Thread - Nostr Hypermedia

Vitor Pamplona _@vitorpamplona.com 1 year ago

We saw the flaws on SimpleX when building NIP-17. Basically, with SimpleX you have to trust the server you are using (both sides) to not log anything down. And they are upfront about this in their docs. For instance, their recommendation is to use a different server and different IP address for each contact in your list. But their app just bundles everything as one. So, servers can see a LOT. They have promised to not log things down, but if they want, they can (I run a server for a while to test these tracking capabiltiies out). Ideally, you should never user their default servers because if they can see both the receiver and the server channels in the same machine they can link a lot of people together and slowly figure out who is who. NIP-17's goal was to reduce the metadata leaks to the relay you are using such that you don't need to trust to not track you down. With the help of broadcasting relays, it's virtually impossible for relays, including your own inbox DM relays, to figure out who you are talking to.

↑ Parent

Replies (7)

crany 👽🧡🗿 crypt0cranium@nostrcheck.me 1 year ago

reading up...

GitHub

nips/17.md at master · nostr-protocol/nips

Nostr Implementation Possibilities. Contribute to nostr-protocol/nips development by creating an account on GitHub.

Ava ava@nostrplebs.com 1 year ago

Thank you for the reply. I understand your point. What do you say about their "private message routing" that was added earlier this month?

SimpleX network: private message routing, v5.8 released with IP address protection and chat themes

Vitor Pamplona _@vitorpamplona.com 1 year ago

It's their response to NIP-17. They basically created their own "GiftWrap", like we have. They shouldn't have forced the 2-hop step though. It's important that the forwarding relay ALSO can't track who you are sending things to. I would never use SimpleX without that setting on and I would NEVER use their own servers. Too bad those are optional things and not a required part of the protocol. In the same way, never use Nostr with the default relays of any client. Educating users on the power of relays and allowing them to pick relays has to become a key part of using the protocol. Otherwise, we are just going to centralize again, which defeats the whole purpose of Nostr. BTW, they could have used Nostr relays to be routing nodes. They would have tapped a much bigger network of servers for their user's to choose from.

frphank 1 year ago

Your "broadcasting relays" idea scales like shit.

1 replies ↓

Vitor Pamplona _@vitorpamplona.com 1 year ago

Have you tested it or are you just wishful thinking as usual?

frphank 1 year ago

30 years of observing attempts at distributed systems fail over and over again.

frphank 1 year ago

I know on nostr you can't ban people but can we make an exception please and ban this horrible "BitTorrent mainline" @npub1jvxv...7yqz person from liking my notes please. 😮