A user by the name of “Ostrich McAwesome” has been doxxing users’ IP addresses recently.
One might say that legacy social media is better for the normie since they don’t have to worry about randos having access to their IP (unless there’s a data leak).
On the flip side, being on Nostr gives one the opportunity to learn from the situation and improve privacy practices moving forward.
With that said, using Proton VPN is as simple as creating an account, logging in, and tapping the quick connect button. They have 3 locations in their free plan and ofc 69 in plus.
If you wanna step it up from here, check out Mullvad or IVPN (they accept bitcoin).
Any other opsec/privacy recommendations for Nostr users?
Nostr doesn't scale, so it made the choice to (usually) host image/video content externally, rather than in the Nostr protocol itself. That's why random people can collect your IP addresses.
If Nostr was a well designed, scalable, decentralized protocol, this wouldn't be an issue. But they're papering over their centralization and scaling problems by hosting big media externally, and relying on the fact that notes are usually small and servers are fast.
reply
What would be your suggestion then to hide the origin of "big" media like images or videos?
Proxy them via random or many other clients? Host them on Usenet?
reply
Seems like a setting in clients to use proxy.whatever.com for img/vid uploads would work?
reply
Yes, centralized services like imgchest, ibb, imgur or even Twitter/Reddit can provide this already.
reply
Having your private relayer is the way to go. I am working on that!
reply
It would be ideal if your Nostr client could detect if VPN is activated and on opening the app issue a warning if VPN is not activated. ~henq
reply
Is it really "doxxing" if one just says what is being published anyways?
Reminds me of those jouranlism "leaks" that found text in html that were hidden via css. That's not a leak. That's public.
reply
It’s on the spectrum I suppose. Clicking on a link and seeing someone’s location is much easier than trying to locate that info on a relay.
reply
2 sats \ 1 reply \ @anon 22 Jan
How did you create this screenshots?
reply
App called Xnapper on iOS.
reply
0 sats \ 6 replies \ @Krv 22 Jan
The entire Internet is like this. Why single out Nostr?
reply
0 sats \ 5 replies \ @Krv 22 Jan
If you don't use a VPN or Tor every site you visit knows your IP. Even if you use a VPN, there are fingerprinting techniques that might still identify you. This problem is not unique to Nostr.
reply
It's a problem nostr doesn't solve. A VPN doesn't really solve it either.
reply
Because it happened on Nostr. Can you go to a website right now and get the IPs of everyone who visited the website, link it to them, and publish it along with their identity/nym?
It’s a learning lesson that motivated plenty of people to begin using VPNs.
reply
7 sats \ 0 replies \ @Krv 22 Jan
Well, I'm not sure how feasible, but maybe the solution should be integrated with Nostr somehow. It's going to be difficult to get everyone to use a VPN.
reply
0 sats \ 1 reply \ @Krv 22 Jan
Hmm, Ok, indeed very concerning.
reply
Indeed. I’m not sure if everyone cares or not, but it certainly got me to finally look into and use one.
reply
With that said, using Proton VPN is as simple as creating an account, logging in, and tapping the quick connect button. They have 3 locations in their free plan and ofc 69 in plus.
Is this an infomercial?
reply