Nostrudel .local vs .onion

therelayway · January 27, 2025, 11:23am

Hey all - I’m wondering if someone can help me out:

I’m liking how Nostrudel is working as a service from start9, the way it auto connects to my lightning node etc - very nice indeed.

I’m just wondering though, from a privacy perspective, is using the .onion service URL, in say Tor browser different than using the .local URL?

Since start9 server is a TOR native server, am I is it unnecessary to use tor browser? i.e. is .local providing a tor connection to nostrudel relays regardless?

Thanks!

StuPleb · January 27, 2025, 1:52pm

A year or so ago, a professional internet autist claimed to have found a “flaw” in Nostr. To do this he sent dozens of select users a private message with an image hosted on his own server. In doing this a user’s client would connect to his server to download the image and in the process reveal their IP address. The internet autist would then post the rough geographical location and ISP publicly, claiming to have doxxed them.

He wasn’t able to do this to everyone since here and there some users were using a VPN and some users were using Tor. While this is not a “flaw” and has nothing to do with Nostr at all, there is scope for specifically targeting someone and finding out roughly where they live if the Nostr client loads images by default.

Browsing the .local interface of NoStrudel, you’ll be connecting to servers and relays over clearnet, exposing your IP address. By connecting to it over .onion, you won’t be exposing anything.

therelayway · January 31, 2025, 5:32pm

Thanks Stu!

When opening the nostrudel onion link in TOR browser, I’m getting certification issues.

Error code: [SEC_ERROR_UNKNOWN_ISSUER]

I’m able to access the .local address on non-tor browser’s without an issue (my root CA is on my OS)

Thanks!

therelayway · January 31, 2025, 5:46pm

I managed to get this resolved by system wide TOR + Firefox guide

However, I’m still interested if it’s possible to use TOR browser and non-system wide?

I get the same cert issue when using Orbot on iOS

Thanks!

therelayway · February 1, 2025, 1:30pm

Got iOS working with Orbot actually!

Ethan369 · June 7, 2025, 10:55pm

How did you made it?
I’m a Mac user. I can access all UI from Safari on my Mac. I trusted the CA and I have no problems there. But it has been imposible for me to access from my iPad. Not via Tor browser, nor with Orbot. Also the CA is still not trusted although I followed all the instructions several times

Rick · June 8, 2025, 12:26am

IOS Should work. Did you make sure the root CA was in you Downloads folder on IOS

therelayway · June 22, 2025, 11:22am

Hey @Ethan369. Follow this guide using the ‘Orbot’ extension:
Use Safari extensions on your Mac - Apple Support (IE).