nostr:npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazcka almost forgot about adding you to this list🥲 I like your perspecitives on privacy and security, let me know if you have anything else to add 👍

nostr:npub1r7psmkr4zv93xnal8un6d8hvmpsn5jvhfzn3kk38rfcel6awznks7znspg

nostr:npub1t3ggcd843pnwcu6p4tcsesd02t5jx2aelpvusypu5hk0925nhauqjjl5g4

nostr:npub1pfmh8z085zlwmwjtq6m4hrgwuw99vjcwkpdf9dr9kmjgfg985jfqu4665m

nostr:npub1ds8fq94ec8h70m00sljstc4puq7mr7aulhp76660324yk4q2mx8sdyf93l

nostr:npub1c9d95evcdeatgy6dacats5j5mfw96jcyu79579kg9qm3jtf42xzs07sqfm

I unfortunately do not have the audience to bring attention to this post, but I've seen a lot of people not fully understanding the situation entirely. If you could critique, comment, or like this if you found this informative or learned something new, I would be very appreciative if you can repost this. If you know profiles who may also enjoy please tag them. If you do, I thank you so much for trying to bring more awareness to this issue 🙃

I fully agree. The problem on Nostr is that you need to trust multiple relays, like around 12-24 depending on your config. I cannot verify that every one of these guys are honest, nor can anyone else. I can verify maybe 4-5, but then I wouldn't see many posts on nostr. You only trust 2 people with your IP if you use traditional social media.

Thank you for being one of the ones who want to try and address this issue instead of ignoring it. I want everyone to use a VPN but the cost of buying one will turn a lot of people away.

It can get as close to the county and community depending on where you are from. It got scarily close, for me, at least. Criminals will use this to analyze your profile and get closer to understand your activities and where you are from. It's why you hear about people getting SWATTed just by their IP leak. Criminals using your social media to track you is nothing new, but adding an exposed IP adds another element on what they can use on knew. It might not directly effect you, but imagine being in a censored state where Russia and China can run a malicious relay to essentially data mine user location on here. They can target someone from these countries based on what they post + their IP.

IP leak is horrible and there is no way spinning it that it isn't easy. It is basic privacy to protect your IP/location and Nostr fails to do this.

Me too, but I haven't ever met anyone in real life that cares about privacy. I think you have a few who care on these more private platforms, but expecting most or some of the 20,000(?) Nostr users to use a VPN won't happen.

This isn't exaggerating. Your country, state, and city is usually revealed. I've tried this in a few different places and it is scarily accurate how close it can get. Not saying this is the case for everything, but the point remains that yoir IP reveals lots of info about you.

No, Tor is slow and VPNs cost money. I doubt most on any social media use any type of iP obfuscation because they don't care or that they trust that the servers they use are safe.

LONG POST Addressing Everything

(TLDR AT THE BOTTOM)

The problem is that this is HUGE PII. Imagine that everything you post is linked to a location that is almost where you live. Like c'mon imagine being in a surveillence state. That state knows you're using Nostr, but not what you post. They can spin up a malicious relay and track the location of every poster not using a VPN. They can specifically look at Chinese or Russian IPs to target a user. It is a terrible practice in general to have your IP linked to the personal info you might post. There are plenty if cases where criminals track social media posts to social engineer you, now they have your IP to craft an easier attack.

You will see people say your IP is public info, but this is worse on Nostr for a few reasons. In most cases, only your ISP and the website will have access to your IP. Like on Twitter and Mastodon/Bluesky they will know your IP. No one knows your IP on Twitter besides Twitter and your ISP. On Mast/Blue only the server you signed up to will know your IP and your ISP.

If a malicious server leaked a bunch of IPs everyone would simply leave and defederate that server. It takes a very long time to build up your mastodon server audience and the operator would be throwing that away if they leak everyone's IP. This is mosy likely rare on any servers that host more than 500 members, but users might be effected if they use an unknown server with around 30 members. A malicious activity pub server can fully track your IP and might abuse it, but the difference is that this is not easily open to the public.

Now on Nostr, anyone can spin up a relay. You do not know if it's malicious or not. A relay can end up being extremely popular to the point where everyone has added it. This is what happened here, we all blindly trusted that this relay is honest and they ended up leaking everything. You cannot easily do this on Twitter or Mastodon because it will become extremely obvious that this person is leaking your IP.

We do not and will still likely never know which relay operator is leaking our IPs, and that is the most dangerous part. Rather than 1 or 2 providers we trust with out IP we are now trusting 12-24 relays with our personal information.

The nostr community needs to stop pretending like this isn't a gigantic issue and how this is the same for any other website.

Like any social media, Nostr isn't perfect because of the number of servers we need to trust to get it working. Mastodon and Bluesky have the problem of trusting one operator (Bluesky fixes this by letting you switch easily).

