Nostr Web Client

It's about time for the IP reveal spam to come back. People need to get their privacy shit in order.

Big problems I see with #Nostr right now, that are all exploitable:

- Users don't know or understand how absolutely critical it is to protect their private key at all cost.

- Users don't know or understand about managing or self-hosting relays.

- Users don't know or understand what data/metadata their lightning/ecash wallets have, and will provide to anyone who asks.

- Users don't know or understand what data/metadata their relays have, and will provide to anyone who asks.

- Users don't know or understand what data/metadata their image hosting services have, and will provide to anyone who asks.

- Users don't know or understand about using Tor or a VPN to protect their IP address.

- Users don't know or understand which devices/clients will help them prevent any of the aforementioned issues.

Some of this isn't provided publicly, so it may not be possible for the average user to know these things. Also, I absolutely include myself in some of them, so this isn't some holier-than-thou bullshit. I'm just putting it out on the table for visibility.

Reply to this note

Please Login to reply.

Discussion

Crusty 👨‍💻 1y ago

I would be curious about the metadata of ln and ecash wallets

mrecheese 🧀 1y ago

Corny Chat will have an AMA with Alby at 19:00 GMT today, the 23rd. You could ask there. I know running LNBits as a custodian for people on my node is very revealing.

Crusty 👨‍💻 1y ago

Hmmm, that is an interesting experience.

Have you learned something already worth summarizing in 3 points?

mrecheese 🧀 1y ago

Not sure if this is what you mean, but:

I can give and take away sats at will.

I can see where and when sats move.

Sats in the user wallets are in one pool on my node and I can use or leverage them as I wish.

Crusty 👨‍💻 1y ago

That is simply describing custodial wallets, or? Or you mean, that it is not taken as serious as it is?

mrecheese 🧀 1y ago

I guess there's some realization of the depth of it when you run your own. Same goes for AI.

Crusty 👨‍💻 1y ago

Hmmm, I think this is a really important lesson generally.

And this is why, we generally tend to learn from lessons we face ourselves, and not heard from others.

And also why privacy in general is a neglected thing.

The Pentographer 1y ago

Yeah I have almost no knowledge on any of this.

Anybody offering consulting on these topics would be well received by myself and surely others.

mrecheese 🧀 1y ago

I'm always willing to jump in SimpleX or Corny Chat for this. I can at least share what I've learned so far.

bevo 1y ago

Constant battle. Need to touch some facet of your opsec regularly. I have much to learn also

mrecheese 🧀 1y ago

Constant battle is right. Every time I stand still on it, it runs off and leaves me. Things evolve really fast.

The Bitcoin Chef 1y ago

Is there an equivalent seed phrase for the nostr private key. If so will make it much easier to store the password

mrecheese 🧀 1y ago

I've seen this mentioned, but I don't know that anyone has implemented it.

Yojimble 1y ago

Yes there's a nip for that 😉

Alby extension https://guides.getalby.com/user-guide/v/alby-account-and-browser-extension/alby-browser-extension/features/master-key

BorderWallets https://mtc.substack.com/p/how-to-create-a-memorable-nostr-private

https://nip06.jaonoctus.dev/

Yojimble 1y ago

But sadly it needs to be done first, cannot create a seed phrase for existing npub

The Bitcoin Chef 1y ago

I see. I guess when you consider how new nostr is, its probably similar to early Bitcoin and things just aren't built out yet.

so to get a seed phrase for my private key I would need to create a new profile? hmm.

Yojimble 1y ago

Sometimes it feels like trying to drive a car while there's mechanics still fitting things like seatbelts and window winders!

Judge Hardcase 1y ago

Great list! As for the first one, is it even possible to use Nostr and protect your key as securely as you would your Bitcoin keys? I'm certainly not putting any Bitcoin keys that I care about into a browser extension, for example. Until there is a widely implemented standard for doing so, my working assumption is that my nsec has already been compromised, and my Nostr experience as a whole is merely experimental.

mrecheese 🧀 1y ago

You can generate them offline and only use a signing app. I think that's about as secure as it gets. But yeah, I think at some point we should consider these compromised.

The Beave 1y ago

More people beg to learn more stuff. I am one of these people.

nostr:nevent1qqsymrq3z9k3peaa47kuz57dmu3x9pcdq6shvwv74uy5kfnuswmd78gpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygxc7w9cjj6z7uqgxpwwhutmfzf9v48j9vvqckrphqg5r7qveaegfqpsgqqqqqqsfu4j58

u32Luke 1y ago

#Reticulum can help mitigate much of this. I wish more devs would take a look at it

mrecheese 🧀 1y ago

Pretty sure I saw nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpr9mhxue69uhhqatjv9mxjerp9ehx7um5wghxcctwvsq3samnwvaz7tmjv4kxz7fwdehhxarjd93kztnrdaksz9thwden5te0wfjkccte9ekk7um5wgh8qatz7tvu4p was playing with it. You're right, though. It would be really cool to see it widespread.

DETERMINISTIC OPTIMISM 🌞 1y ago

Look for the bitcoin.review releases on NomadNet RNS 🫡