Relay operators, please provide a privacy policy and terms of use on your website. Otherwise, we will assume you are tracking everyone and selling our data as a product for profit.
Time to show us who you are and what you stand for.
Discussion
π
Is this really an expectation? Iβm just a noob who barely knew how to put a relays together.
My terms and conditions: treat my relay as a cardboard box π¦
Itβs holding your notes for now. π
Are you deleting stuff? Do you delete CSAM? Are you saving logs of what each pubkey is querying and receiving from your relay? Are you building interest lists per pubkey?
I literally donβt know how to do any of this. π
Itβs an Aegis relay with a paywall. So everything in is relatively clean.
I've thought for a while we need a NIP for specifying censorship levels. I think, strategically, it should be a few simple "main" tags -
0. Nothing filtered
1. Spam filtered
2. Protocol strict (requirements like NIP-13 PoW levels, or proper adherence to other NIPs)
3. Content filtered (CSAM removal, etc.)
4. Npubs banned for permanent or extended periods
5. Users perma-banned (trying to match npubs to user identities and stop them from coming back on a new npub)
When the "content filtering" or ban tags are used, secondary tags could be added to specify the details.
Aside from relay operators self-reporting, users could also use these tags to report observed relay behavior.
The strategic element is that when it's configured this way, any relay that accepts takedown orders from the authorities is automatically at one of the highest levels of restriction, and any relay that accepts orders to ban people is at the highest level of restriction, period. The authorities would look silly for telling citizens they're never allowed to venture into relays tagged 0-2, and π²π ππΏπ²πΊπ²πΉπ silly for telling citizens they're never allowed to venture into relays tagged 3 or 4.
Typo: tags could be comingled, so the authorities would only be against tag 3 without tag 5.
There is no need for nips and the amount of diversity among relays is soo big that it will be hard to standardize. They just need to describe in text what their position is. This is not hard.
You're wrong, this is hard, especially when nostr becomes P2P in the future. The network and its users will need to be able to identify node behavior, and the strategic factors I explained will be very important. The question isn't whether we'll ever have a NIP for this, the question is whether we will use a system like I suggested to properly addresses the issue
And who will check ?
If i have a relay to feed my AI, i want maximum notes to feed it.
I will say i am an angel, to everyone publicly to have the most message on my relay.
Who will check that really ? and how ?
It is really nice to have this subject, and having different point of view.
For me if you add this feature (text or code), it will have to be useful and trustable or it will be useless and will not avoid bad relay to lie.
thank you for this thread with nostr:nprofile1qy88wumn8ghj7mn0wvhxcmmv9uq3jamnwvaz7tmswfjk66t4d5h8qunfd4skctnwv46z7qpqwamvxt2tr50ghu4fdw47ksadnt0p277nv0vfhplmv0n0z3243zyqxuh5sg
Does it really matter if I don't sell user data? It's a public relay, anyone can scrape and sell the data. Just because the operator doesn't sell it doesn't mean it's not being sold.
Yes. Are you, the relay operators, deleting stuff? Which ones? Where is the line? Do you delete CSAM? Are you saving logs of what each pubkey is querying and receiving from your relay? Are you building interest lists per pubkey? Etc etc.
You think it matters if relay operators build interest lists per pubkey, as anyone can do with the data on the relays like the guy you're replying to said
But you told me we'll never need a NIP for addressing the first question: "are you deleting stuff"
I see how you think this way, but refactor it a bit?
The standardization is not needed, neither with interest lists, nor with deleting practices.
How do you expect a P2P network to handle this stuff without it being standardized?
Do you think everyone will just become tech nerds that study the details of how their apps work and naturally migrate away from apps that are damaging the network? Because, no
Choose relays like you choose keys to follow. Don't just randomly choose them and accept what other tell you. Each operator has a completely different view of another. They are just people in the end. You cant standardize people.
