What is Nostr?
Ostrich McAwesome
npub1wq6…7d9k
2024-01-22 03:31:54
in reply to nevent1q…pevp

Ostrich McAwesome on Nostr: I thought this was done by DNS TXT record, but you're right, it accesses a file in ...

I thought this was done by DNS TXT record, but you're right, it accesses a file in the ".well-known" directory on a web server. That's awful!

Here's how I'd do it:

Create a wildcard DNS entry for the file server, with the server configured to accept any subdomain as valid. "*.example.com/.well-known/nostr.json" will always resolve, and the format of the subdomain will inform the server what JSON data to return (though it doesn't actually have to be valid, the point is just to leak an IP, which will happen regardless).

Then just DM people bait messages like "Hey, it's been a while" with a virgin account, and if they look at your profile, you'll have their IP.

If the subdomain string can be used to reference a npub, you'll have an IP/npub pair.
Author Public Key
npub1wq6n8skpdtrhw8hmr00kp2za7a8y97zqngq8jq85q2aydp8ejxzq8p7d9k