Replying to Avatar Ostrich McAwesome

I'm not going to pretend that what I did wasn't trivial. It was.

But if this trick is so uncreative and unoriginal, why hasn't this attack vector been resolved yet?

If nobody has a reason to fix this, I'll give them a reason.
Avatar
Mazin 1y ago

What is there to fix in the nostr protocol?

If a particular client is loading images from unknown recipients, that’s an implementation choice. If you have a problem with it or think it should be done differently, you can open an issue in their repo or write a PR and contribute to a solution. Or, of course, you can use a different client or write your own. I fail to see how this is a nostr weakness or how what you’ve done is helpful or creative.

People who are concerned about exposing their IP on the internet should use a VPN or Tor.

Reply to this note

Please Login to reply.

Discussion

Avatar
Skipper 1y ago

nostr:npub1sn0rtcjcf543gj4wsg7fa59s700d5ztys5ctj0g69g2x6802npjqhjjtws (and Iris) client have a default option called 'Image proxy service' which I believe solves the issue, right? nostr:npub1wq6n8skpdtrhw8hmr00kp2za7a8y97zqngq8jq85q2aydp8ejxzq8p7d9k

Avatar
Ostrich McAwesome 1y ago

The real issue is inconsistency. Different clients have different ways of trying to protect you from the same features, all of which are implemented differently.

Also, using an image proxy may protect you from leaking your IP, but as I have mentioned previously, this would now mean that URLs from your end-to-end encrypted messages would be decrypted and sent to the proxy, damaging your privacy in a different way.

Ultimately, my take on Nostr web clients is that if you're using any other browser than Tor Browser, you're doing it wrong.

Avatar
Pepe NOSTRos 1y ago

Sucks but gotta embrace the suck. Part of the process when growing fast. Lots of ideas being tested at once and over time we will see a normalized distribution of features centered around some broad appeal features. It'll come.

Just let the devs cook bro. We are moving faster than we have any right to have expected.