• The slip that matters
• Anonymous and pseudonymous are different threat models
• What every Nostr event tells the world
• Your timestamps are a sleep schedule
• Your writing style is a fingerprint
• NIP-05 verification is a metadata trade
• Zaps are a public payment graph
• Relays see everything
• What to actually do about it
• The discipline, not the feature

§The slip that matters

Ross Ulbricht ran the most sophisticated dark market on the internet. He used Tor, PGP, and Bitcoin before most people had heard of any of them. He got caught because in January 2011, months before Silk Road launched, he promoted it on a forum under the handle “altoid.” Later that year, he posted from the same handle asking for a developer — and told applicants to email rossulbricht@gmail.com. An IRS agent found that post with a Google search.

Alexandre Cazes ran AlphaBay, the largest dark market after Silk Road. His server’s welcome emails included the sender address Pimp_Alex_91@hotmail.com. That email was linked to tech forum posts under his real name from 2008. Born in 1991. Didn’t even disguise the birth year.

These were not amateurs. They were technically capable people who made one mundane mistake each. One linkage point was enough.

On #nostr, the gap between “I’m pseudonymous” and actually maintaining that pseudonymity is wider than most people realize. You generate a keypair, pick a display name, and start posting. But every event you sign is a permanent, public record carrying metadata that the protocol makes no effort to hide. Pseudonymity is not a feature you enable. It is a discipline you maintain or eventually lose.

§Anonymous and pseudonymous are different threat models

These words get used interchangeably and they shouldn’t be. Anonymous means nobody can identify you at all. Pseudonymous means you have a persistent identity, people recognize you, follow you, interact with you, but that identity is not linked to your real one.

The failure modes are different. Anonymity fails when anyone identifies you, period. Pseudonymity fails when someone links your pseudonym to your real identity, or links two of your pseudonyms to each other.

On #nostr, true anonymity is almost impossible. The protocol is built around a persistent public key. Every event you publish is signed by that key. You are, by design, a trackable entity. The realistic goal for most people is pseudonymity: a key that works, that people trust, that cannot be traced back to the person holding it.

This article is about that second case. Not disappearing entirely, but keeping the wall between your pseudonym and your real life intact. The threat here is not a three-letter agency with a warrant. It is a curious person with a search engine and enough patience to cross-reference public data.

§What every Nostr event tells the world

Every event you publish has this structure:

{
  "id": "hash...",
  "pubkey": "your public key",
  "created_at": 1708300000,
  "kind": 1,
  "tags": [["client", "Amethyst"], ...],
  "content": "your note text",
  "sig": "signature..."
}

Most people think about the content field and forget the rest. But the rest is where the metadata lives.

Relay lists are public. NIP-65 defines a kind:10002 event that advertises which relays you read from and write to. This event is published broadly for discovery purposes. Anyone can pull it and see your exact relay configuration. If you use a niche relay with 30 users and a regional relay in a specific country, that combination narrows down who you might be. Your relay selection is a statement about your preferences, your community, and sometimes your geography.

Client tags fingerprint you. NIP-89 lets clients tag events with the application that created them. If you are the only person on a particular relay using a particular client, you are identifiable by metadata alone even if your content is generic. The NIP specification acknowledges this and says clients should let users opt out. Many don’t.

Encrypted messages leak DNS. Kimura et al. published the first major security analysis of the Nostr protocol at IEEE EuroS&P 2025. One finding: when a client generates a link preview for a URL inside an encrypted DM, it makes a DNS request for that domain. The message content is encrypted. The DNS query is not. Your “private” conversation just told your DNS resolver which website you were discussing.

§Your timestamps are a sleep schedule

Every event carries a created_at field with a Unix timestamp. Publish enough events and someone can build an activity heatmap: when you post, when you go quiet, when you come back.

If your pseudonymous #nostr account posts a GM note at 14:00 UTC every day and a GN note at 05:00 UTC, someone looking at that pattern can guess you are in the US Pacific timezone. That is not proof. But combine it with the next piece and it gets worse.

Cross-platform temporal correlation works like this: if your pseudonymous Nostr account and your public Twitter account both go silent from 06:00 to 14:00 UTC, day after day, that is a data point. Do it consistently for a month and statistical methods can match the two accounts with high confidence. Researchers have identified 374 unique timezone offset sets that can be used in these correlations.

The fix is boring but effective: add jitter to your posting times. Queue content and publish at randomized intervals instead of immediately. If you run automated posts, vary the schedule. A bot that fires at exactly 08:00 PST every day is a fingerprint by itself.

§Your writing style is a fingerprint

Stylometry, identifying authors by how they write, is more capable than most people expect. With several thousand words of English text, automated systems can identify an author with over 90% accuracy from a pool of candidates. Punctuation habits are the single most discriminating feature. Your preference for em dashes over parentheses, your average sentence length, your comma patterns — all of it is signal.

For pseudonymous identities, the attack is straightforward. The adversary has a known writing sample from your real identity (blog posts, tweets, forum comments) and an unknown sample from your pseudonym. They run both through a classifier and look for a match.

