Relay operators, please provide a privacy policy and terms of use on your website. Otherwise, we will assume you are tracking everyone and selling our data as a product for profit.
Time to show us who you are and what you stand for.
Login to reply
Replies (93)
Only if you put relay feeds on amethyst first
π
Is this really an expectation? Iβm just a noob who barely knew how to put a relays together.
My terms and conditions: treat my relay as a cardboard box π¦
Itβs holding your notes for now. π
It's getting there, I am just finishing the way we manage subscriptions and data sources :)
Irrelevant. They can still track you.
Does it really matter if I don't sell user data? It's a public relay, anyone can scrape and sell the data. Just because the operator doesn't sell it doesn't mean it's not being sold.
Ok I'll start working on privacy policies then sir
Are you deleting stuff? Do you delete CSAM? Are you saving logs of what each pubkey is querying and receiving from your relay? Are you building interest lists per pubkey?
Yes. Are you, the relay operators, deleting stuff? Which ones? Where is the line? Do you delete CSAM? Are you saving logs of what each pubkey is querying and receiving from your relay? Are you building interest lists per pubkey? Etc etc.
Do it to be an example on how relay operators should disclose.
I literally donβt know how to do any of this. π
Itβs an Aegis relay with a paywall. So everything in is relatively clean.
Lol, I have run a SimpleX server. You can definitely track people if you are the server.
And so the fiat capture begins
I will still assume they're doing it. A privacy policy and terms of service on the website won't actually stop relays from tracking us and selling our data, but I commend you making them accountable, with statements on the line βοΈ
I work for the KGB and regularly hand over printouts of every AI-generated Bitcoin meme I spot on Nostr to my superiors.
π€£
I sell to a mixture of kgb raf cia interpol mi6 fbi and gfy
I've thought for a while we need a NIP for specifying censorship levels. I think, strategically, it should be a few simple "main" tags -
0. Nothing filtered
1. Spam filtered
2. Protocol strict (requirements like NIP-13 PoW levels, or proper adherence to other NIPs)
3. Content filtered (CSAM removal, etc.)
4. Npubs banned for permanent or extended periods
5. Users perma-banned (trying to match npubs to user identities and stop them from coming back on a new npub)
When the "content filtering" or ban tags are used, secondary tags could be added to specify the details.
Aside from relay operators self-reporting, users could also use these tags to report observed relay behavior.
The strategic element is that when it's configured this way, any relay that accepts takedown orders from the authorities is automatically at one of the highest levels of restriction, and any relay that accepts orders to ban people is at the highest level of restriction, period. The authorities would look silly for telling citizens they're never allowed to venture into relays tagged 0-2, and π²π
ππΏπ²πΊπ²πΉπ silly for telling citizens they're never allowed to venture into relays tagged 3 or 4.
Typo: tags could be comingled, so the authorities would only be against tag 3 without tag 5.
There is no need for nips and the amount of diversity among relays is soo big that it will be hard to standardize. They just need to describe in text what their position is. This is not hard.
!!!! π―We need one Npub to track them and their new implementations , something like Relay News
You're wrong, this is hard, especially when nostr becomes P2P in the future. The network and its users will need to be able to identify node behavior, and the strategic factors I explained will be very important. The question isn't whether we'll ever have a NIP for this, the question is whether we will use a system like I suggested to properly addresses the issue
It it true but relay have more datas about client (ip, browser, app...), thisi s not yet a public data here.
But you are true we all publish things that can be scrap by anyone.
And it is easier for "fake or bad" relay to use/sell/exploit it
You think it matters if relay operators build interest lists per pubkey, as anyone can do with the data on the relays like the guy you're replying to said
But you told me we'll never need a NIP for addressing the first question: "are you deleting stuff"
I see how you think this way, but refactor it a bit?
The standardization is not needed, neither with interest lists, nor with deleting practices.
