If you find any relay operators willing to divulge user IPs from logs, let me know who they are. I just wanna talk.
You might be asking why I'm airing people's PII in public. Surely there's a risk of hurting someone. Why not just DM people their IPs and show them in private without opening up a huge doxxing threat?
I considered this, but I had to account for a few things:
1) This isn't the first time this has happened. A light touch won't motivate people.
2) Public visibility shows how pervasive the issue is. It teaches a lot more people a lesson, and it teaches it effectively.
3) The Western world and it's allies are a turnkey tyranny, and I'd rather people learn this lesson the hard way now rather than later when the stakes are orders of magnitude higher.
Turned up the security settings on #Amethyst to 11, and want to point out that nostr:npub1wl89d7yazg500lehg08p45dj2jzhhyqg2erj067458e3wd30djns4zn8lu (as an example) could still snipe an IP address with his banner image if he wanted to, because this app's security implementations are a joke...
#m=image%2Fjpeg&dim=1061x1116&blurhash=%7C13%2BDt%3Fb_3%3Fb9FWBWB4nfQs%3At7M%7BM%7Boft7j%5BayWBofxuM%7BIUWBayWBofayxtxuRjM%7Bj%5Bj%5BWBWBRjt7xuRjM%7Bj%5BWBWBa%7CRj%25MxuWBM%7BRjRjRjWBayWBofRjRjofj%5Bayj%5BWBt7ofWBRjWBj%5BfQj%5BofWBWBRjRjayj%5Bofofof&x=d5da28df6ccc20458c8224ce86cc14c13c1edea9d292fa3ef5995db0cda66aa5
#m=image%2Fjpeg&dim=1075x1131&blurhash=%7CO9%40F%5EbpjYs.oeR%25V%5Bf5Wo%3FKR%24WAsoofWUagf5bGn.WBWAjba%7DfjofjYoeM_jdbHa%23R*ofofaxodISnnogW%3BR*t7oeWCjZD%7DoMt8baWBs%3BWnWXe%3DD%24oJt7bXoeo3WTa%7EahX4oKaebEs%3AaeR*ofaio%7Bj%5DRjj%5Bt7V%40WCofa%24&x=c91dd00e0fcb6527ace6b8e1cb362aed288515e3ab6ae6b32212d5d5dcef89b3
On that note, time for another lesson.
You can't trust relays. That's not how I leaked people's IPs, but they are absolutely a vector for that.
And if you post with more than one account without changing your IP first, anyone with access to the relay logs can connect your accounts to each other.
Here's some folks casually discussing using this flaw to silence this disruptive account. ZERO-TRUST!!! Nobody is your friend. People want your PII for a million reasons, so protect yourself!
I took notice of this account today, and want to first clarify that I am not affiliated with it. Looks to be someone's old account with a leaked nsec being puppeteered by a handful of trolls. Someone decided to take credit for the drama of the day it seems...
But there are some recent threats of exploiting #Mostr that I found quite fascinating. Not really the kind of exploit I'm interested in, but it sounds quite eggregious. It looks quite trivial to turn Mostr into a problem, attacking from either the Nostr or ActivityPub side, since it seems to blindly relay everything. You could just flood it with spam and it would do all the work of delivering it.
Someone should consider testing that. It sounds like a weakness to me.
One person suggested earlier that I was only doing this for profit, and I wanted to stress that this still isn't true. I have no plans of extorting anyone for protection money or anything like that. The only way to earn my silence is to improve your security habits. I cannot be bought, but I will happily accept a donation from anyone who likes what I'm doing.
So, some people seem to like what im doing and how im doing it, soi set up a lightning wallet because why not?
But now might be the time for the community to teach me something, because the provider looks awful. Might want a getalby invite if anyone is willing.
I'm more of a Cybersecurity and Privacy expert than a cryptocurrency expert. that needs to change.
User @npub12gstjc6g93azd80s5ndmw0kg4dnrgyyvj773jq79365xx6phwvxse63y2x was seen connecting to #Nostr in the past day with IP 193.32.248.202. https://iplocation.io/ip/193.32.248.202 #NostrExposedIPs
User @npub1w4uswmv6lu9yel005l3qgheysmr7tk9uvwluddznju3nuxalevvs2d0jr5 was seen connecting to #Nostr in the past day with IP 146.70.173.196. https://iplocation.io/ip/146.70.173.196 #NostrExposedIPs
User @npub1xv8mzscll8vvy5rsdw7dcqtd2j268a6yupr6gzqh86f2ulhy9kkqmclk3x was seen connecting to #Nostr in the past day with IP 89.1.175.24. https://iplocation.io/ip/89.1.175.24 #NostrExposedIPs
User @npub14tq8m9ggnnn2muytj9tdg0q6f26ef3snpd7ukyhvrxgq33vpnghs8shy62 was seen connecting to #Nostr in the past day with IP 185.13.106.216. https://iplocation.io/ip/185.13.106.216 #NostrExposedIPs
User @npub1x9n6c902747lvn63lm5he2nnsw3av6x6sy2ygzxy4as0rsp3v3gqatatt2 was seen connecting to #Nostr in the past day with IP 46.114.224.247. https://iplocation.io/ip/46.114.224.247 #NostrExposedIPs
User @npub1zcuy3uldu98ghjjnpmy827vgucxwxafy9wgungsd508er62n6eds6whff0 was seen connecting to #Nostr in the past day with IP 213.147.167.202. https://iplocation.io/ip/213.147.167.202 #NostrExposedIPs
User @npub19py4fxzwrxlkyxc6s458sp5fp5hz0hwsumzcc98yr60q5umz4n8qfxz9sn was seen connecting to #Nostr in the past day with IP 71.235.183.46. https://iplocation.io/ip/71.235.183.46 #NostrExposedIPs
User @npub19tcpurtt6xulhw0r6sc404j9jraj0h8me2lzs7z2tqewz7l0hpas59nlea was seen connecting to #Nostr in the past day with IP 174.50.213.126. https://iplocation.io/ip/174.50.213.126 #NostrExposedIPs
User @npub1pc4tf4gnld2zm35pcun82f6zy3qu5ulcdqfkpjfjtmw82ursf4xsqjz53h was seen connecting to #Nostr in the past day with IP 94.61.211.119. https://iplocation.io/ip/94.61.211.119 #NostrExposedIPs
User @npub1hu3hdctm5nkzd8gslnyedfr5ddz3z547jqcl5j88g4fame2jd08qh6h8nh was seen connecting to #Nostr in the past day with IP 73.246.237.120. https://iplocation.io/ip/73.246.237.120 #NostrExposedIPs
User @npub1mnjer84a6f7hn7deuvuzxm4kfcuermxpdfn75tuwwqdpn0phejsqqn7dm3 was seen connecting to #Nostr in the past day with IP 107.122.81.84. https://iplocation.io/ip/107.122.81.84 #NostrExposedIPs
User @npub18ktmcfkq422zd83sqqwp3wtxrpfq8znv2rp5tcqkr5d4k64q68aqtfdj5e was seen connecting to #Nostr in the past day with IP 109.178.153.3. https://iplocation.io/ip/109.178.153.3 #NostrExposedIPs