Replying to Avatar HoloKat

Curious what nostr:npub1acg6thl5psv62405rljzkj8spesceyfz2c32udakc2ak0dmvfeyse9p35c thinks 🤔

72
nobody 2y ago

I wonder what most people’s minds would do if they ran netstat on their home computer, sitting at an idle. I ran pihole at one point and blocked over 100k random connections going out of my home in one week, and those were just the ones it caught.

As for IP addresses being PII under GDPR - I literally have nothing nice to say about that piece of legislation. I would literally rather geoblock the entirety of Europe than deal with their incompetent attempts to legislate technology into the ground.

I’m not willing to live my life at that level of paranoia. Nostr clients deserialize JSON objects into POD data types. There is a minimal attack surface. If you’re worried about IP address exposure - run a friggin VPN. Almost every Nostr client loads images and videos by *default* exposing your IP address to a random collection of servers - often run by companies with spotty privacy records, like google - even if you run a locked down list of relays.

IP addresses may be PII to a government or a big corporation, but the idea that they are *private* is laughable. It is by its very nature exposed to everything you do online. If nostr clients were executing code downloaded from relays, I would begin to worry. Web clients - especially ones that allow content embedding - are the most likely attack vector, not the relay itself.

My relay keeps no persistent IP logs, as disclosed in my terms of service here: https://github.com/TheSameCat2/thesamecat-relay-tos but even if a relay does, if your threat model indicates that IP address retention is a problem for you, that should have been mitigated on your end long before you got on Nostr.

I’m sorry if this comes off hot, but I keep hearing the same things harped on over and over again, like we need to plug a pinhole in the bottom of a ship that’s had a hole blown in it. When nostr decides culturally that they’re going to take blocking Google, Imgur, Spotify, et al. from collecting our IP addresses seriously, I’ll be concerned about my IP address being leaked to some relay operator.

Reply to this note

Please Login to reply.

Discussion

72
nobody 2y ago

I should point out that afaik Snort and Nostrudel have done the most to mitigate IP leakage through 3rd party links and hosting, with nostrudel in the lead offering the ability to not just imgproxy images, but also convert twitter and YouTube links to nitter, invidious, etc.

Avatar
HoloKat 2y ago

🫡

72
nobody 2y ago

Sorry for ranting on your thread fellow cat. 😖

Avatar
HoloKat 2y ago

No need for apologies 🫡

Avatar
Viktor Vsk 2y ago

Regarding GDPR I would say its far from perfect obviously because the topic is complex. But do you want to say its a bad thing govt make corporations put users in control of their data? Is it a bad think I can request all my data from Facebook they have on me? Is it bad they have to put efforts to control this data not be breached?

Regarding everything else regarding IP sorry I’m not following clearly - this is my exact concern that my IP and other sensitive information could get to ANYONE just because I open a nostr client. And yes I’m much less concerned about Google knowing a lot about me than my neighbors or boss

Anyway, there are decades of software development and web software development and they have basic things in common. And all we discuss here assumes that nostr is so special that we should avoid all that experience