I should point out that afaik Snort and Nostrudel have done the most to mitigate IP leakage through 3rd party links and hosting, with nostrudel in the lead offering the ability to not just imgproxy images, but also convert twitter and YouTube links to nitter, invidious, etc.
I wonder what most people’s minds would do if they ran netstat on their home computer, sitting at an idle. I ran pihole at one point and blocked over 100k random connections going out of my home in one week, and those were just the ones it caught.
As for IP addresses being PII under GDPR - I literally have nothing nice to say about that piece of legislation. I would literally rather geoblock the entirety of Europe than deal with their incompetent attempts to legislate technology into the ground.
I’m not willing to live my life at that level of paranoia. Nostr clients deserialize JSON objects into POD data types. There is a minimal attack surface. If you’re worried about IP address exposure - run a friggin VPN. Almost every Nostr client loads images and videos by *default* exposing your IP address to a random collection of servers - often run by companies with spotty privacy records, like google - even if you run a locked down list of relays.
IP addresses may be PII to a government or a big corporation, but the idea that they are *private* is laughable. It is by its very nature exposed to everything you do online. If nostr clients were executing code downloaded from relays, I would begin to worry. Web clients - especially ones that allow content embedding - are the most likely attack vector, not the relay itself.
My relay keeps no persistent IP logs, as disclosed in my terms of service here: https://github.com/TheSameCat2/thesamecat-relay-tos but even if a relay does, if your threat model indicates that IP address retention is a problem for you, that should have been mitigated on your end long before you got on Nostr.
I’m sorry if this comes off hot, but I keep hearing the same things harped on over and over again, like we need to plug a pinhole in the bottom of a ship that’s had a hole blown in it. When nostr decides culturally that they’re going to take blocking Google, Imgur, Spotify, et al. from collecting our IP addresses seriously, I’ll be concerned about my IP address being leaked to some relay operator.
