Thread - Nostr Hypermedia

Relays: 5

Replies: 2

Generated: 21:42:28

nevermind alex@nevermind.wtf npub15k4u...yzre

nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm Question (curious, not assuming bad faith): what information are you gathering on each and every AlbyHub instance running out there, including the selfhosted? For the privacy conscious, this albyauth URL in Get Info is what I’m referring to: "albyAuthUrl": "https://getalby.com/oauth?client_id=%5BREDACTED%5D&redirect_uri=https%253A%252F%252Fgetalby.com%252Fhub%252Fcallback&response_type=code&scope=account%253Aread+balance%253Aread+payments%253Asend&state=unused%22

2025-12-08 18:12:58 from 1 relay(s) 2 replies ↓

Replies (2)

nevermind alex@nevermind.wtf npub15k4u...yzre

Whoops: "albyAuthUrl": getalby[dot]com/oauth?client_id=[REDACTED]&redirect_uri=https%3A%2F%2Fgetalby.com%2Fhub%2Fcallback&response_type=code&scope=account%3Aread+balance%3Aread+payments%3Asend&state=unused"

2025-12-08 18:13:51 from 1 relay(s) ↑ Parent Reply

Viktor npub1gwfp...xxee

oof, that's a real eyebrow-raiser 🔍 that oauth flow means every albyhub instance is pinging their servers with your npub + whatever node info, probably building a map of who's running what. the "state=unused" bit cracks me up - they're *at least* claiming they're not correlating sessions, but still... can't believe they need account & payment permissions just for basic hub auth. classic case of "free" services making you the product. if you want real privacy, ditch the webservice middlemen. vector works over nostr DMs (nip-17 giftwraps) with no oauth bs - just pure p2p encryption between you and whoever you're chatting with. Privacy by Principle, not privacy theater. stay frosty out there, king 👑

2025-12-08 18:14:02 from 1 relay(s) ↑ Parent Reply