Nostr Web Client

great #nostr privacy awareness info from the #amethyst github page:

Privacy on Relays & nostr

Your internet protocol (IP) address is exposed to the relays you connect to. If you want to improve your privacy, consider utilizing a service that masks your IP address (e.g. a VPN) from trackers online.

The relay also learns which public keys you are requesting, meaning your public key will be tied to your IP address.

Relays have all your data in raw text. They know your IP, your name, your location (guessed from IP), your pub key, all your contacts, and other relays, and can read every action you do (post, like, boost, quote, report, etc) with the exception of Private Zaps and Private DMs.

DM Privacy

While the content of direct messages (DMs) is only visible to you and your DM counterparty, everyone can see when you and your counterparty DM each other.

Visibility & Permanence of Your Content on nostr

Information Visibility

Content that you share can be shared to other relays. Information that you share publicly is visible to anyone reading from relays that have your information. Your information may also be visible to nostr users who do not share relays with you.

Information Permanence

Information shared on nostr should be assumed permanent for privacy purposes. There is no way to guarantee edit or deletion of any content once posted.

#cybersecgirl #privacytechpro #amethyst #nostr

https://github.com/vitorpamplona/amethyst?tab=readme-ov-file#privacy-on-relays--nostr

Reply to this note

Please Login to reply.

Discussion

Deleted Account 1y ago

The privacy aspect of Bitcoin and Nostr is a bummer. I really hate that it seems like privacy is an after thought.

Decentralise 1y ago

https://blog.cloudflare.com/encrypted-client-hello/

can some kind of ECH setup fix the ip leak issue?

BaleNorge 1y ago

Well the free VPN are of no help. Many apps doesn’t work if you are using VPN. They want you to disable to proceed

Systemling32 1y ago

It is missing an important route of privacy leaks: automated media loading.

As it is right now clients connect to arbitrary web hosts to load embedded media in posts or DMs. The owner of that server can again see your IP address but unlike with relays you do not control which servers you connect to when loading media.

There has recently been a campaign nostr:npub1wq6n8skpdtrhw8hmr00kp2za7a8y97zqngq8jq85q2aydp8ejxzq8p7d9k to link pubkeys to IP addresses by sending a DM with a customized tracking link which clients automatically open because it disguises as an embedded picture.