One other thing I noticed from testing with gossip on Tails is any relay using Cloudflare blocks Tor exit nodes with requiring captcha to get access.
Cloudflare is a controversial company to some, considering that they have taken steps to block sites and organizations that promote specific ideas or topics. While I am not supporting any of these organizations, there is a deeper issue with using Cloudflare in front of public relays. For people running personal ones, it does have the advantage of obfuscating your home IP address. But this post is focused on people providing general public relays.
One of Nostr's selling points is clients' decentralized (distributed?) architecture using relays. Relays help to avoid the centralization issue witnessed by Twitter, Facebook, and other social media companies. We build this whole decentralized architecture to put it behind a centralized company's network?
**Some of the Biggest Relays Using Cloudflare for DNS/Proxying:**
- nostr.wine
- relay.damus.io
- relay.snort.social
- X.nostr.land
The above is not an exhaustive list, but you can check your relays by going to a site like digwebinterface.com, choosing *Type: NS*, and checking *Authoritative*.
Example:
You can also choose *Type: A* and do an [IPWhois](https://iplocation.io/ip-whois-lookup).
[Relayable.org](https://relayable.org) will never use Cloudflare. However, we use cloud providers like Amazon Web Services (AWS). But the overall architecture allows us to quickly spin up Docker containers for a new relay and load up a copy of the DB in an automated fashion using [Ansible](https://www.ansible.com/overview/how-ansible-works) and [Terraform](https://www.terraform.io/). Then it is a matter of repointing DNS to the new relay. Creating new relays can all be done in a couple of minutes, which makes the cloud or VPSs relays are running on not as much of an issue. Finally, we back up the DB offsite on safe harbors of encrypted storage.
I'm not encouraging people not to use the above relays. However, putting relays behind Cloudflare is not a feasible approach to a censorship-resistant network. It is a good idea to make sure you have a good mix of relays, with some (but not all) using Cloudflare.
I'd be glad to help any relay admins move off Cloudflare. We will add much more documentation on Relayable.org to be completely transparent in our configs, architecture, and operations.
Discussion
good point ! we all need walk the talk at least for those who r techies n think tradeoff performance n privacy depending when/where - all out use underutilized relays sitting idle
I think the default ones in apps is a natural thing to do but adversely effects relay distribution.