I thought when they introduced this it was just for Safari - does it work within apps as well? Will this require an iCloud subscription?
“Network relays are built on the modern and standardized MASQUE protocols and can be used to proxy all TCP and UDP traffic”
Holy shit! It’s not just web requests. This is way better than your standard VPN. It also obfuscates traffic through http so it’s harder to tell that you’re even using it. TIL nostr:npub1dd9znw7585wsam4d8p84ztdmtywwjsrayld6fzk4fvqdn5hpju4st5xe7p also uses this. This is the way we can make nostr network traffic private without requiring people to run VPNs.
https://support.apple.com/en-ca/guide/deployment/dep91a6e427d/web nostr:note12efx0sark9qhdnstu7ucacv399j60juz3ukjvzztvpzg2avtnr0qd5ceua
Discussion
It’s a protocol, we can set up our own MASQUE relays and use them within the app. I’m not sure if you can use apple’s. If you can it makes sense to use that for users who have an iCloud subscription . nostr:npub1t0nyg64g5vwprva52wlcmt7fkdr07v5dr7s35raq9g0xgc0k4xcsedjgqv says you might not be able to. cc nostr:npub1yevrvtp3xl42sq06usztudhleq8pdfsugw5frgaqg6lvfdewfx9q6zqrkl
I will chat with carl and maybe we can use nostr:npub1dd9znw7585wsam4d8p84ztdmtywwjsrayld6fzk4fvqdn5hpju4st5xe7p somehow?
I think Cloudflare WARP also uses MASQUE if you wanted to try it out for now with Notedeck on Android and Desktop
I was about to google that, thanks!
The difficulty with proxying arbitrary traffic like Apple does is that an attacker can flood DoS traffic behind protection. That’s why OHTTP specs 1:1 relay server to gateway server. OHTTP could even work for general Nostr if it were available over WebTransport instead of WebSocket.
since masque can proxy arbitrary traffic I don’t see why you couldn’t do a websocket connection over it ?
I can see the entry ohttp node needing authentication and payment to use , blinded signatures/tokens/passes ?
afaiu WebSocket unfortunately isn’t actually HTTP, but a hack to get TCP communication working that breaks out of HTTP semantics. MASQUE requires data to be sent in HTTP.
This is not what the apple docs says, and its not what I have been reading.
From apple docs: “Network relays are built on the modern and standardized MASQUE protocols and can be used to proxy all TCP and UDP traffic”
I think I confused MASQUE requirements with OHTTP requirements. Big if true.