Coracle promo video lost me at "no-stir" is private. It's not. That's misleading.
#cybersecgirl
Discussion
I'm not sure what the relevance of the quoted note is, but closed groups are private (not an amazing encryption scheme but still)
Remember the IP bot? The DM bot? Amethyst git says it well:
Relays know your IP address, your name, your location (guessed from IP), your pub key, all your contacts, and other relays, and can read every action you do (post, like, boost, quote, report, etc) except for Private Zaps and Private DMs. While the content of direct messages (DMs) is only visible to you and your DM counterparty, everyone can see when you and your counterparty DM each other.
If you want to improve your privacy, consider utilizing a service that masks your IP address (e.g. a VPN or Tor) from trackers online.
The relay also learns which public keys you are requesting, meaning your public key will be tied to your IP address.
Information shared on Nostr can be re-broadcasted to other servers and should be assumed permanent for privacy purposes. There is no way to guarantee the deletion of any content once posted.
What about the people who say that you should run tor and VPN at the same time? Sounds dumb
For most people it's better to leave your always on VPN than expose your IP when connecting and disconnecting to Tor. But Tor over VPN is not the same as VPN over Tor, which can easily be a shitshow for functionality and privacy if not configured correctly. A solid home network has an always on VPN, even when connected to Tor. Though your VPN will know your IP, soit depends on your threat model. If all you do is over Tor, then a VPN is not necessary, but that's not the case with most threat models.
Seems like the simplest secure setup for the average person is an always-on VPN, and using Tor (browser/proxy) for more sensitive activity - managing your stack/wallet software, etc.
Right?
You got it. Though I am a fan of using Tor whenever I can. I use Proton over Tor, buy and top-up my silent.link sims over Tor etc. Tor provides anonymity by blending in with the crowd, so the more people who use it on the daily, the better the anonymity.
Everyone should run a home snowflake proxy ❄️
đź’Ż At the very least.
So this one has me a little more hesitant. I’m comfortable being another anonymous face in the crowd, to help other users be more private. And with the preface that “legal” and “moral” aren’t the same, and many countries outlaw things that I think they shouldn’t, we also know that some people use Tor for illegal *and* evil stuff. My concern with running a proxy or a tor node is that if these users’ traffic is being routed through my device, then (legal or not) I would feel complicit in their activity, to an extent, and that gives me chills (the bad kind).
Being a face in the crowd still indirectly provides greater privacy for “bad” criminals, but it’s different than actually creating a road through which they can drive, so to speak.
Note, I’m not trying to make the case that you (or others) shouldn’t run the node. If anything, I’m hoping you’ll reply that it doesn’t actually work that way, and my concerns are allayed.
Alternatively I guess one could argue that unless “good” citizens take on the burden of defending everyone’s privacy by running this software, then nobody is going to have access to these tools to fight oppression…
Is that the argument, actually? That it must be done: we must deal with the discomfort of some of the heinous shit that happens on the dark web, even if it occasionally runs through your own hardware, because it means that freedom fighters globally can retain the means to communicate and liberate their societies?
Just puzzling through it all. Interested in your perspectives 🤝
Yes bad people do bad things and they often use tools that journalists, activists, and people that just want privacy use.
The technology already exists, will continue to exist, and new technologies will continue to be introduced. There is no way to stop it and there is no way to put any sort of “safety” back stops to only stop the bad people because it would be used by every authoritarian government and not so authoritarian government to stop and arrest any kind of threat to their goals.
So based upon that premise there are only two ways to go:
Complete ban and make illegal any sort of privacy tech, encryption, tor, VPN, P2P network as well as any anti surveillance laws. We have to watch everyone all the time or else the bad people can slip through. No other choice.
Or,
We support freedom and privacy technology through our vocal support, development and infrastructure support, and actually using the technology to provide cover for people who might need it more than ourselves. Journalists can use it to publish unpopular opinions or exposing powerful interests. Activists can use it to fight for oppressed and marginalized people. I can use it just because I am paranoid and prefer not being watched or have views and opinions that might impact my ability to support my family. And yes bad people can use it to do bad things but at least acknowledge that they are a small percentage of users and law enforcement can still do their job even if this makes it a little harder.
I nostr with Gossip over Tor on Qubes via the Whonix integration on desktop etc etc.
Sounds a bit more secure than using Tor browser on a MacBook, and proxy-ing in from Sparrow wallet lol
Definitely - I’ve been trying to use Tor for more daily activities. Protonmail for sure, but also like journalism/news sites - precisely to just exist on the network and improve the privacy set for people who need Tor for their personal safety, free speech, etc.
Sure, well, it depends on what you mean by privacy. Private groups are one thing, IP leaks are another. I've tried to advertise encrypted groups as "closed" so people don't get a false sense of security. I've also written articles like this one:
nostr:naddr1qvzqqqr4gupzp978pfzrv6n9xhq5tvenl9e74pklmskh4xw6vxxyp3j8qkke3cezqqxnzd3cxuurqv3sxqmrxwfcruzat4
I did not understand.
Not about you. The Corace promo video says nostr is private. Nostr isn't private. That's misleading.
Amethyst github says it well and saves me some typing :)
"Relays know your IP address, your name, your location (guessed from IP), your pub key, all your contacts, and other relays, and can read every action you do (post, like, boost, quote, report, etc) except for Private Zaps and Private DMs. While the content of direct messages (DMs) is only visible to you and your DM counterparty, everyone can see when you and your counterparty DM each other.
If you want to improve your privacy, consider utilizing a service that masks your IP address (e.g. a VPN or Tor) from trackers online.
The relay also learns which public keys you are requesting, meaning your public key will be tied to your IP address.
Information shared on Nostr can be re-broadcasted to other servers and should be assumed permanent for privacy purposes. There is no way to guarantee the deletion of any content once posted."
I was always aware of this, I didn't understand what it was about with my invitation to the #Art group, which by the way isn't even private đź¤
NOTHING to do with you, my friend. I followed your link to the video :) You are amazing and I'm sure Coracle is a cool place to have an art group. It's when people say Nostr is private that I take issue. It sets unrealistic expectations. The Nostr protocol is not private by default. The same OPSEC applies here as it does to anywhere else on the web. Decentralized, yes. Free speech, yes. Awesome, yes. Private, no.