Ostrich McAwesome on Nostr: One fundamental flaw I see with this idea is that if you are addressing the method in ...
One fundamental flaw I see with this idea is that if you are addressing the method in which I gathered these IPs (via DM), you would have to send decrypted URLs from a users end-to-end encrypted DMs to the image proxy, which endangers privacy in a new way because it revealed part of the message to the proxy. Now you have to trust the proxy with potential secrets.
Link Previews are also a vector for attack here, and it would be even worse to send all DM'd URLs through the proxy.
I also worry that image proxies could bloat the cost of running a client, are a form of centralization (this solution only benefits Damus users), and are a vector for DDoS/Abuse.
Published at
2024-01-22 19:07:51Event JSON
{
"id": "ba14c3590955212d35de5539ce9dd470c2287924126c6cdf3b4bacbbaf5f05c3",
"pubkey": "703533c2c16ac7771efb1bdf60a85df74e42f8409a007900f402ba4684f99184",
"created_at": 1705950471,
"kind": 1,
"tags": [
[
"e",
"276298c53aa2984bb8310d98907891a4b86a9c8cffd05996ccb915c7f0498f70",
"",
"root"
],
[
"e",
"5fb3b60b8dca511b1446e81f3c37eaa52afd014c02fbf13d6d3e4efdabad8b66"
],
[
"e",
"86c66094a176b54380b9243420196c86d7ea2ce1531de4eb59be1b110b702b34",
"",
"reply"
],
[
"p",
"703533c2c16ac7771efb1bdf60a85df74e42f8409a007900f402ba4684f99184"
],
[
"p",
"703533c2c16ac7771efb1bdf60a85df74e42f8409a007900f402ba4684f99184"
],
[
"p",
"17538dc2a62769d09443f18c37cbe358fab5bbf981173542aa7c5ff171ed77c4"
]
],
"content": "One fundamental flaw I see with this idea is that if you are addressing the method in which I gathered these IPs (via DM), you would have to send decrypted URLs from a users end-to-end encrypted DMs to the image proxy, which endangers privacy in a new way because it revealed part of the message to the proxy. Now you have to trust the proxy with potential secrets.\n\nLink Previews are also a vector for attack here, and it would be even worse to send all DM'd URLs through the proxy.\n\nI also worry that image proxies could bloat the cost of running a client, are a form of centralization (this solution only benefits Damus users), and are a vector for DDoS/Abuse.",
"sig": "331383861aa857b88fe0bbc4b7e5a11ab99a2e9c8a066f4bbde3172c4a4eaff4b3c53339ecd45166e114e433feb3e4864857910d4c8c08e61d85edf0efe55e6a"
}