The good news is that deliberate style variation works. Research on adversarial stylometry shows that manually obfuscating your writing habits — consciously varying sentence length, switching punctuation patterns, changing vocabulary choices — largely defeats automated analysis. You don’t have to write badly. You have to write differently.

A local LLM can help with style transfer, but cloud-based services like ChatGPT log your conversations. You would be hiding your writing style from one observer by handing the raw text to another. If you go this route, run the model locally. Ollama with a 7B parameter model handles rephrasing fine and never phones home.

§NIP-05 verification is a metadata trade

NIP-05 gives your pubkey a human-readable name, like user@domain.com. Clients resolve it by fetching https://domain.com/.well-known/nostr.json. It makes your identity easier to find and harder to impersonate.

If you verify using your own domain, you are linking your #nostr identity to that domain’s WHOIS record, DNS history, and hosting provider. Even with #privacy protection on the registrar, the records exist somewhere. A subpoena or a data breach at the registrar connects your pseudonym to a billing address.

Third-party NIP-05 services like nostrcheck.me or iris.to reduce this exposure. You don’t own the domain, so WHOIS reveals nothing about you. But their server logs record the IP addresses that make verification requests. If you set up your NIP-05 from your home IP without a VPN, the service operator has a link between your pubkey and your network location.

The trade is real: NIP-05 verification makes your identity more usable and more discoverable. Every verification method creates at least one linkage point. The question is whether that linkage leads to your real identity or to another layer of pseudonymity.

§Zaps are a public payment graph

When someone zaps you on #nostr, the default behavior creates a kind:9735 event, a zap receipt, that is published to relays for anyone to read. It contains the sender’s pubkey, the recipient’s pubkey, the amount in satoshis, and a timestamp. Every public zap is a node in a financial graph permanently linked to your identity.

This matters more than it sounds. Romiti et al. found that 45.97% of Lightning Network nodes could be linked to 29.61% of #bitcoin addresses through cross-layer analysis. Balance probing attacks — sending fake payments and observing error messages — can reveal individual channel balances in under a minute per channel. The Lightning Network is not as private as its marketing suggests.

On Nostr specifically, zap patterns create behavioral fingerprints. If your pseudonymous identity consistently zaps the same set of accounts that your real identity follows, that overlap is a correlation waiting to be noticed. Social graphs are identifying even without amounts attached.

NIP-57 defines anonymous zaps (sender hidden) and private zaps (only sender and recipient know). Use them. If you need to zap publicly for social visibility, understand that you are adding an edge to a public payment graph every time you do.

§Relays see everything

There is no anonymity layer built into the #nostr protocol. When you connect to a relay, the operator sees your IP address. They see your pubkey. They see every event you publish and every subscription filter you send. All of it is in the clear unless the content itself is encrypted (and even then, only the content, the metadata is still visible).

Tor helps. Amethyst on Android has built-in Tor support. On desktop, you can route relay connections through Tor manually, though not all clients make this easy. A VPN is simpler but shifts your trust from the relay operator to the VPN provider. IVPN and Mullvad are the common recommendations, both accept Bitcoin and do not require personal information to sign up.

Relay selection matters for blending in. A popular relay with thousands of active users gives you crowd cover. A niche relay with 40 users makes your activity stand out. The relay list you publish via NIP-65 is itself metadata, your choice of relays says something about your community, your preferences, and sometimes your willingness to pay for access.

§What to actually do about it

Here is what I would tell someone running a pseudonymous identity on Nostr today.

The minimum:

Use anonymous or private zaps instead of public ones. Get your NIP-05 from a third-party service, not your own domain. Do not reuse your pseudonym’s name, avatar, or phrasing on other platforms. Use NIP-17 for DMs, it wraps messages with NIP-59 gift-wrapping that hides participants, timestamps, and event kinds. NIP-04 is deprecated and leaks metadata. If your client still offers it, switch clients. Opt out of NIP-89 client tags if your client supports it.

Better:

Add timing jitter to automated posts so they do not fire on a predictable schedule. Use a VPN when connecting to relays. Consciously vary your writing style between your pseudonymous and real identities, change your sentence length, your punctuation habits, your vocabulary. Use popular, high-traffic relays where your activity blends into the crowd. Keep your NIP-65 relay list generic rather than curated for niche communities.

For identities worth protecting:

Route all relay traffic through Tor. Use a local LLM for style transfer before publishing, never a cloud service. Randomize your posting schedule or queue content with random delays. Keep your pseudonymous and real identities on separate devices, or at minimum separate browser profiles with separate VPN exit nodes. Assume that every piece of metadata you generate is being correlated by someone.

§The discipline, not the feature

The people in the opening of this article were not careless by nature. Ulbricht ran a hidden service for two years. Cazes managed a global marketplace. They understood the stakes. They each made one mistake in one moment and someone found it.

Pseudonymity on Nostr is not something the protocol gives you. The protocol gives you a persistent, signed, public identity. Pseudonymity is what you maintain on top of that by controlling every piece of metadata you produce — your timing, your writing, your relays, your payments, your verification, your connections.

It is an ongoing practice, not a one-time setup. And the cost of getting it wrong is that it was never pseudonymous at all.

#nostr #privacy #opsec