Thoughts on keto diet and longevity?

Can we get more newspapers included here? NYTimes mirror I found. Thank you for setting this up!! #[0]

Are relay operators the new facebook, twitter, or tiktok? What if a relay operator starts monetizing on user data? I asked myself these questions and wondered how nostr does from an informational self-determination (control over how your personal information is used) stand point. Informational self-determination, at its core, aims at making sure that your personal information is only used with your consent or at least within the boundaries set by the law in which the individual resides. Regulations such as the Californian CCPA, Canadian Privacy Act, EU GDPR or Chinese PIPL are spelling out the nuances of each cultural jurisdiction’s interpretation. When posting via nostr, your content message (so called notes), together with your public key, chosen name and bio as well as ip address are collected via the nostr client and shared with relays operators. Such data, even if not necessarily tied to your real name, is still likely regarded to be personal, as it relates to a specific individual (and is connected to a unique identifier - the pubkey). With this functional simplicity in mind, let us take a look at the consequences this might have for client provider and relay operator. The client provider should not have access to your information, unless you are using a cloud client. Consequently there is not much to comply with, assuming the provider does not deviate from the basic idea of the nostr protocol, which is to connect the user to a relay. Nevertheless, a clarification about how your data is processed in form of a privacy notice would not be a bad idea. Something else holds true for the operator of a relay (and to an extent the provider of a cloud operated client), which actively process personal information on an infrastructure which they have control over. In information privacy terms that is similar to a company such as Twitter, Meta or Google. These companies determine the means and purpose of the processing and are therefore subjected to regulatory oversight, including fines. If that would really be the case, relay operators would for instance have to comply with: - The principle of purpose limitation and transparency. Meaning they would need to display a privacy notice before a user can connect to the relay and make sure that any processing of the information on their relay stays within the margins of what has been communicated; - The right to deletion, meaning being able to purge all user data from its servers when requested; - Ask for consent if any personal information is shared by the relay operator with another operator of a different relay; - The right to receive a copy of all personal information stored on the relay server, as well as export that data in a commonly used and machine-readable format; - Conclude specific privacy contracts with hosting providers (e.g. AWS, Microsoft); - Data localization requirements, meaning keeping the data stored in a specific geographical jurisdiction. Is this outcome however desirable? Is the relay provider really deciding on the means and purposes of the processing (determining factor) and should therefore be subjected as the main actor to regulatory compliance? Nostr is a protocol with predefined means and purposes, as long as relay operators stay within the rules of that framework, is there really a use of information similar to what big tech companies are doing? A relay provider offers an infrastructure, often free of charge and with the good intention of contributing to the nostr community. But how can we separate the “good” from the “bad” operators? To whom should the rules apply and who should be exempt?Abuse and data capitalism are real risks that privacy laws are trying to mitigate. In order to make running a public relay less risky and at the same time promote informational self-determination, I expect (hope) that NIPs (Nostr Implementation Possibilities) will steer relay operators through regulatory difficulties. Regulation by design; “privacy by protocol” if you will. Some paid relays already operate a website which could be further populated to acknowledge a privacy notice and display which NIPs have been adopted. Clients could provide links to these websites, or even adjust their interfaces accordingly. A combination of certain NIPs could work as a privacy certificate. Nostr is still early and rather focused on growth (rightly so). It would however not harm to get a discussion started. There is an opportunity here for developing not only a decentralized protocol that is simple and therefore suited for mass adoption, yet also one that respects informational self-determination, and prevents exploitation.