TLDR: Your IP being public on Nostr is different from most websites. You entrust 12-24 relay providers with your IP and any of them can be malicious. You are adding more and more parties to trust and it isn't easy to verify that these are all trustworthy. If you have too little relays you cannot access everyone's post. This is a BIG problem on Nostr and we need to address it and not pretend like it isn't an issue.

Nostr is a great platform and the best social media community I've ever been apart of, but I cannot in good faith tell my friends that they will be secure on this platform.

This took some time to make so if you enjoyed reading or learned something new please retweet or like so others can see ❣️

#ipleak #grownostr #coffeechain #bitcoin #gm

LONG POST Addressing Everything

(TLDR AT THE BOTTOM)

The problem is that this is HUGE PII. Imagine that everything you post is linked to a location that is almost where you live. Like c'mon imagine being in a surveillence state. That state knows you're using Nostr, but not what you post. They can spin up a malicious relay and track the location of every poster not using a VPN. They can specifically look at Chinese or Russian IPs to target a user. It is a terrible practice in general to have your IP linked to the personal info you might post. There are plenty if cases where criminals track social media posts to social engineer you, now they have your IP to craft an easier attack.

You will see people say your IP is public info, but this is worse on Nostr for a few reasons. In most cases, only your ISP and the website will have access to your IP. Like on Twitter and Mastodon/Bluesky they will know your IP. No one knows your IP on Twitter besides Twitter and your ISP. On Mast/Blue only the server you signed up to will know your IP and your ISP.

If a malicious server leaked a bunch of IPs everyone would simply leave and defederate that server. It takes a very long time to build up your mastodon server audience and the operator would be throwing that away if they leak everyone's IP. This is mosy likely rare on any servers that host more than 500 members, but users might be effected if they use an unknown server with around 30 members. A malicious activity pub server can fully track your IP and might abuse it, but the difference is that this is not easily open to the public.

Now on Nostr, anyone can spin up a relay. You do not know if it's malicious or not. A relay can end up being extremely popular to the point where everyone has added it. This is what happened here, we all blindly trusted that this relay is honest and they ended up leaking everything. You cannot easily do this on Twitter or Mastodon because it will become extremely obvious that this person is leaking your IP.

We do not and will still likely never know which relay operator is leaking our IPs, and that is the most dangerous part. Rather than 1 or 2 providers we trust with out IP we are now trusting 12-24 relays with our personal information.

The nostr community needs to stop pretending like this isn't a gigantic issue and how this is the same for any other website.

Like any social media, Nostr isn't perfect because of the number of servers we need to trust to get it working. Mastodon and Bluesky have the problem of trusting one operator (Bluesky fixes this by letting you switch easily).

TLDR: Your IP being public on Nostr is different from most websites. You entrust 12-24 relay providers with your IP and any of them can be malicious. You are adding more and more parties to trust and it isn't easy to verify that these are all trustworthy. If you have too little relays you cannot access everyone's post. This is a BIG problem on Nostr and we need to address it and not pretend like it isn't an issue.

Nostr is a great platform and the best social media community I've ever been apart of, but I cannot in good faith tell my friends that they will be secure on this platform.

This took some time to make so if you enjoyed reading or learned something new please retweet or like so others can see ❣️

#ipleak #grownostr #coffeechain #bitcoin #gm

I think I was a bit too harsh on my previous post. I am simply amazed with how quick and welcoming everyone was with addressing my concerns. I've tried Twitter, Bluesky, Mastodon and none of them matched the community on here. It's hard to believe in my first few days on here of how kind everyone is. It reminds me of the early days of the internet. I will definitely explore this place more!

Thank you to nostr:npub1pfmh8z085zlwmwjtq6m4hrgwuw99vjcwkpdf9dr9kmjgfg985jfqu4665m and nostr:npub1t3ggcd843pnwcu6p4tcsesd02t5jx2aelpvusypu5hk0925nhauqjjl5g4 for the profile recs and a whole lot of others who replied to my first post 🙂

Do you have any recommendations for artists or tech news and tech enthusiasts like devs or people who create projects?

Thank you so much! I'll check everyone that you linked.

I can't escape, this place is literally a cult. You guys are blindlessly brainwashed by bitcoin to try and make fractions worth of pennies on your posts.

#m=image%2Fjpeg&dim=1008x1458&blurhash=%5E26Hv2%3D%7EIBaL9FoI_4V%5DV%5BRjM%7CofMzs%3DxuxuWBf800-%3D-%3Dxut7WA4nt8t7WBaya%23ozR*RjM%7BM%7Ba%7DbXD%25IURjRjog%7EqR*M%7Bk9IUae4nNFt7RjWVR*&x=ffa44f90d485ec93f8ce3f4488b2c3f3fa072ec8929813850d11d15a2aff74b2