I don't intend to push every button at once. For right now it's easy IP leaks. That needs to be resolved first. I don't expect it to happen overnight.
This place can mature into a universal standard if we work out all the kinks.
Discussion
Are you talking about IP addresses?
IP address privacy is solved. Use a VPN or use Tor... tails... or qubes. Depending on your threat model.
To do IP you need an address, and that IP address necessarily gets signalled to your IP peer. And if you don't do IP you are not on the Internet.
Nostr clients shouldn't be trying to control every protocol layer. Let the IP layer software handle the IP layer and nostr runs on top of that.
Every few months one of these self proclaimed hacktivists comes to point out nostr shortcomings in some malicious and uncreative way.
So far none of them that I’ve come across has actually pointed out anything useful. This doesn’t seem any different. It’s just a way for them to flex their ego and get some recognition.
Clients should at the very least have a toggle to turn off loading images from people they don’t follow (or their WoT) and many already do. Outside of that, there is nothing broken and nothing to fix.
Not sure why we give these people so much attention…
Nostr is the first thing to teach people how the internet works since MySpace.
I'm not going to pretend that what I did wasn't trivial. It was.
But if this trick is so uncreative and unoriginal, why hasn't this attack vector been resolved yet?
If nobody has a reason to fix this, I'll give them a reason.
What is there to fix in the nostr protocol?
If a particular client is loading images from unknown recipients, that’s an implementation choice. If you have a problem with it or think it should be done differently, you can open an issue in their repo or write a PR and contribute to a solution. Or, of course, you can use a different client or write your own. I fail to see how this is a nostr weakness or how what you’ve done is helpful or creative.
People who are concerned about exposing their IP on the internet should use a VPN or Tor.
nostr:npub1sn0rtcjcf543gj4wsg7fa59s700d5ztys5ctj0g69g2x6802npjqhjjtws (and Iris) client have a default option called 'Image proxy service' which I believe solves the issue, right? nostr:npub1wq6n8skpdtrhw8hmr00kp2za7a8y97zqngq8jq85q2aydp8ejxzq8p7d9k
The real issue is inconsistency. Different clients have different ways of trying to protect you from the same features, all of which are implemented differently.
Also, using an image proxy may protect you from leaking your IP, but as I have mentioned previously, this would now mean that URLs from your end-to-end encrypted messages would be decrypted and sent to the proxy, damaging your privacy in a different way.
Ultimately, my take on Nostr web clients is that if you're using any other browser than Tor Browser, you're doing it wrong.
Sucks but gotta embrace the suck. Part of the process when growing fast. Lots of ideas being tested at once and over time we will see a normalized distribution of features centered around some broad appeal features. It'll come.
Just let the devs cook bro. We are moving faster than we have any right to have expected.