Reading the comments below make me feel like I should maybe be expected to already know what nostr is. But anyway, I don't and reading this article, it felt like it just suddenly cut off at the end.
It explained all the traditional approaches, which are all able to help discoverability and shareability of data between servers, and then says "the solution is relays" and then describes something that doesn't seem to be relaying anything. It sounds like a single dumb, untrusted message store on a single server that doesn't relay anything anywhere. It even specifically says "Relays don’t talk to each other, and users only need to join a small number of relays to gain autonomy—at least two, and certainly less than a dozen".
Not sure where the less than a dozen relay bit comes from. Are they expecting clients to do all the relaying between the relays? If so, wouldn't you get every relay getting pummeled by a load of clients simultaneously, all trying to push the same message. It sounds like the complete opposite of what you actually want. The article seems to just stop short at exactly the point when it should say how what they're proposing actually works.
Why would "every relay getting pummeled by a load of clients simultaneously, all trying to push the same message"?
Relays get one client pushing one message. That one message is pushed to multiple relays. To your own preferred relays, as well as to the preferred relays of others who are involved in the conversation, as well as to a couple of global relays for easy discoverability.
These global relays are useful, but are interchangeable and totally replaceable. As soon as you've connected with someone you can retrieve their updates, because you know their preferred relays, and can query them directly.
In this way Nostr has the benefits of centralised networks for discoverability, federated networks for communities, and private individual web site for p2p and archival purposes.
> Why would "every relay getting pummeled by a load of clients simultaneously, all trying to push the same message"?
Because that is the obvious thing that would happen without further implementation details. A few large relays taking the brunt of the vast majority of the network. It isn't an inherently scalable architecture.
Of course you can do other stuff in addition and thereby achieve scalability. At least arguably. But then a relevant explanation needs carefully walk through those additional non-obvious details.
I'm still confused about why multiple clients would be pushing the same message, especially given that Nostr events are signed, but that's by the by.
I think "without further implementation details" is the key point here. Client developers usually have these. Sure, Nostr is still small, but there's several clever ways of dealing with scalability issues. Not least of which is the outbox model, linked in my first post.
Your criticisms of the article are valid tho. And I don't think it is unique in its failing. Perhaps Nostr's fatal flaw is in the way it is being sold by its fans, myself included.
But that's OK. It will take off as Bitchat, or Primal, or whatever the next iteration is that figures out a way of selling Nostr's benefits, without confusing people with its implementation.
> I'm still confused about why multiple clients would be pushing the same message
From the information given in the article, it states categorically that the relays do not ever connect to other relays (which makes you wonder why they even choose to misname them if they're not actually relaying anything).
It then continues saying that clients need to connect to multiple (but not more than a dozen) to be able to receive all content from anywhere. The only inference I can make from that is that a client is responsible to receiving a message from one "relay" and transmitting it to another.
The obvious question then is how does the client know if the other relays already have the message? There are two obvious options:
* The client informs the relay about every new message it receives from every other relay. That means each relay will be informed about each new message from the vast majority of the clients that connect to it, which is obviously going to be expensive. It would also put the burden on clients to remember which relays they've informed, and if they add a new relay, the client would presumably have to replay every message it knows just in case the relay is missing it.
* The other option is that the client has to query the relay for a list of every single message on the relay and only forward on new messages to the relay if the relay says it doesn't have it. This could potentially be even more expensive, and even if the client/relay maintain some kind of shared state, if the client tries another relay, it'd have to re-download the entire list of messages. Even if we're only talking about message IDs, that's a huge amount of data to download.
In any case, if relays will just accept any old message and rely on the clients to check they were signed correctly, then it stands to reason that any relay can be trivially DDoS by bombarding it with junk. The impression the article gives is that relays would never verify the authenticity of a message itself, because that would break their distributed model.
The article doesn't provide any detail about how its new "relay" solution works. It just stops abruptly after asserting that relays fix everything, with no explanation. This is exactly the reason why I said the article feels like it's cut short.
So, without any hints to its possible implementation, one can only speculate and I personally can't see any way in which this solution would be better than a peer-based solution where "relays" actually relay messages between themselves. It's possible that whatever the author has created is truly innovative and groundbreaking, but they haven't chosen to tell us why in the article.
Well, you are right. This article sort of sucks in explaining anything and it is also already outdated. Understandably your summary of how it could work is wrong and the article is indeed to blame.
