lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity
archy/docs/SECURITY-NOSTR-DISCOVERY.md
Dorian 1073d9fd2c Update Fedimint configuration and enhance onboarding process 
- Upgraded Fedimint version to v0.10.0 in docker-compose.yml and manifest.yml, adding support for the built-in Guardian UI.
- Modified .gitignore to exclude deploy-config.sh script.
- Enhanced onboarding process in AuthManager to persist onboarding state and validate password strength during user setup.
- Updated API to handle onboarding completion and password change requests, ensuring a smoother user experience.
- Improved configuration management to support Nostr discovery and Tor proxy settings, enhancing node identity features.
2026-02-17 15:03:34 +00:00

2.0 KiB
Raw Blame History

Nostr Discovery Security & Data Exposure

If Someone Saw the Published Data

The Nostr discovery feature previously published node identity (DID, Tor onion address, version) to public relays. If someone saw that data, heres what they could have and how to respond.

What Could Have Been Seen

  1. Relay operators (relay.damus.io, relay.nostr.info):

    • Your servers IP address when it connected to publish
    • The Tor onion address you advertised
    • Timing of when you published

  2. Anyone querying Nostr for archipelago nodes:

    • Your Tor onion address (designed to be shareable)
    • Your DID (public identifier)
    • Software version

Mitigations

Exposure Mitigation
IP address Cannot be undone. If relay operators logged it, they still have it. Consider: moving to a new IP, using a VPN for future traffic, or treating the server as potentially identified.
Tor onion The revocation overwrites the Nostr event so new clients wont see it. If someone cached the onion, they can still reach the node. To invalidate it: rotate the Tor hidden service (new onion, old one stops working).
DID Public by design; no mitigation needed.
Version Update to a newer version; old version info becomes less useful over time.

Rotating the Tor Hidden Service (New Onion)

To invalidate an exposed onion address:

  1. Stop the Tor container.
  2. Remove the hidden service directory:
    rm -rf /var/lib/archipelago/tor/hidden_service_archipelago
  3. Restart the Tor container so it creates a new onion.
  4. Update any peers or links that used the old onion.

Current Protections (Post-Fix)

  • Revocation: On startup, the backend publishes a replacement Nostr event with empty content, so normal discovery no longer shows your node.
  • Tor proxy: Nostr traffic uses Tor (127.0.0.1:9050) so relay operators no longer see your IP.
  • Opt-in defaults: Discovery is on by default but only uses configured relays and routes through Tor.