Privacy & Anonymity

Maskr is designed from the ground up to respect your privacy. You don't need to hand over personal information to participate — and we've built the platform so that even we can't easily tie activity back to a real person.

No personal data required

Creating a Maskr account requires none of the following:

  • Real name
  • Email address
  • Phone number
  • Date of birth
  • Physical address

Your identity on Maskr is a cryptographic key pair — a public key that others see, and a private key that only you hold. That's it.

No tracking or ad profiles

Maskr does not track your behaviour across the web, does not build advertising profiles, and does not sell data to third parties. We use minimal analytics only to understand aggregate usage patterns (e.g. page views), never individual-level tracking.

Encrypted messaging (NIP-04)

Direct messages on Maskr use NIP-04 encryption. Messages are encrypted client-side using your private key before being published to relays. Only the intended recipient — who holds the matching private key — can decrypt them. Maskr servers never see the plaintext of your messages.

Decentralised data on relays

Your posts, follows, and profile are stored on Nostr relays — independent servers spread across the internet. No single company, including Maskr, owns or controls all of your data. If one relay goes offline or decides to remove your content, your data lives on every other relay you've published to.

Tips for maximum anonymity

  • Use a NIP-07 browser extension (e.g. Alby, nos2x) — your private key never leaves the extension and is never sent to Maskr's servers.
  • Use a VPN or Tor — your IP address is visible to relays and to Maskr's servers when you make API requests. A VPN or Tor browser masks your real IP.
  • Don't reuse keys — if you want to keep identities fully separate, generate a fresh key pair for each persona. Keys are free and unlimited.
  • Use a pseudonym — choose a display name and avatar that cannot be linked to your real identity. Avoid usernames you use elsewhere.
  • Strip image metadata — photos taken on modern smartphones embed GPS coordinates and device information in EXIF data. Strip this metadata before uploading images to Maskr.

What Maskr can see

Even with the protections above, there are some things Maskr's infrastructure can observe:

  • API requests — your IP address and the public key associated with each request are logged transiently for security and rate-limiting purposes.
  • Public key — all activity (posts, reactions, follows) is attributed to your public key, which is visible to everyone on the Nostr network.
  • Passkey users — if you sign in with a passkey, an encrypted copy of your nsec (private key) is stored on Maskr's servers, protected by your passkey-derived key. Maskr cannot decrypt it, but it does exist on our infrastructure.

For the strongest privacy guarantees, use a NIP-07 extension and a VPN. Your private key will never touch Maskr's servers.

15 of 21