DAGZSTR — NOSTR: SHADOW PROTOCOL

WHY THIS EXISTS

THE RESISTANCE
NEEDS GHOSTS

In the neon sprawl of Los Soluna, the underground coordinates over Nostr because it is decentralized, pseudonymous, and resistant to single points of failure. But the same properties that make it powerful also make it dangerous if you do not treat it like the battlefield it is.

One reused key. One sloppy relay choice. One browser that phones home. That is all the Suits need to link your operations to your flesh.

THIS BRIEFING IS YOUR FIRST WEAPON.
READ IT. DRILL IT. FORK IT. IMPROVE IT.

YOUR MISSION

Move through Nostr as if every relay is tapped and every pubkey is a warrant. Use the tools below to test your current posture, then internalize the protocols until they become muscle memory.

WHAT IS NOSTR?

Nostr is a simple protocol for global, uncensorable public broadcast notes ⓘ signed with cryptographic keys. You publish to relays ⓘ — they are not your friends. Your npub is your public handle. Your nsec is the nuclear launch code.

Modern clients use NIP-07 browser extensions ⓘ so the dangerous secret never touches the page. Everything else (relays, zaps, follows, DMs) is layered on top of this primitive.

It is the most powerful public square the resistance has ever had. It is also one of the easiest places to accidentally paint a target on your back.

THE THREAT MODEL

FIVE AXES THE SUITS ACTUALLY USE

1. RELATIONSHIP GRAPH

Who talks to whom. Follows, replies, zaps, and shared relays form a social map. One reused key across contexts collapses the entire graph onto a single person.

2. TIMING & METADATA

When you post, from which relays, with what latency. Even without content, clock skew + relay choice + writing style can re-identify you across multiple npubs.

3. CONTENT ANALYSIS

Writing cadence, vocabulary, topic clusters, inside jokes. The Suits run stylometric models. Gift-wrap hides the payload but does not hide that you are the one who writes like this.

4. AVAILABILITY & CENSORSHIP

Which notes disappear, which relays block certain npubs, which clients suddenly cannot fetch your history. Operational security includes assuming the network is partially hostile.

5. CROSS-CONTAMINATION

Lightning wallets, browser fingerprints, reused passwords, phone metadata, KYC exchange withdrawals that fund zaps. One slip here links the ghost back to meatspace faster than any relay log.

The Suits do not need to break cryptography. They only need one persistent link between any of your identities and your real life.

THE CORE TRUTH

Your pubkey is a permanent fingerprint. Every note, every zap receipt, every relay list you publish carries it. The only way to break the graph is to stop giving them the same fingerprint in different contexts.

That is why the first deep section of this briefing is the Identity Forge — multiple distinct keys, remote signers, and correct backup hygiene. Everything else (Tor, gift wrap, client choice, relay strategy) is layered on top of that foundation.

SCROLL DOWN. RUN THE SIMULATORS. THEN RETURN AND READ AGAIN.

IDENTITY FORGE + BACKUP AUDIT WHAT THE SUITS SEE SIMULATOR OPSEC DRILL TERMINAL RELAY LABYRINTH FIELD OPS MATRIX

CORE PRIMITIVE

EPHEMERAL IDENTITY PROTOCOL

The five axes you just read all collapse if you give the Suits the same pubkey in more than one context. This section is the practical forge for fixing that — right now, in your browser.

Your first and most important operational decision on Nostr is never reuse the same identity across different risk contexts.

The pubkey on every event is a permanent fingerprint. Same key + any correlation (style, timing, relays, zaps, follows) = linkable. This is why the resistance runs on ephemeral, context-specific keypairs.

HIGH-RISK / BURNABLE

Ops planning, sourcing, sensitive coordination, anything that could get people arrested or doxxed. Generate a fresh keypair. Use it. Delete it when the operation ends.

LOWER-RISK / LONGER-LIVED

Public lore, general discussion, building reputation inside the resistance. Still pseudonymous — but you can afford slightly more continuity.

NEVER BRIDGE THE TWO WORLDS. THE SUITS ONLY NEED ONE LINK.

THE REAL HIERARCHY (2026)

Multiple distinct keys for compartmentalization ⓘ — non-negotiable for high-risk work.
Remote signer (NIP-46 bunker / Amber) ⓘ for each of those keys — the nsec never touches your client.
Gift Wrap (NIP-59) + NIP-44 ⓘ on all private messages — hides who is talking to whom.

