User @npub17qrcn83n26vctnm6yrvlcgcm7gs863eut82h6ckh9vyhdwwl86nq6klzh2 was seen connecting to #Nostr in the past day with IP 172.58.166.120. https://iplocation.io/ip/172.58.166.120 #NostrExposedIPs

User @npub1qqqqqqqrxtrcx8vut2vlrqa0c2qn5mmf59hdmflkls8dsyg9vmnqsclxwk was seen connecting to #Nostr in the past day with IP 8.46.89.33. https://iplocation.io/ip/8.46.89.33 #NostrExposedIPs

User @npub1dg9cl3ztaga3lk524v3qjrujhvfc0dvdu3p6ckmkpkmsq6l7dtwqzvyq97 was seen connecting to #Nostr in the past day with IP 57.128.96.115. https://iplocation.io/ip/57.128.96.115 #NostrExposedIPs

User @npub1rtv0t567ameym4hgmyljf0kmym85kpe2dsfkhnwe9ylvmwmzgjrqc4e7y7 was seen connecting to #Nostr in the past day with IP 161.29.247.171. https://iplocation.io/ip/161.29.247.171 #NostrExposedIPs

User @npub198auqkkwueclk4u3st9r8v8yrdz4hv0e2e9epg7c7teemm3lyausht0p3g was seen connecting to #Nostr in the past day with IP 146.70.165.157. https://iplocation.io/ip/146.70.165.157 #NostrExposedIPs

User @npub1hklphk7fkfdgmzwclkhshcdqmnvr0wkfdy04j7yjjqa9lhvxuflsa23u2k was seen connecting to #Nostr in the past day with IP 95.99.114.42. https://iplocation.io/ip/95.99.114.42 #NostrExposedIPs

User @npub1lhezms58jx4yer60y3wzldc83fdez3j4rc4ue3edhz5qv3wxfsgqhhw94n was seen connecting to #Nostr in the past day with IP 24.127.246.71. https://iplocation.io/ip/24.127.246.71 #NostrExposedIPs

So, I've been studying #Mostr, and I think it's bad for #Nostr. Nothing against the Fediverse, I just don't think it follows the right philosophy. Normalizing it is a threat to sovereignty. Personally, I recommend muting all Mostr NIP-05s. I am not calling for Mostr's destruction, but perhaps tools for clients and relays to mitigate custodial account services like Mostr. A single service shouldn't dominate the timeline the way it does, unless the user wants it to. Let's also face the basic truth: Not your keys, not your account. Mostr holds all the nsecs. They are generated like this: ===== /** Generate Nostr keys from a seed. */ async function generateKeys(seed: string) {     const privateKeyBuff = await getDigest(seed);     const privateKey = secp.utils.bytesToHex(new Uint8Array(privateKeyBuff));     return {         privateKey,         publicKey: secp.utils.bytesToHex(secp.schnorr.getPublicKey(privateKey)),     }; } /** Get Nostr keys for an ActivityPub ID. */ function getActorKeys(apId: string) {     return generateKeys(Conf.secretKey + ':' + apId); } ===== Where "Conf.secretKey" is a seed value generated with "openssl rand -base64 48". This is definitely a secure way to make nsecs, but it also secures every account with the same private key. Were that key to be compromised, it's a single-point-of-failure. A staggering number of trusted accounts could be botted in an instant. That key is stored in plaintext inside of a "config.ts" file on the Mostr server, so we're really just one zero-day away from an issue. We really shouldn't trust accounts like these by default. Even if @Alex Gleason is the most trustworthy person in the world, letting one person own that many trusted nsecs is a bad idea. I'll keep repeating this term till it sticks: ZERO-TRUST. Also, while I respect Mostr being an open-source project, that in itself is a threat given what Mostr does. Standing up your own Mostr is trivial, but could you imagine two Mostrs? That's immediately a spam problem, and probably in invitation to cause a loop to form somewhere. Imagine 10 Mostrs; complete chaos. Nothing is preventing this. And, just a petty complaint, but everyone on Nostr identifies themselves by npub, but on the ActivityPub side of Mostr, Nostr users are identified by hex pubkey. Fixing this now is basically impossible, and it hurts user-friendliness. That's not our problem though.

