That's great. Can you share what the image proxy service is? Other clients should consider using it.
We did operated a proxy. But then I realized that I not only had all the locations for our users but ALSO all their image and content requests. And I could easily associate both. The proxy doesnt only knows your location but know what you are looking at in real time.
To me, the proxy is WAY worse from a privacy standpoint.
You have a point. The user's own avatar is one of the first images shown on the page, in a certain size, so you could even guess the Nostr user.
Without the proxy, requests are sent to multiple servers, making it more difficult to associate everything the user does.
On the other hand, those other image hosts might include those that are built expressly for logging and tracking users. Popular service like nostr.build or imgur.com can do that kind of analysis anyway.
Using a proxy, you can at least choose which host(s) you trust. Ultimately, the choice of proxy should be configurable, just like relays. Image loading without proxy is privacy-wise somewhat equivalent to outbox model (or nip05) where you connect to random addresses that see your requests.
Relays also know a lot about what you're looking at, and you might even reveal your identity by authenticating. The only way I see around this is onion routing where Nostr requests would be relayed on behalf of others, so there's plausible deniability.
Associating network address to a geolocation is a feature of the internet protocol. Tor and VPNs (where you also need to trust a 3rd party) seem to be the only solutions to that.
When it comes to image proxying, file size is one very pragmatic consideration. Without a minimizing proxy, avatars can be 100 times larger. Maybe multi-resolution image formats are the best solution to that.
