A user by the name of “Ostrich McAwesome” has been doxxing users’ IP addresses recently.
One might say that legacy social media is better for the normie since they don’t have to worry about randos having access to their IP (unless there’s a data leak).
On the flip side, being on Nostr gives one the opportunity to learn from the situation and improve privacy practices moving forward.
With that said, using Proton VPN is as simple as creating an account, logging in, and tapping the quick connect button. They have 3 locations in their free plan and ofc 69 in plus.
If you wanna step it up from here, check out Mullvad or IVPN (they accept bitcoin).
Any other opsec/privacy recommendations for Nostr users?
Nostr doesn't scale, so it made the choice to (usually) host image/video content externally, rather than in the Nostr protocol itself. That's why random people can collect your IP addresses.
If Nostr was a well designed, scalable, decentralized protocol, this wouldn't be an issue. But they're papering over their centralization and scaling problems by hosting big media externally, and relying on the fact that notes are usually small and servers are fast.
What would be your suggestion then to hide the origin of "big" media like images or videos?
Proxy them via random or many other clients? Host them on Usenet?
Seems like a setting in clients to use proxy.whatever.com for img/vid uploads would work?
Yes, centralized services like imgchest, ibb, imgur or even Twitter/Reddit can provide this already.
Having your private relayer is the way to go. I am working on that!
It would be ideal if your Nostr client could detect if VPN is activated and on opening the app issue a warning if VPN is not activated. ~henq
Is it really "doxxing" if one just says what is being published anyways?
Reminds me of those jouranlism "leaks" that found text in html that were hidden via css. That's not a leak. That's public.
It’s on the spectrum I suppose. Clicking on a link and seeing someone’s location is much easier than trying to locate that info on a relay.
How did you create this screenshots?
App called Xnapper on iOS.
The entire Internet is like this. Why single out Nostr?
If you don't use a VPN or Tor every site you visit knows your IP. Even if you use a VPN, there are fingerprinting techniques that might still identify you. This problem is not unique to Nostr.
Because it happened on Nostr. Can you go to a website right now and get the IPs of everyone who visited the website, link it to them, and publish it along with their identity/nym?
It’s a learning lesson that motivated plenty of people to begin using VPNs.
Well, I'm not sure how feasible, but maybe the solution should be integrated with Nostr somehow. It's going to be difficult to get everyone to use a VPN.
Hmm, Ok, indeed very concerning.
Indeed. I’m not sure if everyone cares or not, but it certainly got me to finally look into and use one.
It's a problem nostr doesn't solve. A VPN doesn't really solve it either.
Is this an infomercial?