Replying to Avatar Vitor Pamplona

The issue with privacy tools is that they are all companies selling privacy against others, not against themselves. By using them, you essentially give them the monopoly over your private info. They know or can know everything about you if a court order requires it or if their business requires more profit. They are a huge data hoarder about select individuals. And that information can be used for leverage against you in any negotiation. They can sell pressure points on you without actually selling your data. If you are a target, it makes them a honeypot.

And being a honeypot is a preferred wall street bet older than time itself.

All incentives align against the user while the user is paying for it.
Avatar
ABH3PO 6mo ago

Agreed, which is why nostr is a better alternative, since there is no honeypot, the company doesn't need to store data at all, and even if they do all they have is encrypted content that you encrypted with your own keys, and even ones you can disassociate from.

Yes sophisticated metadata attacks can be performed if you're careless, but that's it, and this is an achievement we should be celebrating, not chiding away since it's not perfect, yet.

It's way beyond useful, right now, more useful than any legacy privacy company, since it's the only tech that has verifiable privacy where you don't need to trust.

Reply to this note

Please Login to reply.

Discussion

Avatar
Vitor Pamplona 6mo ago

Relays are the honeypots on nostr. Stop pretending things exist when they don't. Nobody is offering private solutions on nostr. NO ONE.

Nostr COULD be really good for privacy. But right now it is not.

Wishful thinking doesn't make things appear out of nowhere.

Avatar
ABH3PO 6mo ago

I'm not pretending anything, I'm here for it.

I'm offering a privacy tool with formstr.app , which is more private than any other forms app that exists.

Which is why it irks me when you say privacy doesn't exist on nostr, because here I am breaking my back to make sure it does, and it's better than anything else you can get on the market, but all that effort goes to vain since people have already made up their mind that privacy doesn't exist on nostr, because some famous dev said so.

Relays are honeypots, yes, but they don't have control over your data the same way centralized services do. They don't hold the keys to decrypt,and we've just discussed ways where we can make sure they can have no clue who's accessing the data as well.

Some of those tools exist right now. Formstr is essentially anonymous keys with gift wrapped access. Yes it's not on Tor, but it can just as well be used with Tor if someone needs to.

You can keep shitting on efforts being made, all I'm arguing is, that it's literally harmful to people that believe you, and most harmful to people that get turned away from better solutions that exist today.

Avatar
Vitor Pamplona 6mo ago

I am not shitting. Formstr is great. It is encrypted but not private. Very different things.

Avatar
ABH3PO 6mo ago

I'm willing to bet 100000 sats no relay operator can tell me, who created the last 10 encrypted forms. If it's not private, somebody should be able to know and tell us.

Avatar
Vitor Pamplona 6mo ago

Just because they are not tracking now it doesn't mean they cannot track.

There is no need to oversell your stuff. It's a pretty good tool. Just sell it appropriately and lots of people will use.

Avatar
ABH3PO 6mo ago

That's beside the point. I think we've clearly established, that there is no other privacy tool for public communication better than nostr. If so, we SHOULD be recommending nostr as a privacy tool for this purpose in general.

We are aware of it's shortcomings and should work on it, and let people know, but saying nostr is inherently not private is a disservice to the people, and a disservice to nostr.

Avatar
Vitor Pamplona 6mo ago

Nostr will never be private. The protocol cannot and doesn't not want to ensure privacy. That's not the goal. Nostr with other stuff can be private. But Nostr alone never will. And we should never fool people in thinking it wants to be private by itself. In other words, formstr can be private if you want it to be. But Nostr itself never will. Don't outsource what you want your product to be to what the protocol can be.

Avatar
ABH3PO 6mo ago

I'm not sure how you reach the conclusion but it's plain wrong. It's like you want this to be the case.

Avatar
Vitor Pamplona 6mo ago

Picture this. Let's say you make formstr use Tor exit notes in a way that makes it impossible for any relay to track your user. Great. Formstr is now truly private. But you sold Nostr itself as private, not formstr.

Then your user switches over to another form client that doesn't use Tor and now all his privacy is gone. They will blame the protocol, nostr itself, for leaking their data and will never use any other nostr tool ever again.

The protocol cannot guarantee privacy. Only formstr, as a product, can. We cannot lie to users or it will bite us in the ass.

Avatar
ABH3PO 6mo ago

Yes, let's not say that nostr guarantees your privacy, that would be stupid and a lie.

