Replying to Avatar Crusty 👨‍💻

nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z could you weigh in please?

Avatar
Vitor Pamplona 1y ago

Yep, our push server knows which keys are in which device ids if you activated Push Notifications. But that into is not public, only the push server sees it. Device IDs are random numbers, so they don't expose any other info about you.

But if you are concerned about that, you should know that if you use multiple keys in the same device, relays and image servers, including proxies, can also see which keys are together by just logging where requests are coming from. They can do that roughly well even through Tor.

VPNs can muddle this info, but the VPN server itself will also know that info (and much more).

Happy to code schemes that obfuscate that info, but to the best of my knowledge, Signal, SimpleX servers also know the same info based on Device IDs/IP info.

Reply to this note

Please Login to reply.

Discussion

Avatar
Crusty 👨‍💻 1y ago

Thanks for the detailed info Vitor! 💜

I guess if it is collected, it could be disclosed. As with many other services of course.

I assumed the same with relays, and hosting servers as well. Almost the whole internet can collect data about you.

Are VPNs are better over Tor, because more people use the same VPN server/IP therefore who connects IP with user data have too many options to connect? But ad you said, VPN providers can remove that ambiguity definitely.

I guess VPN over Tor could give us the benefit of VPN and benefit of VPN provider knows less. What do you think? Of course the more indirection you have, the slower it will be. Alternative cost.

Is the data still sent to firebase if the user turns of notifications?

Avatar
Vitor Pamplona 1y ago

The Play edition uses firebase, the FDroid edition uses UnifiedPush with your server of preference. The notifications themselves are giftwrapped, so neither Google, nor your UnifiedPush server can see anything, not even your public key.

VPN + Tor, just hides the traffic from your ISP. To relays and others, the Tor exit node is still the same for both accounts. So they can reasonably see which accounts go together if they track you over time.

If apps have Tor internally, they can choose different Tor sessions per account and even per nostrs filter. It's a lot of work to make it work, but possible.

Avatar
Flinders Petrie 1y ago

Well the detailed info has either been deleted or whatever as I cannot see it, there is a missing message before your answer