Quick thoughts on Nostr #privacy
The list of relays you connect to are easy to uncover.
Just put any user’s pubkey into a client like iris.to and you can see a list of relays they connect to. For example, I can see #[1] (Snowden) connects to wss://relay.damus.io operated by #[2] (infamous William Casarin), and 3 others.
Just like plaintiffs lawyers and governments target Twitter with subpoenas and warrants for information on users, they will target relay operators as well.
If relay operators have logs of your IP address, you should assume your IP won’t be hard to uncover if a subpoena or warrant is issued to a relay operator. Take that IP to an ISP and it won’t be hard to figure out who you are and/or where you are.
If you care about privacy, this means who your relay operator is and where they are located may matter. #[3], operating the Damus relay appears to be in Canada. In theory, anyone could apply to a Canadian court to subpoena information from him.
While I am sure Snowden is doing crazy things to hide any IP from his relays, the point is, the average, person isn’t; whether it’s a human rights organization, trucker convoy or dissident.
Not to be a party pooper, but just some thoughts for people who may be using Nostr for something other than Midjourney digital art ostrich pictures. My latest favourite:
