nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s what is the worst thing that could happen using Damus without vpn? I don’t use VpN most of the time
Discussion
Someone who was targeting you could see how often you use nostr i guess?
Maybe it would be a good idea to integrate tor into Damus the way Vitor did with Amethyst? I understand Orbot is an Android-only app, but perhaps there's an iOS equivalent? Or maybe include an integrated tor engine?
Don't need IP for that https://snowcait.github.io/nostr-hours/?npub=npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s
Do you even sleep btw? 
They get your IP, deduce your address, find you and murder you
why would somebody want to murder me or anyone else by just using Damus or any nostr client lol
Murder aside, I think the information could be used in conjunction with other metadata and sources as the basis of an exploitation. I just think it's preferable to give users the option to decide for themselves whether or not their IP is exposed.
Why not just use a VPN? It’s not a perfect solution but it’s easily available and at least provides some level of opsec.
Mullvad.net is great and accepts bitcoin pmts.
nostr:npub1wlx4wqeyzzspw43gk56hlfj4k8ava262let5wvammn8djwx7jx3qp5zy3z accepts bitcoin and Lightning ⚡️
Your IP address is visible to your relays.
If a relay operator was malicious they could abuse that information in identifying you (perhaps to punish you for how you use Bitcoin, in a country with an authoritarian regime) or could package your nostr activity with other data brokers’ information about you to sell into the profile(s) that exist on nearly everyone for as-targeting (at best) or government surveillance (in the US, for example, it’s illegal to spy on citizens, but not to buy the entirety of their internet activity from a broker and use that for profiling and “criminal prediction” police lists).
These are all “ugly” (although not “worst case”) scenarios, but it’s more likely that some of those things are already happening with your online data outside of nostr.
It depends also, of course, what relays you use. You asked “worst case” so yeah someone could go after nostriches in a few years with the assumption that many of them hold lots of (massively appreciated) Bitcoin. Kidnappings and theft already happen; user data from crypto exchanges is sold on the dark web every day, and people get scammed and stole from as a result.
Nostr isn’t necessarily “big” enough yet to make us targets… but data is forever.
Using an always-on VPN is just best practice, on Nostr or anywhere else, and while it’s of course far from a perfect solution, a high-quality VPN is such an easy way to limit the data that can be easily traced to you, making it just inconvenient enough that your average bad actor would prefer a different, easier target.
Hope this is helpful 🫡
What VPN recommendations would you make?
I use nordvpn and have been using it for 7 yrs now. I also checked if they have been compromised or not. Eg. Where their jurisdiction, the data/metadata they collect. ☺️
Nord has excellent UI/UX, and many, many servers you can choose from around the world. I’ve heard some hesitation from privacy-focused friends, although I don’t know the specific reason behind it
Mullvad is fast and reliable, no KYC, accepts Bitcoin, doesn't store customer data as runs in RAM and has a track record of resisting police raids.
Mullvad would be my first recommendation. Others like Proton and (I believe) iVPN. My first was Nord which was excellent user experience, but they don’t accept Bitcoin/Monero for added privacy
Depends.
They may be able to find your real location and identity.
If you are armed then you may have a big mess to clean up.
If you are not armed then then you may need to take PEP after they rape you.
there are a lot of negative things but this is just the worst I could think of.
Be armed & use VPN.
Follow me for more common sense advice.