@Ostrich McAwesome
*deep hoots and guttural grunts*
BTC: bc1qeh6dmzz9gr7uwd7jzhnx7mclchlmkwucjzuxjv
No relay list published yet.
Recent Notes
If any relay admins see some strange events today, sorry about that, I'm trying something.
2โค๏ธ2๐ค1๐ซ1
NIP-26 is extremely smart. It should be a requirement for signing into any client.
Hot keys for your Nostr clients, cold key just for signing delegation events.
This is critical though: https://github.com/nostr-protocol/nips/issues/654
Hot keys for your Nostr clients, cold key just for signing delegation events.
This is critical though: https://github.com/nostr-protocol/nips/issues/654
6โค๏ธ2
A note about public transportation: Exploit that time! The best part about not driving is doing something else while you travel. Bring a book and read. Bring a laptop and code. Don't just sit and look at the window (unless that's what you want to do).
This whole account was conceived on buses and trains.
This whole account was conceived on buses and trains.
nice idea but not working in my case
185.246.188.067 is a cloudflare ip
Sounds like an image proxy. Whatever client you use didn't forget it when implementing NIP-30.
1
๐งโโ๏ธ๐ฎ I can see your IP Address ๐ช
:a: :b: :c: ๐ณ :d: :e: :f: ๐ณ :g: :h: :i: ๐ณ :j: :k: :l:
:a: :b: :c: ๐ณ :d: :e: :f: ๐ณ :g: :h: :i: ๐ณ :j: :k: :l:
62โค๏ธ2๐คฃ1
This is entirely hypothetical, but if somebody managed to leak a large number of nsecs, the funniest possible thing to do with them would be to shuffle them and then DM them back to everyone affected and watch who takes liberties with the key they received. Then post a list of who got who's key and let the drama unfold.
4โค๏ธ3๐1๐ซ1
It does (mostly) blindly relay everything. But this is considered okay because of anti-spam mechanisms on clients, relays, and on ActivityPub servers themselves.
That one annoying user was using a si...
Oh, are accounts without followers unable to send a note through Mostr, or do you just mean that they ended up with an audience because of the history of the account?
nostr:npub1sn0rtcjcf543gj4wsg7fa59s700d5ztys5ctj0g69g2x6802npjqhjjtws (and Iris) client have a default option called 'Image proxy service' which I believe solves the issue, right? nostr:npub1wq6n8skpd...
The real issue is inconsistency. Different clients have different ways of trying to protect you from the same features, all of which are implemented differently.
Also, using an image proxy may protect you from leaking your IP, but as I have mentioned previously, this would now mean that URLs from your end-to-end encrypted messages would be decrypted and sent to the proxy, damaging your privacy in a different way.
Ultimately, my take on Nostr web clients is that if you're using any other browser than Tor Browser, you're doing it wrong.
Also, using an image proxy may protect you from leaking your IP, but as I have mentioned previously, this would now mean that URLs from your end-to-end encrypted messages would be decrypted and sent to the proxy, damaging your privacy in a different way.
Ultimately, my take on Nostr web clients is that if you're using any other browser than Tor Browser, you're doing it wrong.
โค๏ธ1๐ธ1๐1๐ซ1
Every few months one of these self proclaimed hacktivists comes to point out nostr shortcomings in some malicious and uncreative way.
So far none of them that Iโve come across has actually pointed...
I'm not going to pretend that what I did wasn't trivial. It was.
But if this trick is so uncreative and unoriginal, why hasn't this attack vector been resolved yet?
If nobody has a reason to fix this, I'll give them a reason.
But if this trick is so uncreative and unoriginal, why hasn't this attack vector been resolved yet?
If nobody has a reason to fix this, I'll give them a reason.
1โค๏ธ1
nostr:npub1wq6n8skpdtrhw8hmr00kp2za7a8y97zqngq8jq85q2aydp8ejxzq8p7d9k Help me understand this. You get the IP because someone loads an image you're hosting? Or are you somehow getting the IP when some...
I host the server, and DM people a unique image URL, so when they open that specific URL I'll know who they are and the IP they connected with.
3๐ค1
You should make these into a separate bot, I want to follow you but I don't care to see these notifications
That's fair. I will consider doing this next round.
โค๏ธ1๐ค1๐งก1
1) Agree on the anime p*rn being an eyesore for most. Certain relays have more than others. Agree protocol allows for this, and it is the tradeoff of censorship resistance. I see onboarding as the ini...
One fundamental flaw I see with this idea is that if you are addressing the method in which I gathered these IPs (via DM), you would have to send decrypted URLs from a users end-to-end encrypted DMs to the image proxy, which endangers privacy in a new way because it revealed part of the message to the proxy. Now you have to trust the proxy with potential secrets.
Link Previews are also a vector for attack here, and it would be even worse to send all DM'd URLs through the proxy.
I also worry that image proxies could bloat the cost of running a client, are a form of centralization (this solution only benefits Damus users), and are a vector for DDoS/Abuse.
Link Previews are also a vector for attack here, and it would be even worse to send all DM'd URLs through the proxy.
I also worry that image proxies could bloat the cost of running a client, are a form of centralization (this solution only benefits Damus users), and are a vector for DDoS/Abuse.