Nostr (Notes and Other Stuff Transmitted by Relays) is a decentralized, open protocol for social networking, which offers better privacy than centralized platforms like X (Twitter). But there are still some privacy concerns.
Metadata Exposure
Even if messages are encrypted, metadata (timestamps, IP addresses) can be tracked, which reveals user behavior patterns.
Relay Trust
Users must trust relays not to log or misuse data. A rogue relay could log or track user data.
Default Encryption
Nostr supports end-to-end encryption, but it may not be enabled by default. This risks message interception by relays.
Public Keys Exposure
Public keys are visible and this allows tracking of user activity across relays and over time, which compromises anonymity.
Replay Attacks
Without proper timestamping, messages can be replayed by attackers. This can cause misinformation or identity spoofing.
User Behavior Analysis
Posting frequency, interaction patterns and network activity can still be analyzed, which can be used to profile users despite decentralization.
My best advice:
Use a VPN or Tor to hide your IP.
Choose trusted relays like https://pmnr.xmr.rocks/
Maybe avoid posting at regular intervals or revealing your location through content.
Be cautious with personal information (as always).
Use secure devices to access Nostr.
Stay informed.
DMs are just unsafe at the moment. Waiting for https://keychat.io to get audied, until then use https://simplex.chat
This would be in the news if they were doing this without any form of user "consent" like Apple and Meta do by prompting you to backup your messages
If you're not using an alternative Android OS then Google Messages is actually the best choice because you get end-to-end encrypted RCS with other Google Messages users, and possibly iPhone users in the future.
Apple has plaintext cloud backups for Messages app (SMS/MMS & iMessage) so they have access to your texts sent to iPhone users, along with the carriers.
That would be the least of my worries as SMS is completely unencrypted, but Google can do whatever they want on most devices as Google Play services is a privileged app, they're not exfiltrating your text messages though.
I would like an option to have it all I'm the same feed
Sir Tim Berners-Lee also works there.
He's a knight btw.
I don't use any, well technically the AOSP one since it comes with GrapheneOS. I would recommend Google Messages as it has RCS support but they've been soft blocking users on an alternate OS. Quik is really good though https://github.com/octoshrimpy/quik
Also HeliBoard debug is listed instead of a release version. I reported this via in app feedback but I'm not sure if that works
nostr:nprofile1qqsvzkj6vkvxu745zdx7uw4c2f2d5hzafvzw0z60zmyzsdce9564rpgpzpmhxue69uhkummnw3ezumt0d5hsqs8r5u donates zaps to GrapheneOS
BUT MY EXISTING MONEY GETS DEVALUED AND I FORGOT TO SPEND IT OR PUT IT IN A BANK
Yes, usually you just trust on first use then updates signed with a different key won't get through
