Subnostr

A thought that occurs to me - should journalists encourage the use of one-time nsec/npub pairs to be sources through Nostr?

Generally speaking, any way to contact a journalist usually involves email/phone numbers and is an announced channel (meaning intelligence agencies will also be able to find those channels). In China, Signal has had a fake app placed (https://www.forbes.com/sites/thomasbrewster/2023/08/30/malicious-signal-app-planted-on-google-play-by-china-linked-cyber-spies/) to trick people and in the past, I remember that some sources went dark because they had to download Signal to communicate with journalists, and the Great Firewall does pick up if you're trying to download Signal, which can be a crime in of itself.

I want to hear as many downsides to this as possible, especially on the encryption/privacy front.

. 1y ago

nostr isn't private but throwaway key pairs can be useful. Like most things on the internet your ip is leaked if not using vpn or tor/orbot. If using a smartphone, the phone is most likely linked to an individual who bought it, pings cell towers, had telemetry and all that bullshit. If a source wants to be private they have to do a lot of work ahead of time and then burn it all.

Buy an unlocked pixel with cash, buy a used laptop and flash it with linux, use tor browser, buy vpn with lightning, go to a coffee shop away from your house and flash phone with graphene, only turn it on and off at the shop, put it in airplane mode. Don't connect it to home wifi and use simplex for comms.

talking in person on a hike in the forest sounds like proper opsec these days

Reply to this note

Please Login to reply.

Discussion

Roger H 1y ago

Yeah, I suspect in this case because Nostr traffic looks like web traffic that it might be private enough. Tor is blocked/banned within China. But you can access a desktop with a VPN or multiple ways. Makes me think there's room to make this a utility.

Yes, I feel like being OPSEC 100% these days is a pager-like setup that gets you physical meets without devices.

. 1y ago

nostr is very useful in that you can create an account with no information

if you share a random nsec with a source then they could log in with it and communicate back and forth with by dm the same nsec

or create a draft note in Amethyst and communicate back and forth in the note draft then delete the draft

in this manner there would only be 1 nsec in play communicating with itself

Roger H 1y ago

This is a super interesting thought!

. 1y ago

Not all features are explicit