Isn't #Amethyst collecting per-device ids with pubkeys allow amethyst to create connections between npubs so decreasing privacy?
Sounds so easy to do something small to break your #privacy and you only need to do that once.
#asknostr #nostr
Discussion
ScheiΓe
I guess if this is a stable id.
It can be used several ways.
If you created multiple accounts on amethyst, then those accounts could be connected to 1 user, so all different npub info decreases your anonymity set.
Also the connections of all accounts (social network) could be merged for those accounts, for all amethyst user's, then voilΓ‘ a nice social graph.
I mean they only need the device id - npub, the rest is public information.
But nostr is anyway not privacy focused, so you accept this fact when you use it anyway.
nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z could you weigh in please?
Yep, our push server knows which keys are in which device ids if you activated Push Notifications. But that into is not public, only the push server sees it. Device IDs are random numbers, so they don't expose any other info about you.
But if you are concerned about that, you should know that if you use multiple keys in the same device, relays and image servers, including proxies, can also see which keys are together by just logging where requests are coming from. They can do that roughly well even through Tor.
VPNs can muddle this info, but the VPN server itself will also know that info (and much more).
Happy to code schemes that obfuscate that info, but to the best of my knowledge, Signal, SimpleX servers also know the same info based on Device IDs/IP info.
Thanks for the detailed info Vitor! π
I guess if it is collected, it could be disclosed. As with many other services of course.
I assumed the same with relays, and hosting servers as well. Almost the whole internet can collect data about you.
Are VPNs are better over Tor, because more people use the same VPN server/IP therefore who connects IP with user data have too many options to connect? But ad you said, VPN providers can remove that ambiguity definitely.
I guess VPN over Tor could give us the benefit of VPN and benefit of VPN provider knows less. What do you think? Of course the more indirection you have, the slower it will be. Alternative cost.
Is the data still sent to firebase if the user turns of notifications?
The Play edition uses firebase, the FDroid edition uses UnifiedPush with your server of preference. The notifications themselves are giftwrapped, so neither Google, nor your UnifiedPush server can see anything, not even your public key.
VPN + Tor, just hides the traffic from your ISP. To relays and others, the Tor exit node is still the same for both accounts. So they can reasonably see which accounts go together if they track you over time.
If apps have Tor internally, they can choose different Tor sessions per account and even per nostrs filter. It's a lot of work to make it work, but possible.
Well the detailed info has either been deleted or whatever as I cannot see it, there is a missing message before your answer
Nostr is not a privacy tool, in fact, it's the opposite, It lets you be yourself without worrying about censorship
I think what happened in the last couple of weeks with privacy preserving tool companies can shed a light on the importance of privacy. Maybe not only censorship is something you need to care about. Maybe it is. π€
That's probably true. π€