if you really are that worried about the network correlating an npub to an ip address you just use tor
avoiding associating an npub to an IP address by not signing is not helpful to actual relay service provision, and from an infosec perspective does not really have any impact on surveillance being done on you, because to a spook, 99% certainty is good enough, they are logging IP addresses and reqs anyway, in order to map out the social graph
requiring auth is a relay's decision, and a user does not have to use the relay, and a client dev should not force users to use a relay either, this is one of the things that really grinds my gears about a lot of nostr clients, they just run off and make reqs to all and sundry without even thinking about the consequences
fair enough don't auth to a relay you don't trust, but if the relay demands auth, then don't use it, simple as that
don't take that option out of the hands of the user because there is good reasons why relays might want to give more service to "legitimate" free users as well
mleku / mleku ✝Ⓐ☯︎
npub1fj…mleku
2024-09-30 15:58:35
in reply to nevent1q…yv80
Author Public Key
npub1fjqqy4a93z5zsjwsfxqhc2764kvykfdyttvldkkkdera8dr78vhsmmlekuPublished at
2024-09-30 15:58:35Event JSON
{
"id": "a04c0ebfb74980ce76590888350be580439f85ac1d8db4793a69bff1be8c1dc0",
"pubkey": "4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f",
"created_at": 1727711915,
"kind": 1,
"tags": [
[
"e",
"7dbe25421c7e5fda267f7042f783d9739a9bbb1728a1a2c5a59c933e44939308",
"wss://nos.lol/",
"root"
],
[
"e",
"e2d15e51b2eb96558e2212efeadd6d223306bedbab4e1ed4c3967ed34721dc13",
"",
"reply"
],
[
"p",
"266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5",
"",
"mention"
],
[
"client",
"noStrudel",
"31990:266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5:1686066542546"
]
],
"content": "if you really are that worried about the network correlating an npub to an ip address you just use tor\n\navoiding associating an npub to an IP address by not signing is not helpful to actual relay service provision, and from an infosec perspective does not really have any impact on surveillance being done on you, because to a spook, 99% certainty is good enough, they are logging IP addresses and reqs anyway, in order to map out the social graph\n\nrequiring auth is a relay's decision, and a user does not have to use the relay, and a client dev should not force users to use a relay either, this is one of the things that really grinds my gears about a lot of nostr clients, they just run off and make reqs to all and sundry without even thinking about the consequences\n\nfair enough don't auth to a relay you don't trust, but if the relay demands auth, then don't use it, simple as that\n\n\ndon't take that option out of the hands of the user because there is good reasons why relays might want to give more service to \"legitimate\" free users as well\n",
"sig": "83f9f3e040449b900061c78659ee7007bc4bde931d218d13f8d28b533512b9766579feec282e45160029f4de0d66cbdbb56392ad39f6ae2151b9437cca81070d"
}