Replying to Avatar Séimí Mac Síomón

#asknostr

Digital Services Act is an attack on free speech in Europe.

What tips do Nostriches have running a censorship and privacy oriented relay to have a safe haven.

This is going to be a stress-test and coming of age event for Nostr: can it lock horns with state censorship?
Avatar
James A Lewis 2y ago

Encrypted relays and clients.

Storage is never unencrypted, neither npubs nor their content. Transmissions are always encrypted with the recipients npub, and requests are made encrypted with the relays public key. Decrypt-encrypt always happens in one step, so decrypted content is never even sitting in memory where it might go to swap. Booting the system up requires a key that is never stored but only sits in memory until system shutdown, so I've the machine gets compromised or confiscated it can't divulge anything.

I bet a device exists to decrypt content off-system, so the system with the database doesn't have the capability to decrypt on its own with even a temporarily stored key.

Reply to this note

Please Login to reply.

Discussion

Avatar
Séimí Mac Síomón 2y ago

What device do you recommend running this on?

Avatar
James A Lewis 2y ago

Probably not a RasPi if you're going to open it up to many people, but I'll admit I'm not a hardware guy. My guess is that it'll be a little heavier and slower than a standard relay, so it would be for somewhat specific communities and not tens of thousands of users.

Avatar
Geist 2y ago

Used Intel NUCs have a lot more power for the price, I'd check out eBay. They can be a bit sketch though, the one I have I need to keep switching display ports for some reason I can't quite figure out yet.

Avatar
Pablo Xannybar 2y ago

If it's one with two DisplayPorts or HDMI inputs, I noticed the same thing, loses signal until you unplug the replug into the other input port.

Personally I rate Asus Mini PC's they have AMD CPUs.

Avatar
Geist 2y ago

I'll try that for my next one, I can hardly get into the bios on this POS.

Avatar
Pablo Xannybar 2y ago

Well worth it. Barebones kit (bring your own SSD + RAM) is around $250 brand new. Sure you could grab cheaper deals off eBay too. You get much better build quality than the NUC and a Ryzen which kicks the shit out of Intel these days.

Got my node running on one plus a Tor Nostr relay, Nextcloud, Robosats and a few other little things. Doesn't break a sweat.

Avatar
thesimplekid 2y ago

Are you whitelisting npubs then and only allowing a select few to read? Because if you're not this doesn't help anything

Avatar
James A Lewis 2y ago

You could make a whitelist/blacklist automation linked to some outside source, like residence/membership/etc to keep things community-specific, maybe a multisig process between moderators of the relay to reduce an specific interpersonal dispute from getting someone booted or added without due process.

Avatar
thesimplekid 2y ago

I'm just not sure what encrypting transmission by npub gets you if it's wss or Tor transmission is already encrypted

Avatar
thesimplekid 2y ago

By residence now the relay operator is collecting pii and they got gdpr issues on top of this new one.