Bunkers and gift wrap are powerful layers. They do not replace using different keys when the goal is unlinkability.

IDENTITY FORGE

KEY GENERATION

Generate fresh keys with trusted FOSS tools: nak key generate ⓘ, nostril --gen ⓘ, or use Amber ⓘ for signing without ever exposing the nsec.

SAFE BACKUP PRACTICES

Your nsec is the only thing standing between you and total compromise. Back it up like your life depends on it — because in the resistance, it might.

OFFLINE ONLY

Never store an nsec in any cloud service, password manager, email, or notes app that syncs. The second it touches the internet unencrypted, assume it is burned.

ENCRYPTED + PHYSICAL

Store high-value keys on encrypted USB drives or metal backups (titanium plates, fireproof seed plates). Keep at least two copies in separate physical locations.

BURNABLE KEYS

For true one-time or high-risk ops, generate the key, use it, then destroy all backups. Do not keep anything that can link it back to you later.

TEST YOUR RESTORES

Periodically verify that you can actually restore from your backups. A backup you cannot restore from is worse than no backup at all.

IF THE SUITS GET YOUR NSECS, THE GAME IS OVER.
BACK THEM UP LIKE THEY ARE THE KEYS TO THE KINGDOM — BECAUSE THEY ARE.

BACKUP AUDIT

GOOD VS CATASTROPHIC

Rate your current backup habits. This is saved only in your browser.

YOUR BACKUP HYGIENE
—

IDENTITY IS THE FOUNDATION. Next: how your notes actually move through the network. ENTER THE RELAY LABYRINTH →

THE LABYRINTH

RELAY SELECTION & TRANSPORT

Every note you publish travels through one or more relays. Choose poorly and the Suits get a map. Choose carefully and you stay a ghost.

Your distinct keys (from the Identity Forge above) only protect you if the way those keys move through the network does not betray the separation.

COMMON STRATEGIES — RATED FOR PRIVACY

HIGH RISK AVOID

Default everything on public free relays (damus, nos.lol, nostr.band, etc.) with no Tor and one relay list for all identities.

Easy correlation via timing, shared relays, and full metadata ⓘ.

MEDIUM RISK USE WITH CARE

Mix of popular public relays + a couple paid ones. Still using the same relay list across different npubs.

Better than default, but linkability between identities remains high ⓘ.

GOOD PRACTICE RECOMMENDED

Per-identity relay lists ⓘ. Prefer smaller, more trusted or self-hosted relays. Route important identities through Tor when possible.

Much harder to build a complete graph of your activity.

EXAMPLE RELAYS (2026 SNAPSHOT)

• damus.io / nos.lol / nostr.band — Very public, high visibility. Fine for low-risk.

• relay.primal.net — Popular paid option with generally better behavior.

• wss://relay.damus.io — One of the originals. High traffic.

• Self-hosted or friend-hosted — Best for high-risk identities when you can ⓘ.

• Tor-hidden relays — Excellent when paired with Tor client access ⓘ.

• Paid small relays — Often more respectful of privacy and less likely to log aggressively.

INTERACTIVE — YOUR EXPOSURE CALCULATOR

Toggle your habits below. This is a simplified educational model — real risk is always higher than the number shows.

ESTIMATED EXPOSURE

65

Medium — still quite linkable

RELAYS ARE THE MAP. Next: the tools that actually sign and send your operations. FIELD OPERATIONS MATRIX →

FIELD OPERATIONS

CLIENTS, SIGNING & COMMS

Your keys are isolated. Your relays are chosen. Now the actual weapons: the clients you run and the way you sign, zap, and coordinate.

Everything below is how you turn good identity and relay hygiene into real operational capability.

PRIVACY SCORES ARE EDUCATIONAL ONLY.
ALWAYS VERIFY CURRENT BEHAVIOR AND FEATURES YOURSELF.

OPERATIONAL PRACTICES

Once you have a good client, these are the habits that actually keep you alive.

SIGNING PRACTICES

HOW YOU SIGN MATTERS

In the resistance, your signature is your identity. One mistake and the Suits can own you.