But saying nostr IS a tool with which you can preserve your privacy is definitely a true statement which should be spread.

When you say nostr is inherently not private you make both these statements false, and that's my entire pain point.

Avatar
cloud fodder 6mo ago

this thread is so funny to me, #only on nostr

the entire internet is not private. including tor. so singling out nostr, yeah can you see how this is not a good marketing technique 😂

poor nostr. we are all too smart for our own good. gg vc funds. 😅

Avatar
Ryan 6mo ago

Constant bickering between devs is what will bring Nostr to the masses 🚀🌝

Avatar
Vitor Pamplona 6mo ago

The bickering is what keeps this place minimally acceptable to me. Otherwise, we would have been run over by false promises a long time ago.

Avatar
Ryan 6mo ago

It's all good Vitor. I'm the "people" he was referring to in the OP 😂 but I didn't have the time or energy for discussion. You're far more knowledgeable than me on these matters, so have at it.

Avatar
ABH3PO 6mo ago

You were not the first, but just someone that tipped it over the edge for me 😂

Avatar
Garbage nsec 6mo ago

Best part of nostr

Avatar
cloud fodder 6mo ago

I think what nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qgswaehxw309ahx7um5wghx6mmd9u2mk7fe is saying is for a normie to 'trust' a nostr relay provider, the relay provider must be a doxxed liable company that promises not to share your IP address with anyone unless they're under duress.

And then if they are under duress, they have a proper canary EULA that can be taken down on a deadman's switch.

If that's what customers want, I can update the EULAs in my next release of relay.tools as we are already mostly there. ⚡zap it if you like it.

Avatar
Vitor Pamplona 6mo ago

Not really. I don't trust single companies to not track things. It is better when they do put that into the eula, but It won't make me call them a privacy tool. I don't trust Signal or SimpleX and in that way I don't call them privacy tool. I think every company will succumb to the desires of the state and trust none of them can truly make things private.

To me, privacy is implemented mostly by Clients through scrambling the transport and application data to "private" relays as much as possible and in ways that there is no way to disable it.

Avatar
cloud fodder 6mo ago

huh, well, sorry to say that technology does not exist.

Avatar
Vitor Pamplona 6mo ago

Agree. But I don't think it is impossible to build. Just that nobody has found a good way yet.

Most of the companies that tried failed not because it was impossible but because it is very difficult to resist the incentives against it.

Avatar
bjorn 6mo ago

nostr differs from how similar services on the internet work in that the data is both much public and distributed across servers run by different people. Any one of those server operators could potentially try to violate user privacy.

It's not really singling out nostr, just stating facts.

Avatar
cloud fodder 6mo ago

true. although nostr is still a service where we can hope is decentralized enough to still be allowed to even use vpn.. bigtech services are all implementing vpn blocklists, tearing down that last semblance of privacy. (and cloudflare fogettaboutit)

Avatar
ABH3PO 6mo ago

Also you can just encrypt stuff, in a way that it's impossible for even relays to know who is whom, as long as you use a VPN. I don't think why we are deliberately underselling this, probably because it doesn't meet an imaginary gold standard.

Avatar
Vitor Pamplona 6mo ago

Disagree. Nostr is in itself not private. Like all other tools that are not private, but can be if used in the correct way.

Avatar
ABH3PO 6mo ago

What other tool?

The fact that it defines permissionless cryptographic keys for ownership is the inherent property that makes privacy with nostr even possible, I see no other equivalent.

Which makes it all the more important for us to recommend it to people in search for it, albeit with the necessary caveats.

Avatar
Vitor Pamplona 6mo ago

That doesn't make much sense. There are tons of protocols that define cryptographic keys for ownership. You could use any of them to build a privacy-first stack. Nostr has a lot of benefits over them for other things, but in the privacy realm it doesn't really add much compared to these other protocols.

Avatar
ABH3PO 6mo ago

Maybe, but that is all you need to build a verifiable, open, privacy stack, and it is an inherent property of nostr. I think we've reached the point in discussion where we're just arguing semantics, which is fine. I can agree to disagree here.

Avatar
Garbage nsec 6mo ago

But that's like saying a hotel lobby IS a place in which you can have private conversations. Ok that's true, you can both put on a disguise and hold up newspapers, or get lost in the crowd, nobody will know.

But it's still a hotel lobby, designed as a hotel lobby.