Do relays only see IP if you post?
Discussion
No
How else do they see it?
As soon as you connect
Should clarify, they won’t be able to associate your IP with your npub until you post
Do you know if its possible to follow people and see their posts if i dont follow any relays?
On the protocol level yeah, you just connect to a relay and request notes from that user. Idk if there’s any clients that do that yet tho. Is the idea that your trying to “privately” follow ppl?
Yes. Just trying to understand how to be more private moving forward. It seems relays are the problem but thats what nostr is. Lol
They see your IP when you connect. But they can't positively link your IP to your npub until you use your nsec for something, like posting or liking.
Something has to connect to a relay to get the data, there's no other way to get it.
I think you are forgetting that I can connect to all the relays as @jack using his npub, but it doesn't mean that I'm Jack. And if the relay records my IP as being Jack's, well that's the relay's problem. In other words using just your npub you are not losing any privacy. Btw, if you are not using a VPN, then your privacy is completely shot anyways
I'm not forgetting anything, like I said before "relays see your IP when you connect, it can be linked to your npub when you post/react/etc. "
Connecting using an npub is not the hack you think it is, since you are unable to perform any actions so the relay can't link you to anything anyway. You could very well connect using your nsec and not perform any actions and achieve the same outcome.
As others have said, relays see your IP when you connect, it can be linked to your npub when you post/react/etc. I believe some clients connect to the relay on your behalf.
You need to use a VPN if you're worried about your real IP address being known - this is true for any service, Nostr included.
I don't think most relays keep logs (at least I don't, as Strfry doesn't log by default). Also an IP address by itself isn't really worth anything to anyone other than your government. If they're trying to track you down at all costs then you've got bigger problems, but they have easier ways to figure it out anyway.
Thanks for the reply. Not worried about governments. Worried about malicious relay operators or the possibilities of one. I like thinking hypothetically. I worry VPN doesnt offer much solution as they dont work perfectly, can disconnect. Also I dont believe we have a good way to verify if VPNs log or not. I barely trust them.
You're right, with a VPN you just shift trust from your ISP to the VPN provider.
There's nothing a malicious relay operator can really do to you, other than perhaps try to DoS you if they're some kind of script kiddie, but even that is at most an inconvenience.
Nobody can doxx you based on your IP address alone, for example, as they aren't accurately geolocated. If you're in the states then they may know what state you're in, for example, but that's about it.
Got it. Maybe I am overthinking the privacy risks a bit. Not so much paranoid, just really wanting to practice the best methods for protecting my nsec and general privacy. Might try Tor with Amethyst for fun.
I think it's good to be aware and ask questions, privacy is very important.