Yep, and anyone can build it
We are so far from this that it doesn't even need a legal policy, but if it is legally binding, it is even better.
How do you expect a P2P network to handle this stuff without it being standardized?
Do you think everyone will just become tech nerds that study the details of how their apps work and naturally migrate away from apps that are damaging the network? Because, no
Contracts are contracts π€·πΎββοΈ
Choose relays like you choose keys to follow. Don't just randomly choose them and accept what other tell you. Each operator has a completely different view of another. They are just people in the end. You cant standardize people.
Ah true. I didn't consider the data a relay operator may have that's not just nostr events.
True. But I don't want to scare them off from providing brand information.
You're absolutely right. I had not considered all the data
And who will check ?
If i have a relay to feed my AI, i want maximum notes to feed it.
I will say i am an angel, to everyone publicly to have the most message on my relay.
Who will check that really ? and how ?
It is really nice to have this subject, and having different point of view.
For me if you add this feature (text or code), it will have to be useful and trustable or it will be useless and will not avoid bad relay to lie.
thank you for this thread with @π΅πΈ whoever loves Digit
Anyone of their users can check.
It's always been there. In our NIP-11 documents, completely clear for users. :salute: :love:
My privacy policy is I dont do shit with your data, that's more trouble than it's worth π
But now I have another thing to add to grain! It's a great idea to have a standard PP/ToS in the repo that displays on the frontend footer and can be changed by the operator.
You say "don't just randomly choose"
People will naturally choose what the authorities market the hardest, even worse than random choice
And you're expecting them to do better than random choice without a system to help with it. You're wrong
People will naturally gravitate to a small number of apps based on what other people are using and if those apps aren't standardized to report on each other's behavior, they'll barely notice when those apps start sabotaging the network
If more nodes are suddenly becoming what would be tags 3 and 5, but there's no tagging system to automatically stop relying on those nodes, π€π§ ππ© π‘πππ¨π© π©π€ πππ‘π₯ π©ππ πͺπ¨ππ§ π’ππ£πππ π©πππ©, then people won't even notice someone's posts being filtered until it's been months since they heard from that person.
This is like how on the current version of nostr, there's no P2P data integrity verification, so people don't even notice someone's posts being filtered until it's been a long time since they heard from that person.
Network nodes aren't just people
Put on the website. Users don't see NIP-11 documents.
Thank you for reading π€
If they delegate their choice to the authorities, they are going to be slaves forever.
Regardless of how much the protocol tries to protect them.
You don't need nostr to be a sheep. And nostr can't block you from being a sheep.
Really ? How ?
"I swear i will not track you" => how do you really check that ?
"I swear i will not sell or use your data for AI" => how do you really check that ?
It is just promises here, and you can't say you can check it.
We need a solution for a better proof, or?
No need for proof. The free market will take care of that part. Once commitments have been made, we can all verify it.
I want proof of code, where the code is disclosed.
Only later or?
Of course this is there as well. :zap:
It's available an noticed on relay subscription page: https://jellyfish.land/relay
The direct link: https://jellyfish.land/tos.txt (The one mentioned on NIP-11 docs)
If you have any suggestions to put it somewhere better, we are open to suggestions. :innocent:
Most relays don't disclose their code. And they can always be running this without letting you know. You will always need to trust their word on it
Being proactive makes a difference
If the first nostr app with P2P data integrity verification ALSO has this system for users to see reports of what censorship level each relay is at, we create natural momentum towards people thinking it's silly to never venture outside tag 3+5 relays
If the first app like that has no solution to this problem, there's natural gravity pulling people to split off into a bunch of echo chamber cults that attack members for venturing outside their chosen bubbles
The Jellyfish relay service is completely transparent and we provide clear tos and privacy policy on our NIP-11 for users. :rocketship:
It's important to know how the relay you are connecting to works in detail. It's important for relays to respect deletions, vanish requests and protected events! :eyes:
Be careful about where you publish your events and ask your friends to find you there. :100percent:
Drawing the line can also get more and more complicated
Is it selling data if you get paid by a nonprofit to run the relay and the nonprofit gets donations from a company that sells data scraped from the relay?
