I'm with Kieran and Karnage. Honestly I wish Amethyst could do this too, favor the languages I set it to. As much as the data hungy companies abuse metadata like this, any website theoretically has my languages(s) in order to serve me content I can comprehend. If I semi trust the provider it might be a very useful tool.
Nostr clients are using your IP geolocation and/or checking your browser language – to automaticly show notes from other users who also share the same country as you.
This leaks information about the user location/country, and is major concern for privacy reasons.
Not sure if every client is doing this, #Snort #Iris are clearly doing it, especially noticeable when not logged in. When logged in there is no option to disable this behavoiour and seems to be enabled by default.
nostr:npub1r0rs5q2gk0e3dk3nlc7gnu378ec6cnlenqp8a3cjhyzu6f8k5sgs4sq9ac nostr:npub1v0lxxxxutpvrelsksy8cdhgfux9l6a42hsj2qzquu2zk7vc9qnkszrqj49 nostr:npub1g53mukxnjkcmr94fhryzkqutdz2ukq4ks0gvy5af25rgmwsl4ngq43drvk can any of you explain what's going on?
#nostr #privacy #opsec
Discussion
You didn't quite get what I was trying to say or I explained it poorly. It's probably the latter.
The problem isn't about the client knowing your location or language. Instead, it's about the other users knowing that information about you.
If you have your browser set to French and the #nostr client uses that information to automatically share your notes with other French users, this reveals your language and country to those users, even if your notes are in English.
It's a #privacy hole that could be exploited by an attacker to help deanonymize the country/language a specific user if they have this knowledge and are willing to put in the effort.
That's not how it works, if you're talking about which relays you're posting to, then that's in your own control.
Ah sorry misunderstood. I assumed it was the website filtering it for you (people who have clients/browsers set to English are shown posts that contain English words).
If the web clients are in some way sharing that with others directly/indirectly then that's more data that could be exploited and I see where you were coming from