Hey all - I’m wondering if someone can help me out:
I’m liking how Nostrudel is working as a service from start9, the way it auto connects to my lightning node etc - very nice indeed.
I’m just wondering though, from a privacy perspective, is using the .onion service URL, in say Tor browser different than using the .local URL?
Since start9 server is a TOR native server, am I is it unnecessary to use tor browser? i.e. is .local providing a tor connection to nostrudel relays regardless?
Thanks!
A year or so ago, a professional internet autist claimed to have found a “flaw” in Nostr. To do this he sent dozens of select users a private message with an image hosted on his own server. In doing this a user’s client would connect to his server to download the image and in the process reveal their IP address. The internet autist would then post the rough geographical location and ISP publicly, claiming to have doxxed them.
He wasn’t able to do this to everyone since here and there some users were using a VPN and some users were using Tor. While this is not a “flaw” and has nothing to do with Nostr at all, there is scope for specifically targeting someone and finding out roughly where they live if the Nostr client loads images by default.
Browsing the .local interface of NoStrudel, you’ll be connecting to servers and relays over clearnet, exposing your IP address. By connecting to it over .onion, you won’t be exposing anything.
Thanks Stu!
When opening the nostrudel onion link in TOR browser, I’m getting certification issues.
Error code: [SEC_ERROR_UNKNOWN_ISSUER]
I’m able to access the .local address on non-tor browser’s without an issue (my root CA is on my OS)
Thanks!
I managed to get this resolved by system wide TOR + Firefox guide
However, I’m still interested if it’s possible to use TOR browser and non-system wide?
I get the same cert issue when using Orbot on iOS
Thanks!
Got iOS working with Orbot actually!