Consent | Nostr Privacyconsentonchain.github.io/blog/posts/nostr-privacy/
4505 sats \ 8 comments \ @Valley_D0g 22 Dec 2022 nostr
write
preview
related posts
598 sats \ 0 replies \ @BlueSlime 22 Dec 2022
Nostr is currently a leaky ship with a lot of bad practices baked into the NIPS (external links to profile images LOL)
That being said, I think it is a great paradigm shift towards what is essentially a decentralized database query protocol. There's many cool applications that are waiting to be built!
There's also a lot of challenges yet to be solved with pubkey based identity. Like, how do you rotate private keys if your key is compromised? There's no password reset in ECDSA :-D
What an exciting future! Can't wait to build on top of it.
reply
10 sats \ 0 replies \ @shyfire 22 Dec 2022
I fully support the development of nostr. My favorite thing about it is that it has no token, however I won't be using it just yet because of the issues pointed out in the writeup.
reply
51 sats \ 3 replies \ @Crizzo 22 Dec 2022
How terrible of an idea is it to be running nostr on the same computer that I manage my LN node on?
reply
81 sats \ 2 replies \ @gandlaf21 22 Dec 2022
You mean a relay?
The more stuff is running on your computer, the more attack surface it has.
I would try to run BTC+LN on a separate machine
reply
10 sats \ 1 reply \ @Crizzo 22 Dec 2022
No, not a relay. I guess I'm not technically "running nostr", just using a client and sending/receiving messages and I use the same computer to access my Umbrel node which runs on a separate Raspberry Pi. I don't think I could compromise my node unless I did something really stupid like running a shady executable. I like to think I'm pretty smart about avoiding stuff like that, but maybe there's something I'm not thinking of.
reply
10 sats \ 0 replies \ @gandlaf21 23 Dec 2022
If you don't want to trust any client, you can write your own, it's quite simple! or audit one that's open source, I think they basically all are .
Other than that you should be fine, i think there is more risky stuff running on your machine.
As far as umbrel goes, i heard that it's communication is unencrypted, and basically relies on your network not being compromised ( if it's on the same network as your public Wi-Fi, that's probably not great). So maybe running it in a separate network and using vpn to Access it might be a good idea. I don't know enough about that though, so please don't take my word for it.
reply
0 sats \ 1 reply \ @zeRealSchlausKwab 23 Dec 2022
Good post, thank you!
reply
0 sats \ 0 replies \ @Valley_D0g OP 23 Dec 2022
no probs ser
reply