My suggestion would be to skip it and learn about nostr from other sources. I'm on Nostr since almost the beginning and it's been very exciting to watch. For reference my android client app (Amethyst) is currently directly connected to 390 relays (using the new "outbox model") and it works well, no slow down, no battery drain.
Nostr is one of those thought-terminating cults, you know, identical to "blockchain solves this" or "AGI solves this".
And "Nostr can't be censored" is, of course, a statement identical to "Blockchain solves all consensus problems" and "AI can do anything better than a human."
P2P with end-to-end encryption over relays existed in 2001 (e.g. Groove, Mojo Nation) and wasn't invented by Nostr.
Nostr is so simple because it handwaves away the fact that everybody seems to use the same small set of relays and there's nothing stopping them from censoring the network. I'm also not aware of any incentives for the relay operators either.
This exactly. Worth mentioning that "censoring" can occur in any of a number of ways; blocking select traffic, slowing select traffic, "forgetting" specific nodes, redirecting other nodes at will, performing MITM attacks (if the protocol isn't secure), etc etc.
Also, beyond just no positive incentives, there are nontrivial negatives... they're hubs for an entire network, which can be a lot of traffic and bandwidth if peers are sharing anything other than text. That's a potentially significant cost for literally just being a dumb router. The idea of charging for this doesn't make sense... you don't choose a router, it's automatic based on location, so there's no incentive for quality. That ends up being a race to the bottom, which there's no room for arbitrage; prices are driven down to near-zero profit.
Abuse-wise, the model is fundamentally flawed. Economically, the idea kinda works so long as hub traffic is low enough to be swallowed in background noise for whoever manages the hub. Beyond that the model breaks pretty quickly.
Read up on the outbox model and zaps. Also check out Bitchat for a real world example of Nostr being effectively used without even requiring Internet connectivity.
You cannot censor Nostr.
Also, check out how zaps work, and relay authentication. You can charge for relays if you want.
Can you summarize how those prevent the listed problems? Tossing around absolutes like “you cannot censor Nostr” sounds like a religious assertion rather than technical analysis.
I have posted very similar replies to other messages in this thread and don't want to repeat myself too much at the risk of being considered spam.
But... Outbox model prevents censorship because you push your (cryptographically signed and so impossible to impersonate) messages to multiple relays. To your own preferred relays, as well as to the preferred relays of others who are involved in the conversation, as well as to a couple of global relays for easy discoverability.
These global relays are useful, but are interchangeable and totally replaceable. As soon as you've connected with someone you can retrieve their updates, because you know their preferred relays, and can query them directly.
In this way Nostr has the benefits of centralised networks for discoverability, federated networks for communities, and private individual web site for p2p and archival purposes. As well as making it impossible to censor.
And if you take down THE ENTIRE INTERNET in order to censor Nostr? Well, Bitchat is Nostr via Bluetooth Mesh Networks. Do a quick search and find out where and when it has been used (Nepal, Indonesia, and elsewhere)
And as for zaps fixing the economic problem, I'm not sure what else to say other than you can give and receive value directly using the Lightning Network. It is seamless in most Nostr clients, and built into the Nostr protocol. If you don't believe in Value For Value (v4v) then you can just charge a fee, and the economics problem is solved.
NOSTR is a protocol that doesn't detail all implementation details so it wouldn't be fair to point HTML as culprit for flaws of web browsers.
That is a good paper, the leaks are mentioned the app Damus (notes browser) which wasn't really much worried about verifying the authenticity of the notes. The details: https://crypto-sec-n.github.io/
These are apps developed on free time and made available for free so these issues are bound to exist and be repaired.
A government could make it illegal to run or connect to nodes. It could DPI traffic in and out of the country, and block known nostr relays. Or it could just mandate that smartphone manufacturers block it, which would take out a large fraction of potential users.
(How does nostr avoid hosting known CSAM? Because that is the one thing that law enforcement will definitely come after)
Sure you can. A relay operator absolutely can censor what goes through their relay. More to the point, you cant even prove that such censorship has occurred.
Nostr is censorship resistant in that you can publish to multiple relays, but that is far from censorship-proof.
The concept of public library are the "super-relays", which are always available and basically accept any note you send their way.
It is "kind of" like reinventing email with PGP. Main difference is that you can choose to send the message in plain text with a cryptographic signature that proves it was sent from you or full encrypted like PGP.
There is still (in my opinion) a disadvantage when compared to PGP: key rotation. Once you create a key pair in NOSTR it is your identity forever, whereas in PGP you have mechanisms to declare a key obsolete and generate a new one.