You say "don't just randomly choose"
People will naturally choose what the authorities market the hardest, even worse than random choice
And you're expecting them to do better than random choice without a system to help with it. You're wrong
People will naturally gravitate to a small number of apps based on what other people are using and if those apps aren't standardized to report on each other's behavior, they'll barely notice when those apps start sabotaging the network
If more nodes are suddenly becoming what would be tags 3 and 5, but there's no tagging system to automatically stop relying on those nodes, π€π§ ππ© π‘πππ¨π© π©π€ πππ‘π₯ π©ππ πͺπ¨ππ§ π’ππ£πππ π©πππ©, then people won't even notice someone's posts being filtered until it's been months since they heard from that person.
This is like how on the current version of nostr, there's no P2P data integrity verification, so people don't even notice someone's posts being filtered until it's been a long time since they heard from that person.
Network nodes aren't just people
If they delegate their choice to the authorities, they are going to be slaves forever.
Regardless of how much the protocol tries to protect them.
You don't need nostr to be a sheep. And nostr can't block you from being a sheep.
Being proactive makes a difference
If the first nostr app with P2P data integrity verification ALSO has this system for users to see reports of what censorship level each relay is at, we create natural momentum towards people thinking it's silly to never venture outside tag 3+5 relays
If the first app like that has no solution to this problem, there's natural gravity pulling people to split off into a bunch of echo chamber cults that attack members for venturing outside their chosen bubbles
Seems a little sensationalized, tbh. Relays can be scraped without content, so I donβt what difference does it make?
Some relays can literally sell information like when you are connected, from which IPs and thus locations, what searches do you make and which posts are you looking at in real time. Lots of companies buy that information.
What I wrote didnβt make sense but it seems like you got what I was trying to say.
Fair point regarding the scope of information they have, and yeah, I can see some concern down the line.
I have to think through it some more and keeping an open mind, but the way Iβm seeing it right now is if youβre using a public relay that you arenβt paying for then yeah, youβd run that risk. If itβs a paid relay and part of their ToS is not selling your information, then thatβs the safer route for the end user.
Though I think for notes to proliferate youβd inevitably have to connect to at least 1 or more public relays that public goods.
You're absolutely right. I had not considered all the data
My privacy policy is I dont do shit with your data, that's more trouble than it's worth π
But now I have another thing to add to grain! It's a great idea to have a standard PP/ToS in the repo that displays on the frontend footer and can be changed by the operator.
It it true but relay have more datas about client (ip, browser, app...), thisi s not yet a public data here.
But you are true we all publish things that can be scrap by anyone.
And it is easier for "fake or bad" relay to use/sell/exploit it
Ah true. I didn't consider the data a relay operator may have that's not just nostr events.
And so the fiat capture begins
I will still assume they're doing it. A privacy policy and terms of service on the website won't actually stop relays from tracking us and selling our data, but I commend you making them accountable, with statements on the line βοΈ
I work for the KGB and regularly hand over printouts of every AI-generated Bitcoin meme I spot on Nostr to my superiors.
π€£
My neighbor works for D.I.V.A. ( Departament of investigation of Life of Anyone ) Every street of earth have an office of D.I.V.A.
Do you buy a new car ? Painted your house ? Your daughter have a new boy friend ? DIVA talks to everybody in social networks FREE ! Beware of D.I.V.A.
I sell to a mixture of kgb raf cia interpol mi6 fbi and gfy
!!!! π―We need one Npub to track them and their new implementations , something like Relay News
Yep, and anyone can build it
It's always been there. In our NIP-11 documents, completely clear for users. :salute: :love:
Put on the website. Users don't see NIP-11 documents.
Of course this is there as well. :zap:
It's available an noticed on relay subscription page: https://jellyfish.land/relay
The direct link: https://jellyfish.land/tos.txt (The one mentioned on NIP-11 docs)
If you have any suggestions to put it somewhere better, we are open to suggestions. :innocent:
This is great. Simple and efficient. I would just design it better to make sure people read it. Presenting the rules in a preemptive way can be a source of trust for your business.
Thanks a lot! :salute:
Of course. We will keep your suggestion and we may go for a infographic like page to present tos ans privacy policy for everyone to have a quick and complete lookup. :eyes:
We need a solution for a better proof, or?
