I use a vpn but I often forget so probably best to just walk away rather than watch IP’s get exposed. Could use tor but can’t be arsed tbh.

  • HermanOP
    link
    fedilink
    English
    arrow-up
    5
    ·
    11 months ago

    It’s still a bit up in the air but it seems like they’ve sent DM’s to people with a link to a picture. If you click on the link your IP address will be captured by that link that includes your npub. At least this is what people think the leak is. I think some clients are prefetching images in DM’s as well so if you open it and that’s the case you’re fucked.

    It’s been made to look like it’s semisol and that’s what people think (understandably considering his past behaviour) but I think it’s someone else (though I’m not sure who).

    • splinterA
      link
      fedilink
      English
      arrow-up
      4
      ·
      11 months ago

      Ah yeah that makes sense, Lemmy had something similar going on, it will be an issue wherever you have a client that automatically fetches images.

      There doesn’t need to be a funky way for the npub to leak, you just need to keep track of who you sent which image, so you know who is accessing it when you get a hit.

      I’m personally not that concerned about it but my IP is already out in the open, I get why it’s sensitive for most other people. I wonder what they plan to do with this info.

      What’s the story with Semisol?

      • HermanOP
        link
        fedilink
        English
        arrow-up
        5
        ·
        11 months ago

        He had a few confirmed tricks for example getting some of his relays subs onto primal trending which got him banned from trending in primal which led to him claiming he had be “banned from primal” ignoring the trending part.

        He then basically started a campaign against primal to shit on them for every thing he could find that he didn’t like including that they notified of unfollows and also made a fake image showing a nsfw user getting censored on primal and passed it to someone on telegram so they would post it knowing that nobody would believe him if he posted it.

        A lot of people at different times (including me) thought he was part or perhaps the original instigator of the bots. I believe he made the original nutgrabber to capture free zaps or whatever and also sort of ruined some other zap game.

        If this was him he could have hid it better and the guy doing it seemed to be slightly mocking him so it’s probably one of the people he’s pissed off (large suspect list).

        • splinterA
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          Sounds like he’s a piece of work lol

          I hadn’t realized that whoever did this made a fucking bot to spread the info too, just saw that.

          It sucks, though by design Nostr is fucking horrible with hiding IPs, since you directly connect to a bunch of relays and the whole idea is to connect to relays that some NPUB is known to use. So it’s not just the client site that knows your IP, but also every relay you connect to. Add to this other kinds of fuckery like images linked from 3rd party sites, and you have the leakiest service known to man.

          Almost anything else will be a lot better for keeping your IP secret than Nostr is. In Lemmy for example, only the instance you use has access to that data, which is what you’d expect from any website that you access.

    • AliceMA
      link
      fedilink
      English
      arrow-up
      3
      ·
      11 months ago

      Fuck dude. Who is semisol and who do you think it is? Why are they doing this ?