In contrast, if the app builds-in tor support (or its own tor service), it'll work regardless of how you're connected or your network is layered (as long as it isn't breaking TCP?).
It doesn't work (yet) in the Tor Browser without disabling private browsing mode.
Amethyst app works with Orbot (VPN mode). Posting this from an Android phone using Tor.
Overall I agree privacy could be improved a lot at protocol level and in different nostr clients. I had written a post about nostr privacy recently that youihjt find interesting: https://consentonchain.github.io/blog/posts/nostr-privacy/
The problem with Orbot's VPN mode is it doesn't support chaining with another (real) VPN, since Android only natively permits one VPN at a time. This is a problem for users in places where the Tor network is blocked (and Tor Bridges / obfuscated relays are, too, or are unreliable), because you need an initial hop outside of the Great Firewall in order to reliably link to Tor.
I wouldn't actually use me as the model for "paranoid user support," because my opsec is pretty casual these days relative to ten years back. I'd say a standard "reasonably private without being a pain" setup would be to connect to Nostr through the Tor Browser (included by default) running on the Whonix VM images. The Tor Browser by itself is probably enough for most people, but Whonix layer helps prevent network leaks in the event of malware or a misbehaving app, for those for whom those are relevant concerns.
Snort.social isn't (yet) working on Tor (without disabling private browsing mode), but I think they have a pull request up on their git, so hopefully soon. I only mentioned it because I saw it during testing and liked the UX. I'm using iris.to right now through the TBB, and it works fine. Only thing I've noticed missing is the NIP-05 profile field.
I don't really *need* a nip05 yet, because my key has a memorable prefix that's not (yet) trivially brutable. Will add one eventually -- and FWIW I really appreciate the offers from everybody who already reached out to help on that.
Realistically, I think 90% of potential users won't becoming from desktop clients, they'll be coming from mobile, so I think the real key is to build mobile apps that have a checkbox to route their traffic through the local tor instance. IIRC, 127.0.0.1:9050
Great response. Thank you for the help!
Ok, now I'm sorry.
I'm not a dev, but I don't think it's actually a hard requirement (at least in Firefox, which the TBB forks from) to write to local storage. I think other sites write to memory, if localdb write fails -- or I think that's what snort.social was looking at on their git issue, but I may be misremembering. In a privacy browser, persistence isn't really a good thing.
Since Alby is centralized (please correct me if I'm wrong -- looks like LUD16 addresses and you're requesting email conf), why not just throw a warning banner (that local storage is disable, and you'll have to either enable it or reenter your key after every browser restart)? May be worth thinking about what *must* be written, and what can be regenerated / re-polled, but I'm just a user.
Cheers.
It doesn't work, unfortunately. Current version of Alby improperly depends on localdb storage in the browser, which can't (shouldn't) be enabled in the Tor Browser because it opens vulnerabilities. I actually wouldn't be Alby because of this, but I found a (terrible, painful, not recommended) workaround that let me limp along.
Many nostr webapps fail entirely in the Tor Browser due to missing exception handling for when localdb writes fail -- like snort.social -- and others initially appear to load but then don't function when you click buttons that write to localdb. Credit to snort.social, because I think they're actually looking at doing a patch to fix it, which is nice because I'd like to try it. Other webapps do work just fine (e.g. https://iris.to, which I'm using right now in the Tor Browser), because either they've written in fallbacks for when localdb is unavailable, or are written to avoid the problem, or... I don't actually know, but somehow they work.
For browser extensions like Alby, nos2x (on github) is an open source example that works fine. Please look at how they implemented it and push an Alby update. Because anybody privacy-conscious enough to use Nostr is probably privacy-conscious enough to be tempted by the Tor Browser, and in the long term, if people like me have to choose between Alby and Tor, Tor comes first.
Best regards.
8 characters? Ambitious.
Displays fine via iris.to!
You can still delete the things you share, though. Kind of. If the relays play along. I tried.
Intentionally. Yeah, definitely intentionally. That's the ticket.
Yeah that was luck, but the fact that it's pronounceable is great, because now impersonators need to brute 12 instead of 7!
Done
It's a small network, so I'm basically just going to follow everybody right now. If you get unfollowed later, don't feel bad: it's probably not something you said. Just matching network size.
11chars is too tough without GPU, renting time on a CPU cluster, or letting it run for... months? If you pick many alternate targets, you can probably hit a 7char on a reasonably modern CPU in a day. A specific 7 (like mine) took me 3 days.
Remember: each extra char sends the work required to the moon.
if itโs the initial block download that slows you down, you can use a CLN plugin that queries multiple block explorers for block data: https://github.com/nbd-wtf/trustedcoin
not the most self-sovereign setup but beats nothing ๐
Pretty clever hack. Thanks for sharing.
My man, you try syncing the blockchain over Tor in "a couple hours tops." Let me know if it works!
Yeah, it's just a huge PITA right now to spin up a full node over Tor, rather than just share a pubkey (from Electrum or whatever desktop wallet) that the other person's client knows how to permute. Artifact of the invoicing system...
Oh wow okay you guys can stop sending. It works! Thank you!
It's me. Here's what I used: https://github.com/grunch/rana
The fact that there's *any* native support for a neutral payment layer on Nostr is a big deal, because at the root of it, money is just another message: transmit, receive.
I don't know if my Lightning address on here actually works (and I'm not excited about how centralized the LUD16 Lightning Address providers are...), so please don't try to send the family farm. But I'll let you know if something comes in.