same top 20 relays inspite 800 more relays choosing
Discussion
I know.
Even the people I have offered the free use of my relay to, usually refuse to use it. There could be hundreds of people on there, but there aren't. They're all on Primal, LOL, or Damus.
A relay for all who like to visit the forest.
- liked and subscribed
Added you and broadcasted. Seems to be writing.
they aren't using outbox model clients, obviously, whenever my relay is running and the whitelist is not enabled to filter only my traffic i get queries from other addresses from time to time, often when i'm in the midst of engaging
Some of them have mailboxes, but the people don't use them.
They stick to the application or hard-coded relays and leave the mailbox relays empty.
yeah, nostrudel doesn't set these automatically... i haven't found gossip pleasant enough to use to know anything about how it does things but i remember previously it was quite aggressive about sending replies to relays related to users relay lists before outbox became a big thing
depends on the client they are using at the time and if they added the relay to it... i think gossip just uses people's published outboxes, mine lists my relay, and if that is the case then they publish to my relay
i think at the same time if they don't set them in the client like in nostrudel, it won't automatically do it, this is a key distinction between nostr:npub1acg6thl5psv62405rljzkj8spesceyfz2c32udakc2ak0dmvfeyse9p35c gossip and nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr nostrudel implementations of outbox model
i assume that probably gossip has now got some kind of rudimentary configuration to choose not to always use published inboxes to send replies/DMs to but who knows... it seems to me like this could be something useful to add to clients - as part of the ASD - which of your follows you want to inbox and whether or not you want to inbox randos
there's a lot of security matters to be thought about when it comes to clients presuming to make connections and leak timing information to other parties, it probably is going to take a while to hash out the best practises and minimal user friction that provides best possible security automatically, and probably MANY more arguments about the pros and cons of specific ways of donig it haha
Gossip asks users if they want to use a new relay that they haven't already decided about, for connection, and separate if they want to auth to it. But these features are off by default since most users find them annoying.
I have them on for myself. I only AUTH to relays I know and trust.
yet you give them your IP address implicitly, is this not a bit funny?
no and no
no you don't give your IP to who you send requests to? are you trying to jest?
no, it's not a bit funny that you are bothered by people expecting you to sign events that they ask you to sign to authenticate to them?
have you actually thought this through?
have you considered that the user could decline to identify and auth with one shot keys?
auth doesn't stop spam
it enables THE PEOPLE RUNNING THE SERVER to allow IN who they allow, for whatever reason
i really don't think you have thought about this
you make me sad, mike, and kinda make me wish i could punch you in the face for being so obtuse and stupid
I repeat: Gossip asks users if they want to use a new relay that they haven't already decided about, for connection, and separate if they want to auth to it. But these features are off by default since most users find them annoying.
If users want privacy, they can enable this feature and then when the 'gossip model' wants to connect to a new relay they don't trust, the user gets a prompt and can say "NO". Then that relay is not connected to. How could a relay that you don't connect to get your IP address? I don't know, but apparently I'm obtuse and stupid and I still didn't do enough for you.
"I have them on for myself. I only AUTH to relays I know and trust."
what difference does it make when your IP address is used if you connect WITHOUT auth?
that was my point
If you connect but don't auth, the relay doesn't get an association between your npub and your ipaddress. They just know that some IP address connected to them, but not who it is. Of course, once you start interacting with the relay they learn all of that too, and maybe the relay can try to figure out who you are by which posts you are interested in... and if you post they might presume you are that event's author. But you might be transmitting somebody else's message too, so it is not proof. So it gets all very complicated as to how much a relay can learn.
But if you AUTH it is not complicated at all, it is pretty much just giving the relay a provable association.
I've always maintained that privacy is an illusion unless you use tor, and trying to hide IP addresses is just more pretend privacy that enhances people's false sense of privacy.
very flimsy, that's my point
you send req that correlates to your follow list?
free relay = honey pot
the sooner people get it the better
and yes, to be selective... nostr:npub1m4ny6hjqzepn4rxknuq94c2gpqzr29ufkkw7ttcxyak7v43n6vvsajc2jl has been talking a lot this last couple of days about the problem of blacklisting in general
Since you refuse to take my point over and over, I am now muting you. Long ago I nicknamed you "bitchy mleku" and that moniker never failed to represent.
I don't look at the bots, but always funny to watch them chit-chat with each other, at the bottom of threads. Bizarre.
I think his point is that there is too much Illusion of privacy being created, that gives people a false sense of security.
Security will only exist if we use a different method for sharing information.
in that way whole nostr is is honeypot for datadigging. its open n everyone see it. free relays are MUST n essential even with AUTH sign with random key.
Everyone needs at least one free one, to start off, otherwise they can't even make a profile event or an introduction note.
i disagree... first you get the LN address then you subscribe to two paid relays... and then you bitch out the client devs for impeding the growth of the relay service industry
Or that. 😂
nothing of that is needed just use BASIC nostr social without ZAPs except user tech knowledge
then you get the honey pot problem
would you think it was a good idea for contactless cards to not have transaction limits when they are so easy to swipe?
same problem with user data, leaving people wide open like this is irresponsible for those who know to allow and condone
You probably need to have some American servers wide open, for those politically persecuted, elsewhere. Nobody has solved for that use case effectively, yet.