In overall PGP failed over the last 30 years, sharing public keys with other people was always the biggest difficulty for real adoption. With NOSTR this process is kind of solved but we are yet to see about adoption.
You are correct that it existed well before, the difference is that it was always complicated to use. Heck, we have been able to send PGP emails since almost 30 years ago.
The innovative concept is that npub/nsec along with sending notes is trivially simple. The content does not need to encrypted, there is a huge value on publishing clear text messages that are crypto-verifiable. You also didn't had this feature on groove and others. I'd argue that NOSTR has indeed pioneered them into mainstream.
"I have been self-hosting my email since I got my first broadband connection at home in 1999. I absolutely loved having a personal web+email server at home, paid extra for a static IP and a real router so people could connect from the outside. I felt like a first-class citizen of the Internet and I learned so much.
Over time I realized that residential IP blocks were banned on most servers. I moved my email server to a VPS. No luck. I quickly understood that self-hosting email was a lost cause. Nevertheless, I have been fighting back out of pure spite, obstinacy, and activism. In other words, because it was the right thing to do.
But my emails are just not delivered anymore. I might as well not have an email server.
(After self-hosting my email for twenty-three years I have thrown in the towel, Carlos Fenollosa, 2022)"
If you do all the stuff (DKIM etc) AND you're not on a banned IP, you're fine. It seems like this person couldn't find a non-banned IP. I know plenty of people who self host email and successfully send to Gmail.
Yep. Know plenty of selfhosters who run email successfully. In fact, with all the email in a box packages out there, it's never been easier to self-host emails. One recommendation for those who are interested, is to choose a reputable VPS host with clean IP:s.
considering most people today only use 3 or 4 big email providers i can see the exact same happening for nostr, the p2p part seems more like a gimmick than a protocol requirement
Nostr has the benefits of centralised networks for discoverability, federated networks for communities, and private individual web site for p2p and archival purposes.
As I have said in other replies to this post, read up on the outbox model. Global relays are useful, but are interchangeable and totally replaceable. As soon as you've connected with someone you can retrieve their updates, because you know their preferred relays, and can query them directly.
And there are incentives to running a global or community relay. Read up on Zaps. With Nostr, you can give real value via the lightning network, and it is built into the protocol. This allows you to charge for usage if you so desire. And then there's all the other reasons why people run community web sites or global services.
Nowadays a NOSTR "relay" isn't exactly a relay any longer, is it?
Should likely be called a "database server" since it's main purpose is to host user data and perform queries over it. A relay is something connecting two devices and makes a best effort to get out of their way.
Nevertheless: NOSTR is the most exciting social network that I've seen in the past 20 years. The concept of owning the keys without a blockchain associated enables not just decentralization, it also permits a complete offline functioning to login, view private messages and so much more that isn't possible from any other popular social network predecessor.
I've been looking at that for quite some time, even met teams members developing the product. Sorry to say: both are fundamentally different technologies and philosophies.
NOSTR "accounts" are meant to trivially generated and used outside the context of micro-blogging. That is the reason for being popular, the npub becomes a signature that validates texts and there is value in that.
AT always feels like mastodon meets RSS with US-centric political moderation on top.
I wouldn't write ATProto off as just microblogging, there are a bunch of interesting (and exciting depending on your POV) apps out there that _aren't_ microblogging apps. To name a few:
This is something you opt-in to. Two concepts, labels and moderation policy.
You subscribe to "labelers" which will apply labels to posts. You can subscribe to many labelers. Some labelers will be generic or some will be focused on a certain idea/niche. You might have a labeler focusing on nsfw content or another for human vs ai content. Or one who just tags spiders. Labels can be anything, and are stand alone data objects in the atproto ecosystem.
Your moderation policy is up to you, on how to handle those above labels. You can decide to allow, warn, or block for each label applied by your labelers. Warn shows a content warning you must click through first to see.
Bsky does have a default labeler and moderation settings when you sign up, which you might be experiencing.
It can be done by the author (self-label), by an app, or by third parties (moderators/curators), depending on the trust model.
Other clients can decide to use that classification/label
--
For moderation purposes. If the behavior is closer to abuse (spam, scams, harassment...), use NIP-56 (Reporting). Reporting harmful/should-be-moderated content.