Is it selling data if you later end up marrying the daughter of a company that was selling data scraped from the relay?
"daughter of a company" is a typo but corporations are people so it's fine
This is great. Simple and efficient. I would just design it better to make sure people read it. Presenting the rules in a preemptive way can be a source of trust for your business.
Not sure that would ever be possible
You are true, my point is just that :
If you add a feature, have a large view of it to know if it is useful and trustable. Or it is just a useless layer added.
If you add a declarative new feature here, just be sure it is trustable enough, or it will just be useless because any relay could just lie about it without any consequence.
Enforcing the network is important, as the bitcoin network is.
But i think it is important to know if any new feature like the one you are talking about can be verify.
It is the "problem" of any decentralized network. You can trust in the people who have build the network but not the one who came after to use it and make it grow.
It work the same way for any project not only #nostr
#nostrIdea
π€
Thanks a lot! :salute:
Of course. We will keep your suggestion and we may go for a infographic like page to present tos ans privacy policy for everyone to have a quick and complete lookup. :eyes:
This problem persists if we connect on relays that support Tor?
Yep. Relays know everything about what you are asking and what they are returning, regardless of how many tors for vpns you use.
Correct me if I'm wrong, but doesn't the use of a proxy provide some anonymity? Sure, relays can see everything associated to an IP, but unless the client does something to identify itself (like signing an event, AUTH, etc...), it's just data in aggregate. Can't associate it to a specific npub.
Seems a little sensationalized, tbh. Relays can be scraped without content, so I donβt what difference does it make?
They still need to see your query and will always know which events to send back. From those things, it's very easy to figure out which key you are using.
Some relays can literally sell information like when you are connected, from which IPs and thus locations, what searches do you make and which posts are you looking at in real time. Lots of companies buy that information.
What I wrote didnβt make sense but it seems like you got what I was trying to say.
Fair point regarding the scope of information they have, and yeah, I can see some concern down the line.
I have to think through it some more and keeping an open mind, but the way Iβm seeing it right now is if youβre using a public relay that you arenβt paying for then yeah, youβd run that risk. If itβs a paid relay and part of their ToS is not selling your information, then thatβs the safer route for the end user.
Though I think for notes to proliferate youβd inevitably have to connect to at least 1 or more public relays that public goods.
I will not. You can't tell me what to do.
Any relay implementations that can provably reduce what the operator sees from incoming connections and requests?
Impossible. The relay (and any server) needs to know what you want to see.
relay.tools has Policy both in nip11 and on each relay's landing page. since 2023.
mostly all i got was complaints about it. but its there anyway.
I see how publishing would expose who is using a relay, but for reads maybe you could do some kind of blinded tokens?
Or are you talking about nostr events in general, just chillin on a db and potentially being monetized?
The operator's should run relays ike their shot callers on a prison yard ...
@sandwich does ToS and PP belong in NIP-11?
The only private data relays should have in my opinion is what and when I'm querying. All I'm sending to the relay I want to be broadcast to the world. They should politely not log my IP but then again, it's my responsibility not to show it to them.
Any protocol that relies on relays keeping secrets in my eyes is flawed as the relay operator that leaks information will always have a financial edge over those that don't, either because he's directly getting paid to leak or because he invests less in not getting hacked.
Jw, can you possibly expand on this? I know nothings truly perfect, but I'm curious to know how? Thanks in advance
You can always connect incoming requests with IP and IP with location. You can see who is starting channels, who is participating on which channel and if you use the same server across many contacts, the server can link all of them together. SimpleX says in their own spec that each contact should use a different server. But that is never true in practice. 99% of people just use the same default servers. So those servers can see everything.
