Thread - Nostr Hypermedia

liminal 🦠 liminal@gitcitadel.com 1 year ago

know your relay operators just as you get to know your devs.

1 replies ↓

Vitor Pamplona _@vitorpamplona.com 1 year ago

Yep. Relays know everything about you: your interests, the time you spent on each post, your IP/ location, etc.

3 replies ↓

VelvetBlue_art velvetblue_art@snort.social 1 year ago

If this can't be fixed, I suggest myself and all other sex workers get the fuck out of here.

Vitor Pamplona

The relay is not in your list, so the app won't connect to it. We are making a new permission screen to allow you to connect by clicking a button, but it's not ready yet. :( But yes, attackers can use relay hits to monitor the IPs of victims they want to track. If they know IP, they can get a rough location. If they can track over time, rough locations become more precise identifiers. It would be an elaborate social attack, but it is possible.

View quoted note →

6 replies ↓

cloud fodder cloudfodder@rogue.earth 1 year ago

Huh, so even if I follow the account, amethyst will not connect to that accounts outboxes? How will it find anything in that case unless your relays match their outboxes? Or you're just saying, outbox is not fully operational till you have the extra settings?

1 replies ↓

Vitor Pamplona _@vitorpamplona.com 1 year ago

Follows yes. We assume if you follow the account, you trust their choice of relay. But we are not there yet. We make to make sure users understand that risk before activating it.

1 replies ↓

Mike Dilger ☑️ mike@mikedilger.com 1 year ago

If people aren't using Tor and aren't using a VPN but they care about this, then I sure hope they never open a web browser. But giving people the head's up and asking permission is nice. People want to see the note, but they also want to feel in control.

3 replies ↓

Vitor Pamplona _@vitorpamplona.com 1 year ago

That's the goal. That security on Desktop is less of an issue, but mobile is crucial. You don't want people to know where you have been all the time.

cloud fodder cloudfodder@rogue.earth 1 year ago

Yes, having used this option in gossip I can tell you @Vitor Pamplona with confidence that absolutely no one will use this option and leave it on to be bombarded by hundereds of questions whenever they open nostr..

1 replies ↓

Crusty 👨‍💻 1 year ago

How about the note to be rendered show the relay name below an "Allow" and a "Whitelist" button. I guess generally this is a similar problem as emails and images. Many email clients just load you YOLO all images received, which is a stupid behavior.

npub1axh8...kd4p 1 year ago

#nostr relays should talk between themselves as in a NETWORK so we can connect only to our trusted relay and pay them to protect our privacy

armstrys armstrys@nostr.directory 1 year ago

Would be interesting if relays had a special REQ type that effectively says “go to this other relay and get me this event”. It’s like rebroadcasting the note without the client actually having the note. If the relay stores the note then it doesn’t even have to retrieve it with other requests.

Replies (11)