Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Privacy Issues #190

Open
mikedilger opened this issue Jan 25, 2023 · 5 comments
Open

Privacy Issues #190

mikedilger opened this issue Jan 25, 2023 · 5 comments

Comments

@mikedilger
Copy link
Contributor

mikedilger commented Jan 25, 2023

I am opening this issue as a general place to discuss and debate privacy issues surrounding nostr. I will post specifics once I link to it from another thread. #136

@mikedilger
Copy link
Contributor Author

I am trying to make gossip a client that is usable by people who care deeply about privacy. You can disable loading of avatars, checking of NIP-05. It does not use web rendering so there's no deep web-standards gotchas to suprise you. It works great over Tor. I don't think I'll add geospatial stuff because I don't care for it and I don't want to scare away my userbase.

That being said, I don't think adding any feature to the protocol compromises privacy. Because the protocol doesn't create privacy - privacy is something you create for yourself.

Nostr is weakly censorship resistant in the sense that you can move about to different relays and your identity is self-controlled. On nostr, anybody can post anything. That means Google and/or Facebook can post to nostr, and those posts can dox your location. There is nothing we can do to stop this... because we want censorship resistance.

Privacy is not something to require of others, it is something you must achieve for yourself. If you want to keep a secret, don't post it. If you want to hide your location, use Tor and don't leak it. Only use clients that honor your wishes.

Enabling geolocation tags or events does not change this state of affairs.

@mikedilger
Copy link
Contributor Author

I thought for a little bit that maybe each NIP could have a section listing known privacy concerns, like NIP-01 could mention that metadata pictures might be used for tracking, could contain malicious content or could be infinitely sized. But if we did make such lists, I think there's a real risk people would (even if they knew better) come to believe that if they tick off all the items on all the privacy lists that they now have a privacy-aware client, and I'm not so sure we could make lists that are complete. So I'm not so sure.

@ghost
Copy link

ghost commented Jan 26, 2023

I am opening this issue as a general place to discuss and debate privacy issues surrounding nostr. I will post specifics once I link to it from another thread. #136

Thanks for creating this issue.

I am trying to make gossip a client that is usable by people who care deeply about privacy. You can disable loading of avatars, checking of NIP-05. It does not use web rendering so there's no deep web-standards gotchas to suprise you. It works great over Tor. I don't think I'll add geospatial stuff because I don't care for it and I don't want to scare away my userbase.

I appreciate that you care about privacy of users. I have tried gossip but would use it more often now.

Privacy is not something to require of others, it is something you must achieve for yourself. If you want to keep a secret, don't post it. If you want to hide your location, use Tor and don't leak it. Only use clients that honor your wishes.

Enabling geolocation tags or events does not change this state of affairs.

I have shared my opinion in this comment a few minutes back:

#136 (comment)

I thought for a little bit that maybe each NIP could have a section listing known privacy concerns, like NIP-01 could mention that metadata pictures might be used for tracking, could contain malicious content or could be infinitely sized. But if we did make such lists, I think there's a real risk people would (even if they knew better) come to believe that if they tick off all the items on all the privacy lists that they now have a privacy-aware client, and I'm not so sure we could make lists that are complete. So I'm not so sure.

Concept ACK. I like the idea of having a privacy section in most NIPs for privacy recommendations.

@xz-cn
Copy link

xz-cn commented Jan 27, 2023

I like the idea of adding privacy-related section in an NIP. It makes people aware of the privacy challenge one NIP may introduce.

@ghost
Copy link

ghost commented Apr 13, 2023

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants