If the relay uses AUTH, it's effective, regardless of where it is, or who runs it.
Discussion
True, as long as it receives regular updates, and the hosting provider doesn't receive an NSL or equivalent, and you're not worth risking a 0day on.
That's just incorrect. You can auth to a relay but that doesn't mean anything about the content that the relay has access to then. It just means that other people can REQ the relay for content that they shouldn't have access to.
AUTH is never a replacement for encryption
💯💯💯
Honestly, the protocol has been going downhill for a while as people try to be as lazy as possible.
Relays instead of encryption. “Relays” that are shitty versions of normal APIs instead of DVMs. Relays instead of a proper community NIP.
No one is stopping you from writing a better community NIP.
I don't understand why it's not possible to have both.
We can, just stop calling it even remotely private.
It is private, if you run it on a relay most people don't have access to and you encrypt the content.
I'm failing to see how that can't be described as private. You don't even need to run that over the open Internet. You could use a VPN or put it behind a firewall, or whatnot. That's actually what VPNs are for, after all.
i am just bumping into this and forgot just how retarded some nostr devs are about signals intelligence... prime case in point right here
auth stops you from being able to send the message
the websockets are TLS encrypted already
in the case of DMs and application specific data the content SHOULD be encrypted by the protocol (don't tell hzrd149 about that though, he does ASD without encryption which is retarted)
It's simple logic, from where I'm looking. If you put the relay on a machine you manage, you can use all security built into Nostr AND all security that can be implemented on the machine. That is a second, powerful security layer.
encryption is never a replacement for not sending out a message either. basic sigint
realy already blocks access to DMs when auth is enabled, you can't do that without auth
the auth allows you to identify that the caller has the nsec that gives them the right to see sensitive events that contain their npub either as author or tagged, there's a set of event kinds that apply here, encrypted direct message, 1059, 1060 and i forget the application specific data kind, i think it's a 30k range parameterised replaceable, maybe 30002 or something