If a relay requires auth, then yes — it could sniff some information. As for the other points:
– The welcome event is wrapped in a NIP-17 DM, so it’s not linked to the MLS group.
– Group IDs can be rotated, even per message.
– IPs can be hidden by using the Tor network.
Also, some information can be obtained from the req, but auth is required to identify the sender.
water783
npub10t…9x2wl
2025-08-13 02:36:36 UTC
in reply to nevent1q…hvq5
Author Public Key
npub10td4yrp6cl9kmjp9x5yd7r8pm96a5j07lk5mtj2kw39qf8frpt8qm9x2wlSeen on
wss://relay.damus.ioPublished at
2025-08-13 02:36:36 UTCEvent JSON
{
"id": "b5c0f9d85cdbc7b89a99c7174aa5cea75cc7a113c8505fbc76bc2a18bef2207e",
"pubkey": "7adb520c3ac7cb6dc8253508df0ce1d975da49fefda9b5c956744a049d230ace",
"created_at": 1755052596,
"kind": 1,
"tags": [
[
"e",
"4223c48b0daa1b75fea7574e1174a4f3dd6e8398bf0eade2b3e8aec5794a8008",
"wss://relay.primal.net",
"root",
"04c915daefee38317fa734444acee390a8269fe5810b2241e5e6dd343dfbecc9"
],
[
"e",
"e32b519ccb2d8cb9235b6f6ccc7f522760e958e237d317f253ce23a6911c0e40",
"wss://relay.primal.net",
"reply"
],
[
"p",
"460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c"
],
[
"p",
"b7ed68b062de6b4a12e51fd5285c1e1e0ed0e5128cda93ab11b4150b55ed32fc"
],
[
"p",
"04c915daefee38317fa734444acee390a8269fe5810b2241e5e6dd343dfbecc9"
],
[
"p",
"1739d937dc8c0c7370aa27585938c119e25c41f6c441a5d34c6d38503e3136ef"
],
[
"p",
"7adb520c3ac7cb6dc8253508df0ce1d975da49fefda9b5c956744a049d230ace"
],
[
"p",
"3c7d12a6c2f71fe9ca2527216f529a137bb0f2eb018b18f30003933b9532013e"
],
[
"r",
"wss://nos.lol/"
],
[
"r",
"wss://relay.0xchat.com/"
],
[
"r",
"wss://relay.damus.io/"
],
[
"r",
"wss://relay.nostr.band/"
],
[
"r",
"wss://yabu.me/"
]
],
"content": "If a relay requires auth, then yes — it could sniff some information. As for the other points:\n\n– The welcome event is wrapped in a NIP-17 DM, so it’s not linked to the MLS group.\n– Group IDs can be rotated, even per message.\n– IPs can be hidden by using the Tor network.\n\nAlso, some information can be obtained from the req, but auth is required to identify the sender.",
"sig": "a13ad19ef6b803c04cdb6a07f9c30afa6e8a93890d0ca317758d174b45e4e17f1e96dc7483cba0df98c41ff147375deecf894944cc615f4b693d9294f42de5cc"
}