Niel Liesmons's avatar
Niel Liesmons 5 months ago
Is it the domain name that you tie to your person (i.e. the legal identity you choose to use) that is the legal attack vector? If we use #pubky servers or similar for hosting our Community and Personal content, what attacks are we talking about then?
↑ Parent

Replies (1)

Anthony Accioly's avatar
Anthony Accioly anthony@accioly.social 5 months ago
In terms of what would hold up in court, I really can't say. I don’t want to sound too relaxed, nor do I want to paint too much of a dystopian picture… so I’ll focus more on the technical feasibility of deanonymising someone. Yes, DNS is a major one that projects like pkarr, Onion Services, etc., try to address (pkarr is still pretty new, and Tor is no silver bullet). But for personal users, there are a gazillion other layers that can expose them, from software running on their mobile or desktop (starting with keyboard apps, AI tools users have "authorised" to learn from their behaviour, to shady background daemons like Meta was using to the OSes themselves …), them there's your ISP if you're self-hosting, CAs if you are using HTTPS, CDNs, the VPS or Cloud provider provider you're renting hardware from all owning bits and pieces of personal information and metadata that can be pierced together to paint a picture. Then there are all sorts of fingerprinting techniques… and about a gazillion other possible deanonymisation vectors. Again, I can’t say what would hold up in court, but I’d work with the assumption that, for the vast majority of people exposed to Nostr, the authorities can figure out who’s behind an npub or operating a relay fairly easily.
1 replies ↓