FOLLOW US:

Privacy issues when using Nostr

"Hotlinking"

Unlike the commercial social media solutions where you just hit one company's servers, with Nostr you load content from MANY different servers all at once. Every one of those servers will have your IP address. With your IP address they can often determine what city/town you live in. And if they give that information to law enforcement, law enforcement can most likely determine your location more precisely. The servers also have information on what browser and device you're using.

Relay servers

Each relay server in your relay list will also have information on your including what queries you've made, though most relays don't save that information - though they could… They could also build a list of what Nostr accounts are used by each IP address in an effort to profile you.

Media servers

Whenever you see an image or a video those are also loaded from remote servers (not the relay servers). So all those servers have information about you as well. And unlike relay servers where there's a defined list. You could easily pull images and videos from a hundred or more media servers in a Nostr session. Depending on how the client you use is configured, media servers may also know URL you're viewing when you request the image/video. In certain cases that could let them know which profile or particular note you're looking at when you request the image/video. Which amounts to more data they could use to profile you.

Short-term Solution: If the tracking is of concern to you (it's not to many of us), then use a VPN that doesn't track you (most of the free ones and some of the paid ones do track you - so choose carefully!)

Long-term Solution: I expect some client apps/applications will implement a proxy service that will put all image/video requests through their server. But expect that to cost money since it greatly increases the bandwidth they use and could expose them to legal liabilities since illegal content could (briefly) be on their server.

Relays with unencrypted data storage

Currently the only Nostr relay that we know of that has thought through data privacy is our relay - relay.s3x.social. All the other relays assume that because you posted it on a public forum you're OK with your data being unencrypted. This isn't always true and it's not GDPR/CCPA-compliant if you use a conservative interpretation of those privacy laws.

In our case we have the data on an encrypted drive partition and when it's written out for backup files themselves are encrypted. That means wherever those files are stored, they're encrypted.

As a result you'll need to think through whether you are willing to write to (e.g. store data on) relays where everything is unencrypted. Not writing to those relays will reduce how many people see your content - so it's a trade-off.

You can't really delete anything on Nostr

While Nostr technically has the ability to delete content, not all relays and client apps/applications have implemented that feature. Which means when you post to Nostr you should assume that you can't delete delete what you post. That will be an issue if you post when you're drunk or high - or even when you later change your mind and regret what you posted.

This is another reason why you should think twice about what which relays you write to.

Some people in the Nostr community, including Jack Dorsey, prefer not having the ability to edit or delete. Jack has said he's a huge fan of no delete no edit. That it mirrors real speech, that it's "human", that it's "raw and real". Others in the Nostr community are pushing back against this idea. And yet others are pushing to have self-destructive notes that get deleted after a set period of time.

Our relay will have redundant ways to delete data. But we can't delete what you write to other relays.

Private messaging meta data is never encrypted on Nostr

One privacy concern with Nostr is that when you private message someone people can tell the two of you are having (or have had) a conversation. They can't see what was said, but they know you chatted. It's a bit like being able to see two people talking in a crowded bar, but not being able to hear their conversation.

Like the other privacy issues mentioned here - whether this an issue for you depends on the level of privacy that you need. If you want a higher level of privacy, we suggest you use a good quality encrypted chat app such as Signal.

Zaps have zero privacy!

When you "zap" someone (which is a bit like tipping them), everyone knows who paid who and how much was paid. If you want to pay someone more discretely use a Lightning invoice - then far fewer people will know who paid who and how much was paid. But realize, ultimately nothing is every really private with crypto since the blockchain has a record of every transaction. Lightning payments (not including zaps) are probably the most private since they're "off-chain". So bottom line understand the privacy implications of crypto before using it. It may not be a private as you think.