Hey all - I’m wondering if someone can help me out:
I’m liking how Nostrudel is working as a service from start9, the way it auto connects to my lightning node etc - very nice indeed.
I’m just wondering though, from a privacy perspective, is using the .onion service URL, in say Tor browser different than using the .local URL?
Since start9 server is a TOR native server, am I is it unnecessary to use tor browser? i.e. is .local providing a tor connection to nostrudel relays regardless?
A year or so ago, a professional internet autist claimed to have found a “flaw” in Nostr. To do this he sent dozens of select users a private message with an image hosted on his own server. In doing this a user’s client would connect to his server to download the image and in the process reveal their IP address. The internet autist would then post the rough geographical location and ISP publicly, claiming to have doxxed them.
He wasn’t able to do this to everyone since here and there some users were using a VPN and some users were using Tor. While this is not a “flaw” and has nothing to do with Nostr at all, there is scope for specifically targeting someone and finding out roughly where they live if the Nostr client loads images by default.
Browsing the .local interface of NoStrudel, you’ll be connecting to servers and relays over clearnet, exposing your IP address. By connecting to it over .onion, you won’t be exposing anything.
How did you made it?
I’m a Mac user. I can access all UI from Safari on my Mac. I trusted the CA and I have no problems there. But it has been imposible for me to access from my iPad. Not via Tor browser, nor with Orbot. Also the CA is still not trusted although I followed all the instructions several times