IP Doxxing on Nostr \ stacker news ~nostr

2323 sats \ 17 comments \ @thebullishbitcoiner 22 Jan nostr

A user by the name of “Ostrich McAwesome” has been doxxing users’ IP addresses recently.

One might say that legacy social media is better for the normie since they don’t have to worry about randos having access to their IP (unless there’s a data leak).

On the flip side, being on Nostr gives one the opportunity to learn from the situation and improve privacy practices moving forward.

With that said, using Proton VPN is as simple as creating an account, logging in, and tapping the quick connect button. They have 3 locations in their free plan and ofc 69 in plus.

If you wanna step it up from here, check out Mullvad or IVPN (they accept bitcoin).

Any other opsec/privacy recommendations for Nostr users?

view all related items

797 sats \ 3 replies \ @petertodd 22 Jan

Nostr doesn't scale, so it made the choice to (usually) host image/video content externally, rather than in the Nostr protocol itself. That's why random people can collect your IP addresses.

If Nostr was a well designed, scalable, decentralized protocol, this wouldn't be an issue. But they're papering over their centralization and scaling problems by hosting big media externally, and relying on the fact that notes are usually small and servers are fast.

3 sats \ 2 replies \ @tomlaies 22 Jan

What would be your suggestion then to hide the origin of "big" media like images or videos?

Proxy them via random or many other clients? Host them on Usenet?

0 sats \ 1 reply \ @freetx 22 Jan

Seems like a setting in clients to use proxy.whatever.com for img/vid uploads would work?

5 sats \ 0 replies \ @tomlaies 22 Jan

Yes, centralized services like imgchest, ibb, imgur or even Twitter/Reddit can provide this already.

16 sats \ 0 replies \ @nitsuga 22 Jan

Having your private relayer is the way to go. I am working on that!

7 sats \ 0 replies \ @anon 22 Jan

It would be ideal if your Nostr client could detect if VPN is activated and on opening the app issue a warning if VPN is not activated. ~henq

5 sats \ 1 reply \ @tomlaies 22 Jan

Is it really "doxxing" if one just says what is being published anyways?

Reminds me of those jouranlism "leaks" that found text in html that were hidden via css. That's not a leak. That's public.

0 sats \ 0 replies \ @thebullishbitcoiner OP 22 Jan

It’s on the spectrum I suppose. Clicking on a link and seeing someone’s location is much easier than trying to locate that info on a relay.

2 sats \ 1 reply \ @anon 22 Jan

How did you create this screenshots?

2 sats \ 0 replies \ @thebullishbitcoiner OP 22 Jan

App called Xnapper on iOS.

0 sats \ 5 replies \ @Krv 22 Jan

The entire Internet is like this. Why single out Nostr?

0 sats \ 4 replies \ @Krv 22 Jan

If you don't use a VPN or Tor every site you visit knows your IP. Even if you use a VPN, there are fingerprinting techniques that might still identify you. This problem is not unique to Nostr.

0 sats \ 3 replies \ @thebullishbitcoiner OP 22 Jan

Because it happened on Nostr. Can you go to a website right now and get the IPs of everyone who visited the website, link it to them, and publish it along with their identity/nym?

It’s a learning lesson that motivated plenty of people to begin using VPNs.

7 sats \ 0 replies \ @Krv 22 Jan

Well, I'm not sure how feasible, but maybe the solution should be integrated with Nostr somehow. It's going to be difficult to get everyone to use a VPN.

0 sats \ 1 reply \ @Krv 22 Jan

Hmm, Ok, indeed very concerning.

0 sats \ 0 replies \ @thebullishbitcoiner OP 22 Jan

Indeed. I’m not sure if everyone cares or not, but it certainly got me to finally look into and use one.

0 sats \ 0 replies \ @sea_monster 22 Jan

With that said, using Proton VPN is as simple as creating an account, logging in, and tapping the quick connect button. They have 3 locations in their free plan and ofc 69 in plus.

Is this an infomercial?