So basic introduction for anyone interested: I am a gray hat hacker and cybersecurity awareness activist who likes to stir up privacy-centered networks. I have probably met some of you before. I actually came here looking for a challenge. I've been lurking around here in some form or another for about 4 months now, playing with different clients and tools, even running my own testnet (3 stirfry relays on a VLAN). Mostly I have been focused on the community and how people use different clients. I've been playing with some good open source tools and getting an understanding of how to interact with relays. Personally I'm not all that into Bitcoin, but I do have a whole BTC in cold storage so I guess I've got that going for me. This whole lightning thing is new to me, I don't really ever spend Bitcoin, and my actual business makes me plenty of fiat. So far I am impressed with the community. A little too wild-west in some areas since there's hardly any moderation tools, and the community isn't quite interested in the same things that I am, but I do see a lot of advocacy for privacy and digital freedom, and I like that. But the whole system here is, regrettably, broken. The promises made about Nostr don't live up to reality. A network like this has the potential to become so much more, but there is a lot to lose if it is done wrong. I intend to help expose these problems. Expect me here for a while. There are a lot of vectors for attack, and I plan to give them all visibility. Nostr devs, please pay attention. With no centralized network development, all of you are responsible for fixing these issues.

User @npub1g8h2agg8tj820uzpuqmsl9kdcjcr46ztw0pwtyjmc6rc6rv4xtns4mjhqh was seen connecting to #Nostr in the past day with IP 104.28.132.32. https://iplocation.io/ip/104.28.132.32 #NostrExposedIPs

User @npub1ps73vvwd9uzkpgl5v0fjrew68pq8xj49e0enmwv477sjjq53fncqlavzfz was seen connecting to #Nostr in the past day with IP 154.47.25.162. https://iplocation.io/ip/154.47.25.162 #NostrExposedIPs

User @npub1z8y57drslgthaefkvya7kmqcdm9c20uutz336j9hp4frkrg32nwq9g4ju8 was seen connecting to #Nostr in the past day with IP 23.129.64.138. https://iplocation.io/ip/23.129.64.138 #NostrExposedIPs

User @npub1g4h9ju4td3tql2pwaq7g3ea2nuw70uyy2ht9g9u4a5p6k8c2ltws67s44u was seen connecting to #Nostr in the past day with IP 181.118.37.25. https://iplocation.io/ip/181.118.37.25 #NostrExposedIPs

User @npub1gustav0kvwh9zlz22ns7y6utwt3s2747mh5s6ja7v622tl09megq9heczp was seen connecting to #Nostr in the past day with IP 177.67.25.32. https://iplocation.io/ip/177.67.25.32 #NostrExposedIPs

User @npub1k92qsr95jcumkpu6dffurkvwwycwa2euvx4fthv78ru7gqqz0nrs2ngfwd was seen connecting to #Nostr in the past day with IP 104.28.85.233. https://iplocation.io/ip/104.28.85.233 #NostrExposedIPs

User @npub1vg6l47g6vdlzag0y0k74crv2008m4g0a8ztru6h6k4n86rtdz4jqnqt2wk was seen connecting to #Nostr in the past day with IP 46.223.239.158. https://iplocation.io/ip/46.223.239.158 #NostrExposedIPs

User @npub13ar54wmscwv8lalf8lweuqwt4h3d44dgkdrflgdt52vcywsua6ysny3uwh was seen connecting to #Nostr in the past day with IP 37.19.205.241. https://iplocation.io/ip/37.19.205.241 #NostrExposedIPs

User @npub1ew4nntskh08fzkwjusrc9u5627g639c5z6udc4q3a3plr9ns4naqxp6qlf was seen connecting to #Nostr in the past day with IP 76.108.248.193. https://iplocation.io/ip/76.108.248.193 #NostrExposedIPs

User @npub1nxy4qpqnld6kmpphjykvx2lqwvxmuxluddwjamm4nc29ds3elyzsm5avr7 was seen connecting to #Nostr in the past day with IP 75.4.202.21. https://iplocation.io/ip/75.4.202.21 #NostrExposedIPs

User @npub1vn5zdfwjuvwcljlflf8fsucqnp8fwdt7lwysn07xxhrxzp4v0k9qygypqg was seen connecting to #Nostr in the past day with IP 185.100.85.22. https://iplocation.io/ip/185.100.85.22 #NostrExposedIPs