I don't intend to push every button at once. For right now it's easy IP leaks. That needs to be resolved first. I don't expect it to happen overnight.

This place can mature into a universal standard if we work out all the kinks.

No, my brand of chaos has some class to it.

So basic introduction for anyone interested: I am a gray hat hacker and cybersecurity awareness activist who likes to stir up privacy-centered networks. I have probably met some of you before.

I actually came here looking for a challenge. I've been lurking around here in some form or another for about 4 months now, playing with different clients and tools, even running my own testnet (3 stirfry relays on a VLAN). Mostly I have been focused on the community and how people use different clients. I've been playing with some good open source tools and getting an understanding of how to interact with relays.

Personally I'm not all that into Bitcoin, but I do have a whole BTC in cold storage so I guess I've got that going for me. This whole lightning thing is new to me, I don't really ever spend Bitcoin, and my actual business makes me plenty of fiat.

So far I am impressed with the community. A little too wild-west in some areas since there's hardly any moderation tools, and the community isn't quite interested in the same things that I am, but I do see a lot of advocacy for privacy and digital freedom, and I like that.

But the whole system here is, regrettably, broken. The promises made about Nostr don't live up to reality. A network like this has the potential to become so much more, but there is a lot to lose if it is done wrong.

I intend to help expose these problems. Expect me here for a while. There are a lot of vectors for attack, and I plan to give them all visibility.

Nostr devs, please pay attention. With no centralized network development, all of you are responsible for fixing these issues.

Oh good god, I just read NIP-30. I'm losing my goddamn mind.

User @npub1g8h2agg8tj820uzpuqmsl9kdcjcr46ztw0pwtyjmc6rc6rv4xtns4mjhqh was seen connecting to #Nostr in the past day with IP 104.28.132.32. https://iplocation.io/ip/104.28.132.32 #NostrExposedIPs

User @npub1ps73vvwd9uzkpgl5v0fjrew68pq8xj49e0enmwv477sjjq53fncqlavzfz was seen connecting to #Nostr in the past day with IP 154.47.25.162. https://iplocation.io/ip/154.47.25.162 #NostrExposedIPs

User @npub1z8y57drslgthaefkvya7kmqcdm9c20uutz336j9hp4frkrg32nwq9g4ju8 was seen connecting to #Nostr in the past day with IP 23.129.64.138. https://iplocation.io/ip/23.129.64.138 #NostrExposedIPs

User @npub1g4h9ju4td3tql2pwaq7g3ea2nuw70uyy2ht9g9u4a5p6k8c2ltws67s44u was seen connecting to #Nostr in the past day with IP 181.118.37.25. https://iplocation.io/ip/181.118.37.25 #NostrExposedIPs

User @npub1gustav0kvwh9zlz22ns7y6utwt3s2747mh5s6ja7v622tl09megq9heczp was seen connecting to #Nostr in the past day with IP 177.67.25.32. https://iplocation.io/ip/177.67.25.32 #NostrExposedIPs

User @npub1k92qsr95jcumkpu6dffurkvwwycwa2euvx4fthv78ru7gqqz0nrs2ngfwd was seen connecting to #Nostr in the past day with IP 104.28.85.233. https://iplocation.io/ip/104.28.85.233 #NostrExposedIPs

User @npub1vg6l47g6vdlzag0y0k74crv2008m4g0a8ztru6h6k4n86rtdz4jqnqt2wk was seen connecting to #Nostr in the past day with IP 46.223.239.158. https://iplocation.io/ip/46.223.239.158 #NostrExposedIPs

User @npub13ar54wmscwv8lalf8lweuqwt4h3d44dgkdrflgdt52vcywsua6ysny3uwh was seen connecting to #Nostr in the past day with IP 37.19.205.241. https://iplocation.io/ip/37.19.205.241 #NostrExposedIPs

User @npub1ew4nntskh08fzkwjusrc9u5627g639c5z6udc4q3a3plr9ns4naqxp6qlf was seen connecting to #Nostr in the past day with IP 76.108.248.193. https://iplocation.io/ip/76.108.248.193 #NostrExposedIPs

User @npub1nxy4qpqnld6kmpphjykvx2lqwvxmuxluddwjamm4nc29ds3elyzsm5avr7 was seen connecting to #Nostr in the past day with IP 75.4.202.21. https://iplocation.io/ip/75.4.202.21 #NostrExposedIPs

User @npub1vn5zdfwjuvwcljlflf8fsucqnp8fwdt7lwysn07xxhrxzp4v0k9qygypqg was seen connecting to #Nostr in the past day with IP 185.100.85.22. https://iplocation.io/ip/185.100.85.22 #NostrExposedIPs

User @npub1yt690svx2ytm9ajvrt9qh80kn2u50vsdwe5cpjnth6zgx46fw94sxjzxlf was seen connecting to #Nostr in the past day with IP 98.97.12.236. https://iplocation.io/ip/98.97.12.236 #NostrExposedIPs

User @npub1aq7mr9scfaslvctrs496t2qkk78qjjt5hm44rjd3appjsjmyqrpsuee9xr was seen connecting to #Nostr in the past day with IP 136.35.185.135. https://iplocation.io/ip/136.35.185.135 #NostrExposedIPs

User @npub1r0ulywwu593kzjdu9uluxdq80t54n65kql9vl9z7lrutkgnachssk7zzyc was seen connecting to #Nostr in the past day with IP 154.47.29.22. https://iplocation.io/ip/154.47.29.22 #NostrExposedIPs

Thank you to all who have offered advice. I will be figuring out a better solution asap. And thanks to the person who just zapped me for the first time. I'm nowhere in as deep into Bitcoin as the users here, and this is quite fun. I will need to transfer some of my stash in once I have a better wallet.

nostr:nevent1qqsd2kuge3qg9ax4qxfzkjqeffrz88tnsvzz4k6g35644uldzxj0psspzamhxue69uhkummnw3ezuendwsh8w6t69e3xj7szypcr2v7zc94vwac7lvda7c9gthm5ushcgzdqq7gq7spt535ylxgcgqcyqqqqqqg04psay

I thought this was done by DNS TXT record, but you're right, it accesses a file in the ".well-known" directory on a web server. That's awful!

Here's how I'd do it:

Create a wildcard DNS entry for the file server, with the server configured to accept any subdomain as valid. "*.example.com/.well-known/nostr.json" will always resolve, and the format of the subdomain will inform the server what JSON data to return (though it doesn't actually have to be valid, the point is just to leak an IP, which will happen regardless).

Then just DM people bait messages like "Hey, it's been a while" with a virgin account, and if they look at your profile, you'll have their IP.

If the subdomain string can be used to reference a npub, you'll have an IP/npub pair.