in other words, these apps all assume relays are free, and when theyre not, stuff is broken AND server/client resources are wasted anyway.
le sigh.
why cant things do AUTH? wouldnt you want that on a 'secure bunker' anyway? 🌊
Discussion
I don't think Amber assumes relays are free because it specifically doesn't support paid relays. Relays added to Amber must be free.
"accepts events from any key", "has no auth", "is not paid"..
Right. When you add a relay to Amber, it tests those conditions, and if they're met it adds that relay to its list for user. There's no assumption that the relays are free. It specifically tests to ensure that they're free. No assumptions involved.
well, its not surprising it doesnt work because running a relay like this is a recipe for disaster, wasting money and being down all the time.
Pretty much all the relays I've used with it have worked fine and I haven't experienced any downtime or service interruption. If you're running a basic free relay, it works. I use nsec.app, damus.io, and purplerelay.com and it works just fine.
so youre ok with using a free service, trusting it with your data, that you cant replicate yourself. gotit..
cause the second that relay hits your list, it will be bombarded by stuff you didnt want.
What are you talking about? I'm talking about Amber. I have no problem with a free relay hosting public notes. They're public, not secret. Not sensitive. I specifically use paid speciality relays, including one I control, for DMs. I'm not sure what you're even talking about at this point.
dont worry about it.. i failed to explain.
Clients generate a new key for the login. How will that work when using paid relays?
Thats why I always recommend using a local relay inside your network like citrine for example.
Did you ever read how nip 46 works?
Relays for bunker are not normal relays
the relay needs to know the ephemeral keys, the local signer pubkey and the bunker pubkey, and also the users pubkey. then it can allow tags to those pubkeys (still unfortunate spam vector) but whatever. and then AUTH prevents you downloading the events if you arent tagged.
Signer can also have random keys
so, what if you could auth via one key, and that lets you send whatever you want? would that work? i want to build better relays, but i keep running into this freeforall model, nwc is like this too it wont do basic auth.. so its hard to decide if i should implement relay for this if nobody will use it.
yeah as an answer to the idiots saying "authing is doxxing myself" i point out that they could easily designate relays they want to identify with a key and the rest can just do one-shots
but you know what, from writing a spider with auth capability i have discovered that not one grants access that requires auth that i don't have an existing relationship with based on that key
not
one
so their paranoid delusions are pure fantasy, in the real world people only make their relay demand auth to access an account tied to a key. the end.