reis on Nostr: and auth ...

quoting
nevent1q…kuay

If a relay requires auth, then yes — it could sniff some information. As for the other points:

– The welcome event is wrapped in a NIP-17 DM, so it’s not linked to the MLS group.
– Group IDs can be rotated, even per message.
– IPs can be hidden by using the Tor network.

Also, some information can be obtained from the req, but auth is required to identify the sender.