Thanks for the insightful reply! I'm still fairly noob, so excuse if this is an ignorant question: would a trusted VPN be enough to mitigate this? For context, my threat model for online communications assumes everything will be weaponized against everyone eventually. (I'm aware of badness enumaration and it's unfeasability, but I find it CAN be useful)
No
Probably. Someone should PR NIP-11, would propagate changes faster than a note
Though having on the webpage is better. Users rarely see the NIP-11 when browsing for a relay.
Makes sense. Would it be technically possible for a more privacy-focused client to seed queries with a few random requests? For example, add a few random npubs to a follow list query. The client then discards the random data received before serving the followed feed to the user. This might be analogues to padding techniques used in VPN protocols to evade DPI.
Only if we find a way to encode the filter amin some homomorphic encryption... π€
Agreed. We need a way to see relay configs easily, too. Does this exist?
Dear Vitor
Why not create a cripto note for my private groups ? Hidden the cryptonote is the mission of the relays, for best visualization of the threads. The task of create a top secret note is of clients!
Why wait for ?
Do not ask !
Just do it !
My neighbor works for D.I.V.A. ( Departament of investigation of Life of Anyone ) Every street of earth have an office of D.I.V.A.
Do you buy a new car ? Painted your house ? Your daughter have a new boy friend ? DIVA talks to everybody in social networks FREE ! Beware of D.I.V.A.
Clients could expose the TOS and PP via NIP-11, which is how users could see it.
Only relay operators know what is being request, who is doing the requesting and habits around requests (timezone inferrence, etc)
Yea, I quickly realized this. Jumped the gun on my original reply. Although I did phrase it as a question! I knew I was missing something simple. π
Its generally unprovable and you're better off just assuming hostiliy from the network participants and act accordingly
A news and a kind of usage i was thinking about.
You think they will care about policies and claims ?
nevent1qvzqqqqqqypzpml96ysd7rxzjra8fpe8ldz6cjru4tf5d48j9yatq60g7q0u2xvpqy88wumn8ghj7mn0wvhxcmmv9uq36amnwvaz7tmwdaehgu3wvf5hgcm0d9hx2u3wwdhkx6tpdshszyrhwden5te0dehhxarj9ekk7mf0qqspa76sg505t5ma9vlxyvxvc6yyxrr68dnc00ykgm4lh6g33hgdyzgu2v2g3
Nobody cares about policies and claims until shit hits the fan. Then everybody learns and become extremely affraid of what can happen to them when they don't follow the rules.
exclude bad relays that are not doing what they claim ?
don't misunderstand me i am not saying policies are not good idea.
i am saying how useful it can be if relay claim fake policies and do the opposite.
without being able to verify and no consequence if it is fake.
In a "perfect" trust world it is fine, but in this growing decentralized web of trust it is a little more harder.
If someone goes to a lot of effort, yes. I don't think there is anything inherent to Nostr that is privacy preserving though.
"Remember, relays can see what your Nostr client is requesting and downloading at all times. They can track what you see and see what you like. They can sell that information to the highest bidder, they can delete your content or content that a sponsor asked them to delete (like a negative review for instance) and they can censor you in any way they see fit. Before using any random free relay out there, make sure you trust its operator and you know its terms of service and privacy policies."
View article β
You need to work hard towards that, selecting reputable relays plus using Tor or a VPN, religiously removing metadata from any files you post, and making sure you never post anything that might lead back to you in the real world. One failure and it's ruined. This is no different than other social media, or the Internet in general really.
It is also easy to mass collect notes. I run a WoT relay. It collects notes from ~60000 npubs on a 2 core VPS with 2GB RAM, and it's barely working to do that. I assume govt agencies are already doing the same, except with infinitely more hardware power, capturing every note that is posted. Using AI to correlate and scan, figuring out who is who.
I would never recommend Nostr to someone on the basis of it being more private, as I feel I would be doing them a disservice. It has many ticks in the plus column, but I didn't think being inherently designed for privacy is one of them.