Martti Malmi on Nostr: You have a point. The user's own avatar is one of the first images shown on the page, ...
You have a point. The user's own avatar is one of the first images shown on the page, in a certain size, so you could even guess the Nostr user.
Without the proxy, requests are sent to multiple servers, making it more difficult to associate everything the user does.
On the other hand, those other image hosts might include those that are built expressly for logging and tracking users. Popular service like nostr.build or imgur.com can do that kind of analysis anyway.
Using a proxy, you can at least choose which host(s) you trust. Ultimately, the choice of proxy should be configurable, just like relays. Image loading without proxy is privacy-wise somewhat equivalent to outbox model (or nip05) where you connect to random addresses that see your requests.
Relays also know a lot about what you're looking at, and you might even reveal your identity by authenticating. The only way I see around this is onion routing where Nostr requests would be relayed on behalf of others, so there's plausible deniability.
Associating network address to a geolocation is a feature of the internet protocol. Tor and VPNs (where you also need to trust a 3rd party) seem to be the only solutions to that.
When it comes to image proxying, file size is one very pragmatic consideration. Without a minimizing proxy, avatars can be 100 times larger. Maybe multi-resolution image formats are the best solution to that.
Without the proxy, requests are sent to multiple servers, making it more difficult to associate everything the user does.
On the other hand, those other image hosts might include those that are built expressly for logging and tracking users. Popular service like nostr.build or imgur.com can do that kind of analysis anyway.
Using a proxy, you can at least choose which host(s) you trust. Ultimately, the choice of proxy should be configurable, just like relays. Image loading without proxy is privacy-wise somewhat equivalent to outbox model (or nip05) where you connect to random addresses that see your requests.
Relays also know a lot about what you're looking at, and you might even reveal your identity by authenticating. The only way I see around this is onion routing where Nostr requests would be relayed on behalf of others, so there's plausible deniability.
Associating network address to a geolocation is a feature of the internet protocol. Tor and VPNs (where you also need to trust a 3rd party) seem to be the only solutions to that.
When it comes to image proxying, file size is one very pragmatic consideration. Without a minimizing proxy, avatars can be 100 times larger. Maybe multi-resolution image formats are the best solution to that.