Thread

No. They do not Especially nostr services that rely on Cloudflare. 😡

They most certainly do not.

Yes. Openly Nostr.build uses Cloudflare CSAM scanning. Everything you iPad upload to them is sent through Cloudflare's servers. That's why I refuse to use them most of the time.

Nostr.build does not use Cloudflare CSAM scanning and they have their own moderation system

You should also read the post you linked to before complaining: “As part of our Application Security offering, we offer a free feature that checks if a password has been leaked in a known data breach of another service or application on the Internet” The website owner enabled this.

In the end, it is about tradeoffs. Cloudflare provides good value for Nostr.build and means your media actually loads fast and reliably and many of the claims are misleading (like the one you reposted) A product can’t satisfy everyone’s needs, but if you think this is important to you, consider making a bounty and see if enough people back it to be worth it.

One last thing: many Nostr relays like nostr.wine run through Cloudflare. When you post an image on Nostr it is automatically scraped and reuploaded to Cloudflare by Primal. And so on. You are concerned about your *public* images being sent through Cloudflare by Nostr.build, all while everyone else is doing the same thing without you even knowing and god knows what else. There’s a lot to be concerned about if you want to be pedantic :)

Cloudlfare scans all uploaded stuff. So, they do, in fact, scan everything. A was told, explicitly, by whatshisface from NB that they do use CF for CSAM. So . . . Did that change? If so, when did that change?

Yes, and also . . . This should NOT EVEN BE A THING. IMO.

Pfft. I don't have the stack to do that. And yes, it is about tradeoffs, and why I have elected to eschew NB as a media host nearly entirely.

Well, great. I didn't know about the scraping. *sighs* Screw it. I'll pretty much only upload memes, then. And I pretty much should just go back to text only. Thank you for letting me know. I do appreciate this.

From my knowledge no, that feature was removed and a mix of custom tooling and standard databases are used.

Well, then I shall not say that anymore. That is at least a good thing. Now if would could just not effing use CF at all, that would be better.

There’s also the scraping you don’t know about so… Pointless concerns. When using Nostr your content and media already gets spread to tens of companies.

*sighs* This is not at all how I envisioned any of this working.

Good to know, I was chatting with them probably this time last year and they had just implemented the CSAM scanning.

Would agree. On this generally. Ill sell/build the service while at the same time being explicit about the tradeoffs, and encourage people to find better alternatives for their needs. As someone who trust no one and runs 99% of things myself.

Cloudflare is a more than acceptable tradeoff in this case. If it had your PII and other sensitive info, probably not (but you could get a DPA anyway) but it’s a Nostr media hosting service.

You expected a protocol that is intentionally designed to spread data to not make your data public?