No need for proof. The free market will take care of that part. Once commitments have been made, we can all verify it.
Only later or?
The Jellyfish relay service is completely transparent and we provide clear tos and privacy policy on our NIP-11 for users. :rocketship:
It's important to know how the relay you are connecting to works in detail. It's important for relays to respect deletions, vanish requests and protected events! :eyes:
Be careful about where you publish your events and ask your friends to find you there. :100percent:
π€
This problem persists if we connect on relays that support Tor?
Yep. Relays know everything about what you are asking and what they are returning, regardless of how many tors for vpns you use.
Correct me if I'm wrong, but doesn't the use of a proxy provide some anonymity? Sure, relays can see everything associated to an IP, but unless the client does something to identify itself (like signing an event, AUTH, etc...), it's just data in aggregate. Can't associate it to a specific npub.
They still need to see your query and will always know which events to send back. From those things, it's very easy to figure out which key you are using.
Makes sense. Would it be technically possible for a more privacy-focused client to seed queries with a few random requests? For example, add a few random npubs to a follow list query. The client then discards the random data received before serving the followed feed to the user. This might be analogues to padding techniques used in VPN protocols to evade DPI.
Only if we find a way to encode the filter amin some homomorphic encryption... π€
I will not. You can't tell me what to do.
Any relay implementations that can provably reduce what the operator sees from incoming connections and requests?
Impossible. The relay (and any server) needs to know what you want to see.
I see how publishing would expose who is using a relay, but for reads maybe you could do some kind of blinded tokens?
Or are you talking about nostr events in general, just chillin on a db and potentially being monetized?
The operator's should run relays ike their shot callers on a prison yard ...
nostr:npub1uac67zc9er54ln0kl6e4qp2y6ta3enfcg7ywnayshvlw9r5w6ehsqq99rx does ToS and PP belong in NIP-11?
Probably. Someone should PR NIP-11, would propagate changes faster than a note
Though having on the webpage is better. Users rarely see the NIP-11 when browsing for a relay.
Clients could expose the TOS and PP via NIP-11, which is how users could see it.
The only private data relays should have in my opinion is what and when I'm querying. All I'm sending to the relay I want to be broadcast to the world. They should politely not log my IP but then again, it's my responsibility not to show it to them.
Any protocol that relies on relays keeping secrets in my eyes is flawed as the relay operator that leaks information will always have a financial edge over those that don't, either because he's directly getting paid to leak or because he invests less in not getting hacked.
No
?cid=6c09b952pm2v4cav66h2mw4cijf926j25g6qxc19ck7dt645&ep=v1_internal_gif_by_id&rid=giphy.gif&ct=g
Agreed. We need a way to see relay configs easily, too. Does this exist?
Dear Vitor
Why not create a cripto note for my private groups ? Hidden the cryptonote is the mission of the relays, for best visualization of the threads. The task of create a top secret note is of clients!
Why wait for ?
Do not ask !
Just do it !
Its generally unprovable and you're better off just assuming hostiliy from the network participants and act accordingly
A news and a kind of usage i was thinking about.
You think they will care about policies and claims ?
nevent1qvzqqqqqqypzpml96ysd7rxzjra8fpe8ldz6cjru4tf5d48j9yatq60g7q0u2xvpqy88wumn8ghj7mn0wvhxcmmv9uq36amnwvaz7tmwdaehgu3wvf5hgcm0d9hx2u3wwdhkx6tpdshszyrhwden5te0dehhxarj9ekk7mf0qqspa76sg505t5ma9vlxyvxvc6yyxrr68dnc00ykgm4lh6g33hgdyzgu2v2g3
Nobody cares about policies and claims until shit hits the fan. Then everybody learns and become extremely affraid of what can happen to them when they don't follow the rules.
exclude bad relays that are not doing what they claim ?
don't misunderstand me i am not saying policies are not good idea.
i am saying how useful it can be if relay claim fake policies and do the opposite.
without being able to verify and no consequence if it is fake.
In a "perfect" trust world it is fine, but in this growing decentralized web of trust it is a little more harder.