Replying to Avatar Mike Dilger ☑️

If people aren't using Tor and aren't using a VPN but they care about this, then I sure hope they never open a web browser.

But giving people the head's up and asking permission is nice. People want to see the note, but they also want to feel in control.
Avatar
cloud fodder 1y ago

Yes, having used this option in gossip I can tell you nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z with confidence that absolutely no one will use this option and leave it on to be bombarded by hundereds of questions whenever they open nostr..

Reply to this note

Please Login to reply.

Discussion

Avatar
Mike Dilger ☑️ 1y ago

We made the questions just a number in the lower left. AND after you answer all the several hundred questsions, they don't keep repeating eventually you catch up with it. BUT YES your point is very valid. It is fucking annoying to approve every relay.

But I'm also coming around to the idea that an 'nevent' is kind of like phishing, getting you to go to a relay that is malicious, just like a link in an email trying to send you to a malicous website. Whitelisting relays is one solution, painful as it is.

Avatar
keet dont tweet 1y ago

what about a proxy relay for those connections? a relay relay

da
Rand 1y ago

sounds like drugs/ prohibition etc crazydays/metadata?

Avatar
cloud fodder 1y ago

It is, and so is media loading.. which no one ever talks about they just harp on relays. VPNs or relay proxies that you trust are the only solution. And probably image proxies if you're doing the proxy option. Tho I applaud the efforts in attempting a UI for connections, it has enabled me to see that using nostr means you go to weird servers all the time. At least nevents don't have JavaScript payloads or anything, it's safer than browsing (I think). But images, yeah those are likely the most dangerous thing.

Avatar
keet dont tweet 1y ago

have you tried keet.io ? p2p imho is the solution

Avatar
liminal 🦠 1y ago

Media loading was the straw that cascaded this conversation in January. Malicious user posting people's ip from loading an image sent as a dm.

Avatar
keet dont tweet 1y ago

its the internet you have an ip, its well known how to hide it

Avatar
cloud fodder 1y ago

Yeah, but then they quickly cascaded into ranting about relays about 5min later.

Avatar
liminal 🦠 1y ago

sequence of events reads very familiar 🤔

Avatar
Hazey 1y ago

What can a malicious relay do to you besides spy on your IP?

Avatar
Mike Dilger ☑️ 1y ago

It could ask for AUTH and if your client allows it your client will tell it (and prove) your npub. Then it knows WHO is at that IP. This IMHO is a step too far and clients shouldn't AUTH to random relays w/o asking the user. But gossip lets users turn that off if they don't care.

Avatar
Crusty 👨‍💻 1y ago

That's also hard, because what "requests" do you allow, and what "requests" do you ask the user? At the end, if every key interaction is asked, it is the safest, but the most annoying.

Avatar
Mike Dilger ☑️ 1y ago

I'm not really sure how malicious a relay could be.