#Bitcoin is Math. 
This post is not an attempt to FUD although this could help in more users being aware of the problems and possible solutions.
## IP leak using profile image
It is possible for an attacker to save a malicious link as profile image and most of the nostr clients leak IP address for the users if they view the profile image in an event or elsewhere.
## Metadata leak in encrypted DM
Attackers can spy using public keys to see who is sending DMs to whom and the time. Although they wont know the content of messages.
## Contact lists
Contact lists are defined in NIP-02 and public information. There are no ways to create private contacts lists right now in the protocol however some workarounds like saving them as encrypted DM.
## Relays
Relays know IP address, user agents, public keys trying to read/write, websocket request info etc. about clients so joinstr uses below things:
1. New keys for posting every event
2. Random subscription id for getting events
3. Websocket connection is closed after each task
4. A new tor circuit is created for each request
You could also run your own relay for some use cases although its always good to use multiple relays. Use clients that care about privacy and VPN/proxy. If you are running a relay, being anon could be helpful if government agencies have issues with some events being published in the future when nostr gets too big.
## Encrypted Channels
NIP-28 defines public channels but there is no way to create encryped channels in the protocol right now. Vishal is working on a NIP, implemented in nostr-console however it is still being reviewed and tested.
🫥🤐🫡
The Biggest Asset in the world is your mindset.
#mindset #biggest #asset