Nostr is private, or is it? \ stacker news ~nostr

1602 sats \ 21 comments \ @kenn_b 27 Oct 2023 nostr

Using Nostr has been great, I just wonder about this. People use nostr for all kinds of stupid shit (depending on their state of mind) and perhaps at some point they might want to revise some of the interactions they had with the protocol. If I understand it correctly, each relay you choose to interact with keeps copies of your data which begs the question, how do I remove stuff from there if I change my mind. The relay has no obligation to remove stuff. So, unless I use pseudonym, I am quite exposed to the stupidity of my younger self :).

Am I totally off mark here?

view all related items

235 sats \ 4 replies \ @Natalia 27 Oct 2023

it's not private, people can simply use the public key login into others' account

read everything you had followed
see who and when you talk to in Dm

And the fact that you can't delete the posts is actually quite "scary", better think twice before posting anything there ; But in a way it's good too, as it trains you to think what should be in public eye, because the internet never forget.

0 sats \ 0 replies \ @Zepasta 27 Oct 2023

deleted by author

0 sats \ 2 replies \ @kenn_b OP 27 Oct 2023

Thanks. What if I change my nym and profile info? Would then I be pseudonymized or will the original info be anywhere?

100 sats \ 0 replies \ @Natalia 27 Oct 2023

but your public key remains the same.

5 sats \ 0 replies \ @Zepasta 27 Oct 2023

It will probably be somewhere. If you want to change identity without trace it's better to just create a new private key.

210 sats \ 0 replies \ @03365d6a53 27 Oct 2023

Not private at all

If you want privacy, use Simplex

40 sats \ 1 reply \ @0x032e5661c6 27 Oct 2023

The nostr protocol has an improvement proposal (NIP-09) that touches on Event Deletion (Kind 5). https://github.com/nostr-protocol/nips/blob/master/09.md

Nostr kind 5 is a best effort approach and relies on both the client and the relay on observing the protocol rules. It is by no means perfect. Nothing is.

It will not save you in court.

It is no different to Facebook or Twitter deleting your posts on request but storing a backup on file.

https://delete.nostr.com is a tool that uses NIP-09 (Kind 5) to delete nostr notes.

0 sats \ 0 replies \ @Zepasta 27 Oct 2023

Sadly not all Relays will adopt deletion of posts.

30 sats \ 2 replies \ @shyfire 27 Oct 2023

Even using a pseudonym may not be enough, because relays obtain your IP address which reduces your anonset to everyone in your household

0 sats \ 1 reply \ @Zepasta 27 Oct 2023

People who care about Privacy will be using a good VPN to hide their IP.

0 sats \ 0 replies \ @shyfire 27 Oct 2023

True, but defaults also matter. You are by default blasting your IP to a world of relays when you use nostr

21 sats \ 1 reply \ @0245bdaef2 27 Oct 2023

If you want privacy sit alone in the woods. Nothing that goes on the internet can be taken back. When you hit send (and even sometimes when you don’t) there are hundreds, maybe thousands of computers bouncing that information around.

Which is better, Twitter telling you it’s “deleted” (but really just gone from sight) or Nostr being upfront with you about this important fact?

Privacy exists between your ears and very few places besides. Act accordingly.

0 sats \ 0 replies \ @kenn_b OP 27 Oct 2023

good point. easy answer :)

25 sats \ 0 replies \ @sebastix 27 Oct 2023

Nostr is freedom technology, not a technology build for private communication. Nostr is far from private, the content you share is public by default (there are some exceptions).

Text notes (kind 1) are wrapped in events which are defined regular:

for kind n such that 1000 <= n < 10000, events are regular, which means they're all expected to be stored by relays.

And with "stored by relays" this means stored permanent. Nostr does not provide a way to update or delete the content related to these kinds. Anyone can fetch those events with content.

When you update your profile, you will publish a new event with updated content. Relays are fetching the newest event with this kind (kind 0), and you should consider the following (this is a quote from NIP-01, you should read it): A relay may delete older events once it gets a new one for the same pubkey.

Always keep in mind every event you publish could be on the internet forever. It all depends on the behaviour of relays.

This is a good read from hodlbod if you would like to dive a little deeper: https://blog.coracle.social/posts/1687802006398

On the other hand, Nostr offers privacy by default. Let me copy-paste this from my recent blog:

The signing of events are done with the same public-key cryptography as you can find in bitcoin for signing transactions. Like Bitcoin, Nostr is not anonymous. Your identity is a pseudonym. You have full control of what you share with this pseudonym. If you desire full anonymity, you have to use clients which use the Tor network for example. Or use the Tor network on your behalf while using Nostr clients.

5 sats \ 1 reply \ @erict875 27 Oct 2023

It's OK and highly desirable to disagree with your former self, we do it all the time. This is how we grow as a person.

0 sats \ 0 replies \ @kenn_b OP 27 Oct 2023

well put:)

5 sats \ 0 replies \ @DarthCoin 27 Oct 2023

If you want a private communication over nostr, then use a private relay only for your private peers.

0 sats \ 0 replies \ @adexmakai4211 28 Oct 2023

I also believe you can set up Tor/Onion on amethyst if you're so much concerned about privacy.

0 sats \ 0 replies \ @adexmakai4211 28 Oct 2023

Really!? Nostr is not private by any means. It's an open source that powers other clients that built on it. So it's not private but readily available for anyone to build on.

0 sats \ 1 reply \ @fabian 28 Oct 2023

Nostr is not private, who told you that?

0 sats \ 0 replies \ @kenn_b OP 28 Oct 2023

nobody, just trying to understand