supersu on Nostr: Unpopular opinion: Absolutely terrible idea Nostr-web-services is just ngrok / ...
Unpopular opinion: Absolutely terrible idea
Nostr-web-services is just ngrok / cloudflared with extra steps and more concerns about safety.
1. The things you expose are public; hackers can find you and see whatever you are hosting.
2. You DO NOT OWN your web service if the name servers are not under your control.
Whoever owns the name server is the prime authority, and they can inject whatever they want into your website.
Imagine out of 10 relays, even one of them injects your website with a code to steal passwords and you happen to use that relay (YOU ARE COMPROMISED!!)
It is as dangerous as port forwarding / dynamic DNS with extra concerns about integrity.
When I say "as dangerous as port forwarding", I think I am explaining it casually, but in reality, this is far more dangerous and concerning.
Just two days ago when I was looking into issues with port forwarding / dynamic DNS / Nostr-web-services, I discovered:
1. THREE THOUSAND (3k!!!!) Tesla with open information about their home coordinates, their kid's school, drop location, their workplace, their exact address, if their Tesla is active or not.
2. 6K + Camera with a full recording of the whole month, installed in people's personal—-BEDROOM--, baby monitor.
There is no excuse for self-hosting irresponsibly; it should be done to increase your privacy and security, not to increase the risk.
Holesail provides a way to achieve this peak self-privacy and security. You expose only what you 🫵 choose, and only the person you want can access it, with no chances of a man-in-the-middle attack from a random relay and their DNS hosting.
I like how enthusiastic people are about Nostr and Nostr-based services, but we should NOT overlook the security and risks some of these ideas might bring!
TheGuySwann (npub1h8n…rpev)
Nostr-web-services is just ngrok / cloudflared with extra steps and more concerns about safety.
1. The things you expose are public; hackers can find you and see whatever you are hosting.
2. You DO NOT OWN your web service if the name servers are not under your control.
Whoever owns the name server is the prime authority, and they can inject whatever they want into your website.
Imagine out of 10 relays, even one of them injects your website with a code to steal passwords and you happen to use that relay (YOU ARE COMPROMISED!!)
It is as dangerous as port forwarding / dynamic DNS with extra concerns about integrity.
When I say "as dangerous as port forwarding", I think I am explaining it casually, but in reality, this is far more dangerous and concerning.
Just two days ago when I was looking into issues with port forwarding / dynamic DNS / Nostr-web-services, I discovered:
1. THREE THOUSAND (3k!!!!) Tesla with open information about their home coordinates, their kid's school, drop location, their workplace, their exact address, if their Tesla is active or not.
2. 6K + Camera with a full recording of the whole month, installed in people's personal—-BEDROOM--, baby monitor.
There is no excuse for self-hosting irresponsibly; it should be done to increase your privacy and security, not to increase the risk.
Holesail provides a way to achieve this peak self-privacy and security. You expose only what you 🫵 choose, and only the person you want can access it, with no chances of a man-in-the-middle attack from a random relay and their DNS hosting.
I like how enthusiastic people are about Nostr and Nostr-based services, but we should NOT overlook the security and risks some of these ideas might bring!
TheGuySwann (npub1h8n…rpev)
quoting note12vy…yprjHuge milestone: First demo of Nostr Web Services (NWS) bringing TCP to Nostr. With NWS, you can host any existing web application on Nostr without having to use DNS or even announce your public IP to the world, simply by sharing your service's npub (or nprofile).
Try it out the demo yourself. Here is a Cashu test mint running with NWS. Let's use curl to retrieve the mint's information. The request travels from your computer to the public NWS entry relay, then through nostr to the service's NWS exit relay. At the other end is a Cashu mint with HTTPS encryption.
```
curl -s -x socks5h://relay.8333.space:8882 https://nprofile1qqs8a8nk09fhrxylcd42haz8ev4cprhnk5egntvs0whafvaaxpk8plgpzemhxue69uhhyetvv9ujuwpnxvejuumsv93k2g6k9kr/v1/info --insecure | jq
```
I can't stress this enough: THE MINT RUNS BEHIND HTTPS!
The NWS entry relay can't read your traffic. It's encrypted. We can host public entry relays that can be used by anyone.
This means we can plug the entire internet to it 🌐.
Let's plug it into Cashu for now. Nutshell wallet supports socks5 proxies (that's how it uses Tor). By setting the public entry relay as the proxy, the wallet can now connect to a mint's npub/nprofile and communicate with it via NWS.
This is going to be so freaking cool. And it's going to be a lot more useful than just for Cashu. There are still bugs and issues that need to be ironed out but the code is coming out soon. Watch this space.