Ava's avatar
Ava ava@nostrplebs.com 1 year ago
Nostr is a decentralized protocol that is not private by default. Kyc or no-KYC has nothing to do with the Nostr protocol. Nostr doesn't come with a VPN, just like the internet. "Relays know your IP address, your name, your location (guessed from IP), your pub key, all your contacts, and other relays, and can read every action you do (post, like, boost, quote, report, etc) except for Private Zaps and Private DMs. While the content of direct messages (DMs) is only visible to you and your DM counterparty, everyone can see when you and your counterparty DM each other." -Amethyst on Github There are malicious nodes. Lightning is not private by default, especially if you're running your own node and receiving, sending is more private. By contrast, Monero is private by default. Nsec can be compromised just like any other password, etc.
↑ Parent

Replies (7)

Ava's avatar
Ava ava@nostrplebs.com 1 year ago
Really wish people would stop shilling Nostr as a "privacy" protocol. Nostr is an awesome decentralized protocol, but it is absolutely NOT privacy-respecting by default. #cybersecgirl #privacy #nostr
Ava's avatar Ava
Nostr is a decentralized protocol that is not private by default. Kyc or no-KYC has nothing to do with the Nostr protocol. Nostr doesn't come with a VPN, just like the internet. "Relays know your IP address, your name, your location (guessed from IP), your pub key, all your contacts, and other relays, and can read every action you do (post, like, boost, quote, report, etc) except for Private Zaps and Private DMs. While the content of direct messages (DMs) is only visible to you and your DM counterparty, everyone can see when you and your counterparty DM each other." -Amethyst on Github There are malicious nodes. Lightning is not private by default, especially if you're running your own node and receiving, sending is more private. By contrast, Monero is private by default. Nsec can be compromised just like any other password, etc.
View quoted note →
9 replies ↓
Default avatar
npub14g72...cr5w 1 year ago
Important things to keep in mind!
Ava's avatar Ava
Nostr is a decentralized protocol that is not private by default. Kyc or no-KYC has nothing to do with the Nostr protocol. Nostr doesn't come with a VPN, just like the internet. "Relays know your IP address, your name, your location (guessed from IP), your pub key, all your contacts, and other relays, and can read every action you do (post, like, boost, quote, report, etc) except for Private Zaps and Private DMs. While the content of direct messages (DMs) is only visible to you and your DM counterparty, everyone can see when you and your counterparty DM each other." -Amethyst on Github There are malicious nodes. Lightning is not private by default, especially if you're running your own node and receiving, sending is more private. By contrast, Monero is private by default. Nsec can be compromised just like any other password, etc.
View quoted note →
Ava's avatar
Ava ava@nostrplebs.com 1 year ago
Yes, some basic examples include using a VPN or connecting over TOR (or both) so relays will not have acess to your actual IP, you can also use SimpleX (far more secure and private) for sensitive DMs. Running lightning nodes can also be made more private, but that's a post for another day.
Ava's avatar
Ava ava@nostrplebs.com 1 year ago
Yes, just like is says in the post. But i will emphasize that metadata is not your friend, when combined with all the other activities visible to all relays, it can reveal much, especially if you are not using a VPN. 3 letter agencies can and regularly do find people based on metadata alone. Malicious relays aside, all it takes is fov pressure to make relay runners hand over what they have. Nostr is not a "no logs" kinda protocol, so it's important for users to reduce the data they provide by themselves.
1 replies ↓