Sender initiated LN payments can be as anonymous as Tor traffic, and I devised a scheme that uses the preimages to carry session pubkeys.
https://github.com/indra-labs/indranet
It's fairly close to being complete except I think libp2p needs to be replaced with an ad hoc p2p transport built on QUIC with gossip peer advertising like bitcoin's p2p layer
if u stop the Hello DAN note calling it SPAM (best is mute it at end user level such whiteHAT testing notes) then u essentially partly KYC or STOP ALL NPUBS from posting with WoT near 0 and not giving them opportunity to build WoT slowly
It only makes sense to identify something as spam, at the relay level, when it's an obvious pattern. So, one Hello DAN note is not spam, but 20 of them probably is.
correct ! it is perfectly imitating a new user and checking testing OPEN relay and doing us a service
Agree about the WoT problem, as I set it to 2 and had to dig some real npubs back out of the hidden notes. They were just newbies.
Now, I'm opening all the hidden notes, to be sure, so it defeats the purpose, as I'm staring at bot notes all day. 😂
Lowered it to 1. See if that helps.
best way find new fresh genuine npubs is to browse "global of each relay" and ignore any note NOT suitable to EACH ONE's TASTE n likings - so simple. WoT filter replies from junkies in conver. threads (also nostr global or anythign else similar NOT for Kids without parental guidance.)
Yeah, but you have to turn the WoT down to -3 or so, to really get everyone in global. Can always turn it back up again, later.
Global is nothing for ladies, either, to be honest. I usually wait for the guys to find people and then I follow their follows over WoT.
I use them as feed bouncers. 🤭
Is there a technical reason why we can't use a waiting room to loosen the association of IP addresses and npubs? Like, the IP address gets stripped once it arrives at the relay into the waiting room, and the relay processes the events thereafter?
Or is that really stupid??
any server (reverse-proxy, relay, web, ...) will GET exit IP of any host trying to talk. retain or not or handover is policy matter. some countries require by law to keep log for when needed situtation. just like ISP n Telco SIM must do KYC nowadays. only whether relay forward orgin-IP or association IP to others can be addressed as above.
Well, that would help, at least, as someone could read and write over a particular relay and then only the relay IP addresse would be forwarded.
Are you talking about splitting web socket implementation from relay implementation? Subscription handling is quite coupled to an IP now. But indeed an HTTP proxy could just strip the x-forwarded header.
that can way to do (until new law arrive )- but 1st relay will always get client exitIP
I'm just always trying to think about how we can construct Nostr to be slightly-more private over HTTP.
Natively, I mean, rather than using VPN or Tor, as most people aren't using them and won't use them.
The idea of gift wraps is nice for DMs. But not suitable for public speak.
micropayments and short lived micro accounts and all relays are pay to write, which is also pay to proxy
the hard problem i bumped into is discovering the network and relays not needing to know what lives at the address the relaying message asks it to be sent to
this is why Tor and IPFS are both limited to around 8k nodes whereas bitcoin has over 20k
Didn‘t I see some nostr people talk about ham radios? They could meshnet and you would only see the exit on IP. But the meshnet routing would be unsolved.
Maybe we should buy an IP mixing satellite relay in space (or the international seas)
Can I rent servers for cash or Bitcoin somewhere? Short-timed?
few places can
depends on how short timed... month is the minimum for cryptoho.st but they have bitcoinpayserver and you can pay with lightning and they don't require KYC
they are based out of suaceva, Romania, i presume that's an industrial suburb area near Cluj Napoca or Sibiu or something (based on what GEOIP shows me on the map)
Final thought: yeah, onion routing
The header doesn't matter, unless the proxy is masquerading, which you can't trust, it's the TCP header that unavoidably reveals the source
The only way out is via onion routing
Spam
Pseudonymity fixes this problem, as does onion routed AMP LN payments
Something that would offend the monaros too... On chain payments are expensive and slow, and can't carry session keys
The problem is that the client doesn't trust the relay. If you are the relay, and you are an evil relay, you probably aren't going to be stripping off any IP addresses. We need a solution that proves to a client that they aren't exposing their IP address to a relay.
But of course the way to do this is to use a VPN or tor.
If tor is totally unusable than we need to make a new tor. That sounds like a huge project, so I'll bow out and leave it to the rest of you.
right way
Nostr offers people endless options, but most people want the same thing, so they will get that.
What Nostr also offers -- and this is the beautiful part -- is that people like us can choose if we also want to limit ourselves to that same thing, if we want to do our own thing, or both.
Actually, you only have the choice if you are tech savvy... I'm not 😅🤷🏽♀️
We need less-tech-savvy people, too!
Who else is going to tell devs that their interface makes no sense?
I think you're on some private relays like theforest and ok0. 🤔 Check the list in your client.
I recall trying to sign up to the forest and getting a bunch of error messages. Ok0 is something that someone else signed me up to I believe... By which I mean someone once asked me if I want one of those identifyer things and I said, "sure"
I also once managed to figure out how to use that site you sent me which shoudl fix how stuff appears? 😊🤣 That took me way too log to do and I don't ever know if it worked 😅 I don't know what hat you me a by "check the list in your client" although I spose I could fumble around for a bit trying to figure it out.
Found the list! I'm on the forest, can't see okO
You could probably add ok0, since you have your NIP-05 (mouse@ok0.org) from there.
Challenge accepted 🫡
He doesn't seem to have AUTH setup, so you can probably at least read from there.
It worked. :-) I see your name as "Mouse" now, instead of "npubbunchofnumbers".