⛔ NEVER PASTE YOUR NSEC

If a website, app, or person asks you to paste your private key, walk away. The moment your nsec leaves your device, operational security is dead.

This is the single most common way people get burned.

🔐 USE NIP-07 OR A REMOTE SIGNER

The correct way to sign events:

Use a browser extension (nos2x, Alby, etc.) that implements NIP-07 ⓘ
Better yet: use a dedicated remote signer like Amber ⓘ or nsecBunker.

Your private key never touches the client you’re using to post.

THE SUITS LOVE WHEN PEOPLE PASTE THEIR NSECS.
DON’T BE ONE OF THEM.

LIGHTNING ZAPS OPSEC

ZAPS ARE HIGH-VALUE OPERATIONS

In the resistance, zaps are one of the few ways to send real value without asking for permission. Treat them with the care they deserve.

₿ ROUTE ZAPS THROUGH TOR

When zapping from high-risk identities, always route through Tor if possible.

Use wallets that support Tor (or SOCKS5)
Prefer non-KYC, self-custodial wallets ⓘ
Avoid reusing the same wallet across very different npubs

🕶️ KEEP ZAPS FROM LINKING YOU

Zaps can be one of the easiest ways to correlate identities if you're not careful.

Use separate wallets (or at least separate UTXOs ⓘ) for different risk levels. A single zap can burn months of careful OPSEC.

ZAPS ARE POWERFUL.
DON’T LET THEM BECOME A LIABILITY.

PRIVATE OPERATIONAL MESSAGING

GIFT-WRAPPED COMMS

When the resistance needs to coordinate without the Suits building a social graph, we don’t use normal DMs.

🎁 USE GIFT WRAP (NIP-59)

Regular encrypted DMs still leak who is talking to whom. Gift Wrap fixes this by layering encryption so relays can’t easily see the real sender or receiver.

This is the standard for any sensitive coordination.

🕵️ OPERATIONAL WORKFLOW

Use ephemeral keys for one-off sensitive threads ⓘ
Always gift-wrap messages containing locations, names, or timing
Prefer clients with strong, native NIP-59 support
Combine with Tor when discussing high-risk actions

IF IT’S WORTH SAYING IN PRIVATE,
IT’S WORTH GIFT-WRAPPING.

THESE ARE THE TOOLS OF THE GHOST. Now see what the Suits actually collect when you slip. WHAT THE SUITS SEE SIMULATOR →

NODE ZERO SURVEILLANCE

WHAT THE SUITS SEE

Every event you publish is intercepted and analyzed here. Toggle the defenses the resistance actually uses and watch your fingerprint disappear.

HOW TO READ THIS SIMULATOR

Both boxes show the exact same resistance message. The left shows what an observer (the Suits) can extract when you use normal habits. The right shows what reaches the relay after you flip the defenses above.

Key fields to watch:
pubkey — your permanent fingerprint. Same one across many posts = everything gets linked to you.
created_at — the exact second you hit send. Useful for timing attacks.
tags — extra metadata (client name, thread IDs, who you’re talking to).

What “winning” looks like:
The right column becomes much shorter, uses a different pubkey, hides the real content, or shows almost no usable tags. When the two boxes look dramatically different, the Suits have far less to work with.

The red summaries below the left box list what still leaks. The cyan summaries below the right box list what you successfully hid.

DEFENSES

LEAKY VERSION
What an observer can extract from a normal post

GHOST VERSION
What actually arrives at the relay after defenses

INTERACTIVE MASTERY

OPSEC DRILL TERMINAL

Your personal resistance readiness score. Saved only in your browser. Export it. Study it. Improve it.

LOCALSTORAGE ONLY • NO DATA LEAVES THIS MACHINE

DEEPER INTO THE SHADOWS

RESISTANCE ARCHIVES

Curated tools, NIPs, and references for those who want to go further.

RESISTANCE ECONOMY

SUPPORT THE RESISTANCE

If this briefing has been useful, consider sending a zap to the public resistance npub. Every sat helps keep the shadows alive.

npub14expwcsvnvaqgylaqx0a06vrmfpmyzq7w956hm9hwexrxw5mllcsymcqa0

ZAPS ARE ANONYMOUS • NO KYC • NO TRACE

THE RESISTANCENEEDS GHOSTS