is not spam, but 20 of them probably is.

Avatar
captjack 🏴‍☠️✨💜 1y ago

correct ! it is perfectly imitating a new user and checking testing OPEN relay and doing us a service

Avatar
Laeserin 1y ago 💬 3

Agree about the WoT problem, as I set it to 2 and had to dig some real npubs back out of the hidden notes. They were just newbies.

Now, I'm opening all the hidden notes, to be sure, so it defeats the purpose, as I'm staring at bot notes all day. 😂

Avatar
Laeserin 1y ago

Lowered it to 1. See if that helps.

Avatar
captjack 🏴‍☠️✨💜 1y ago

best way find new fresh genuine npubs is to browse "global of each relay" and ignore any note NOT suitable to EACH ONE's TASTE n likings - so simple. WoT filter replies from junkies in conver. threads (also nostr global or anythign else similar NOT for Kids without parental guidance.)

Avatar
Laeserin 1y ago

Yeah, but you have to turn the WoT down to -3 or so, to really get everyone in global. Can always turn it back up again, later.

Avatar
Laeserin 1y ago

Global is nothing for ladies, either, to be honest. I usually wait for the guys to find people and then I follow their follows over WoT.

I use them as feed bouncers. 🤭

Avatar
Laeserin 1y ago 💬 6

Is there a technical reason why we can't use a waiting room to loosen the association of IP addresses and npubs? Like, the IP address gets stripped once it arrives at the relay into the waiting room, and the relay processes the events thereafter?

Or is that really stupid??

Avatar
captjack 🏴‍☠️✨💜 1y ago

any server (reverse-proxy, relay, web, ...) will GET exit IP of any host trying to talk. retain or not or handover is policy matter. some countries require by law to keep log for when needed situtation. just like ISP n Telco SIM must do KYC nowadays. only whether relay forward orgin-IP or association IP to others can be addressed as above.

Avatar
Laeserin 1y ago

Well, that would help, at least, as someone could read and write over a particular relay and then only the relay IP addresse would be forwarded.

Avatar
Josua Schmid 1y ago 💬 2

Are you talking about splitting web socket implementation from relay implementation? Subscription handling is quite coupled to an IP now. But indeed an HTTP proxy could just strip the x-forwarded header.

Avatar
captjack 🏴‍☠️✨💜 1y ago 💬 2

that can way to do (until new law arrive )- but 1st relay will always get client exitIP

Avatar
Laeserin 1y ago 💬 1

What if I self-host my relay? Then only I get my IP and can strip the data when forwarding.

Avatar
Hazey 1y ago 💬 1

Yes

Avatar
Laeserin 1y ago

🤔

Avatar
captjack 🏴‍☠️✨💜 1y ago

yes - this is how proxy relays like "bostr" work but other relays logs incoming relays exitIP also.

Avatar
Laeserin 1y ago 💬 10

I'm just always trying to think about how we can construct Nostr to be slightly-more private over HTTP.

Natively, I mean, rather than using VPN or Tor, as most people aren't using them and won't use them.

Avatar
Josua Schmid 1y ago

The idea of gift wraps is nice for DMs. But not suitable for public speak.

Avatar
Josua Schmid 1y ago

A botnet would help.

Avatar
Laeserin 1y ago

You mean, have bots that forward your notes?

Avatar
Josua Schmid 1y ago 💬 1

Public Wifi helps

Avatar
Laeserin 1y ago

True.

Avatar
captjack 🏴‍☠️✨💜 1y ago

sometimes not always

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

micropayments and short lived micro accounts and all relays are pay to write, which is also pay to proxy

the hard problem i bumped into is discovering the network and relays not needing to know what lives at the address the relaying message asks it to be sent to

this is why Tor and IPFS are both limited to around 8k nodes whereas bitcoin has over 20k

Avatar
Josua Schmid 1y ago

Didn‘t I see some nostr people talk about ham radios? They could meshnet and you would only see the exit on IP. But the meshnet routing would be unsolved.

Avatar
Josua Schmid 1y ago

Maybe we should buy an IP mixing satellite relay in space (or the international seas)

Avatar
Josua Schmid 1y ago 💬 2

Can I rent servers for cash or Bitcoin somewhere? Short-timed?

Avatar
captjack 🏴‍☠️✨💜 1y ago

few places can

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago 💬 1

depends on how short timed... month is the minimum for cryptoho.st but they have bitcoinpayserver and you can pay with lightning and they don't require KYC

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

they are based out of suaceva, Romania, i presume that's an industrial suburb area near Cluj Napoca or Sibiu or something (based on what GEOIP shows me on the map)

Avatar
Josua Schmid 1y ago

Final thought: yeah, onion routing

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

The header doesn't matter, unless the proxy is masquerading, which you can't trust, it's the TCP header that unavoidably reveals the source

The only way out is via onion routing

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

Spam

Pseudonymity fixes this problem, as does onion routed AMP LN payments

Something that would offend the monaros too... On chain payments are expensive and slow, and can't carry session keys

Avatar
Mike Dilger ☑️ 1y ago

The problem is that the client doesn't trust the relay. If you are the relay, and you are an evil relay, you probably aren't going to be stripping off any IP addresses. We need a solution that proves to a client that they aren't exposing their IP address to a relay.

But of course the way to do this is to use a VPN or tor.

If tor is totally unusable than we need to make a new tor. That sounds like a huge project, so I'll bow out and leave it to the rest of you.

Avatar
captjack 🏴‍☠️✨💜 1y ago

right way