Private Nostr #1183
Comments
|
#566 might be worth mentioning. There's also the signature stripping idea which may or may not be represented above. Also AUTH protected relays, which I've done a fair amount of work on with triflector and relay invite codes. |
|
added! |
|
Looks complete. The only other way would be to use Encrypted Group messages on #686 but that's quite a privacy overkill for most of these "workgroup" notes. You might want to separate encrypted vs non-encrypted stuff for the talk. The number of encrypted options alone can get overwhelming and distract from the goals of these approaches. |
|
I am not sure if this helps, but I used this image in the past to try to map out all of these solutions
|
|
I just created Notestr for private notes (PoC). The flow is here. I think it would be easier to control private notes if they are all in one server. |
|
Just added #1206 |
This comment was marked as spam.
This comment was marked as spam.
|
Could you please come down off your soapbox for a moment and explain what you mean? |
|
The title of this issue made me think about the privacy issue of leaking information binding a client's IP address to it's npub. Maybe that is not what this talk is about. But I'll describe that here anyways. Even though I think the solution is to use another layer (VPN/Tor), I recognize the problem and I think it would be good for nostr users to be fully aware of the fact that this information (binding of IP address to npub) easily leaks.
There might be others. |
|
That's a great shout @mikedilger - I (and a few others) had the chance to speak with a senior member of the Citizen Lab team in Oslo at the Freedom Forum and this was one of the his biggest concerns about Nostr. How there is a much broader surface that can leak your IP address, which is the most well known way that people are targeted. I agree with you that the best solution is going to be using Nostr via a VPN or Tor but we also have to try to ensure that Nostr clients try and use sensible (maybe overly careful) deafults or give users the chance to select those very careful defaults during onboarding - BEFORE the client has connected to anything. |
|
Nostr can provide fully decentralized censorship resistance (which is already pretty amazing) and you can provide your own anonymity and sovereign ownership of it (also amazing), but privacy is very very hard to achieve in this space. I don't think nostr can provide it completely -- and because it can't do it completely, any sense that users have that nostr is providing privacy "mostly" just acts like a lure to trick them into losing their privacy. We would be better off being very clear that nostr does not provide privacy, and that VPNs and Tor are elegant and excellent perfect-match solutions to exactly that problem... and thus trying to solve that problem again within nostr is IMHO both pointless and futile. I made the list because people need to be aware that we are not providing this, because there are lots of privacy leaks, not because I think we can fix it within nostr. But I could be wrong and there are a lot of smart people in this community who might prove me wrong. |
Hold my beer... |
|
Another dimension to the privacy problem that's unrelated to encrypted messaging and IP leaks to various services is that of key management. This comes mostly from the "other stuff" use cases. For example, suppose a senator logs in with nostr to a porn site, linking his fetishes to his policy. We've seen this before, and it's always funny, but on nostr the faux pas would be more implicit on the user's end. I have lots of ideas for addressing this, but none are easy. One is obviously to use different keys for different identities, but taking that to the extreme means one account per service, which eliminates interoperability and brings us back to the status quo. Another approach would be to obscure information about yourself and only share it selectively. This would require either an interactive protocol (request/response), zero knowledge proofs, or some kind of data custody service, all of which increase complexity a ton. I don't know that we need to actively solve this right now, but it's something to pay attention to. More thoughts here. |
|
for a lot of IP hiding stuff we can use MASQUE. notedeck (and other clients) will allow you to load other peoples decks/feeds, so you will have some level of deniability if other people are querying your feed. |
|
Should add back the new NIP-104 |
|
Slightly unrelated but I've come across this project, could any of the privacy concepts demonstrated within the NomadNet project be applied to Nostr in some way? |
|
@erskingardner I'm writing my talk today, I'm going to give an overview of this! |
I wanted to create a tracking issue that collects some of the approaches for making notes more private, or gives more control over how notes are viewed and by who. I have expressed interest in doing a nostriga talk along these lines so I would love to gather all of the approaches for the talk if I end up doing it.
- NIP35: Relay-Specific Notes #1146 @jb55["-"]tag #1030 @fiatjaf- NIP-104: Double Ratchet (End-to-End Encrypted) DMs #1206 @erskingardnerPlease comment here if you have your own approach you want to add to this list!
The text was updated successfully, but these errors were encountered: