Login to reply
Replies (37)
What’s this?
Open it in primal and see
@walker what do you see here?
This is excellent
cc @:P
This is an interesting tool 👀
Cc @MAHDOOD
Huh.
Amethyst
Primal
Primal
Damus and Nostur get a nice green light
Jumble passes here
Seems like Primal is run by a bunch of cunts
Just checked primal vs amethyst. Pretty neat.
CC @IntuitiveGuy☯️ 👀
When I open it with primal it’s different than the thumbnail. Weird
And there you go. Tampering
What are you using to detect proxies? User agents?
Also blossom can help prevent tampering with media since the files sha256 is in the URL which is in the signed event
UA.
Also Primal ignores blossom hashes and does not validate. Not sure if they even do failover
And I might also know of a way to bypass Blossom checks in several clients
Most web clients cant easily validate the hashes since its not possible to get the raw blob from a <img> element. I have a button to do it in noStrudel but the user has to intentionally click it
Also it does not detect 
which is the image proxy that noStrudel can use :)
GitHub
GitHub - willnorris/imageproxy: A caching, resizing image proxy written in Go
A caching, resizing image proxy written in Go. Contribute to willnorris/imageproxy development by creating an account on GitHub.
Will implement.
The manual verify button has a problem as well
On njump 
Fixed false positive due to odd behavior from Chrome Android
When you upload to @@nostr.build it’s exposes IP to their server when they encrypt it afterwards 🤷♂️
No tampering detected on Yakihonne
oof
It loaded eventually, false alarm
I thought caching made things work better 🤔😂
LMAO
I don't know what it means. And don't have times to investigate further 😅
Amethyst all day, buddy.
Apps gonna do what apps gonna do. Welcome it all. Nostr protocol needs more protection for end users … not barriers for apps.
We need a NIP for clients to voluntarily disclose their data handling … and a network of users and devs that incentivizes them to use it.
Primal is just the beginning. There will be more … lots more.
Success for Nostr depends on real world businesses integrating with the protocol. WE ALL KNOW that end user sovereignty is good for business (don’t we?) AND YET the dominant paradigm of black box apps will not go away without some hand holding.
We SHOULD be building a protocol and libraries that make it easy for businesses to OFF-LOAD more and more of their data to Nostr … but we SHOULD NOT chastise business for simply having black boxes and trying to make money.
Black boxes are the old business model. Freedom tech is the new… but transitions are complicated.
View quoted note →
I appreciate this as a tool to increase transparency … for end users to be aware of the app choices they make.
While I DON’T think app shaming is at all in order … more spotlights are always needed.
Coracle? Really?
On nostrudel.ninja, no image shows up at all. 
FreeForm not recommended. 
NOT YOUR CACHE, NOT YOUR DICPIC