Thank you for explaining how it works. I'm building a decentralized platform and NOSTR was the first choice as base for signing messages and identities. There is the will to include other protocols (even IRC is supported as entry method) but whenever approaching AT there are always obstacles.
In fairness here, when it comes to large distributed networks, this type of scaling is generally unacceptable.
But yes i agree its really sloppy for them to say exponential. I'd actually call it linear since what matters (mostly) is how many connections each node has to do, not the total number of connections in the system.
Nonetheless imagine if email worked by making a connection to every computer in the world to check if they had mail for you. It would obviously not work.
Every social media platform needs to a solution to:
1. Content discovery
2. Spam
3. Content moderation
I can see relays offering unique solutions to each one. But now they are more than just dumb servers.
You get to the point where you might as well just write posts locally then submit them to X, Facebook, etc. You get the same result. And if you include a cryptographic signature with each post, you can prove you are the same person across the different platforms.
NOSTR is built to behave like existing platforms when desired. You are forgetting the fundamental difference that brought NOSTR to life: your identity and your texts being verifiable as yours.
NOSTR was a response to the situation where virtually all other social media platforms could basically block your identity and delete all your posts. There is no such drastic possibility at this platform. Sure enough that relays might refuse to receive messages from a user and delete notes from their servers but they will never be capable of silencing that user and he can continue sending his (verifiable) messages to any other relays out there in the internet. Followers of that person will continue to read his texts without disturbance, which is quite relevant when not long ago you'd see large groups of people de-platformed when refusing to inject toxic substances on their bodies.
It is a world of difference between centralized/federated platforms to NOSTR where your freedom to write messages as yourself can never be taken away.
No, they're verifiable as having been signed by a key. You can still call yourself "Michael Jackson's Ghost". This is the only identity verification people care about, the big bad "send us proof you are who you say you are" gate.
"Boom. Same as Nostr, but with existing platforms" - Except without the ability to give and receive real value via zaps, and at the risk of being censored, and losing your entire audience at the whim of the network operators.
Spam is basically a solved issue. There's both proof of work and paid relays, not to mention web or trust. It has been at absolute worst a minor annoyance.
There's plenty of ways to discover content on Nostr, from hashtags to channels to location based chats to just following some interesting people. It's perhaps not as frictionless as X, but imho that's a feature not a bug.
> It has been at absolute worst a minor annoyance.
This is easy to say when there is little adoption and attackers don’t care about the network. It doesn’t mean it’ll remain true if that changes. Proof of work is much less effective when people are willing to use botnets and paid relays complicate life for regular users so there’s a cap on how aggressively that can be used.
How much money have people spent on Bitcoin because of PoW? All those billions were spent because as a speculative vehicle they thought they’d see even greater returns but that doesn’t mean that any other service will see a correspondingly high willingness to spend large amounts of real money.
This is especially challenging in the social space where people are accustomed to not paying and you have significant network effects from anyone being able to sign up for free. Bitcoin’s transaction fees are one of the major reasons why it failed as a currency and that has orders of magnitude fewer messages.
You missed the point of what he is saying. The point is, proof of work used to post stuff to relays etc. is not solving the spam issue that Nostr is yet to face due to network effects. Your quip about people care about PoW because bitcoin uses it is just a very unrelated statement that is super off base.
Nostr relays are like Discord "servers" if they were actually servers you could deploy yourself and each client had a cryptographic identity and was used in DMs. You can have the same UI to interact with them all. But they are disjoint. You can interact with people in the channels as long as you subscribe to the same "relay" etc.
Also you keep bringing up Lightning as if it is successful but it is not. It failed in every way. Its model simply does not make sense unless you are a node that receives as much as it sends or sends as much as it receives. You know this yourself if you are a Lightning user. Bitcoin is cool, crypto is cool, even Nostr is cool but some of your statements are conflicting with each other and they aren't making great points.
I tried Nostr but like a lot of people here have been saying, it falls short in many ways due to the way it is structured. Relays are not really relays, they are more but also less. They are like community servers. Sure you can connect to many, have the same UI, but they are still disjoint and feels lonely.
You keep saying you can sign your messages and there is value there to people who are saying it is censorable in the ways they described.
This is not a personal thing, I want to like Nostr and I tried using it. I can and would probably get some use out of using it as a pubsub or message delivery infrastructure for two things I want to connect but what if the relay goes down? It is like a centralized pubsub messagebox thing. But can't even do that fully.
That other guy that said it is just like writing a message, signing it, posting it on X, Facebook, YouTube and BlueSky. People who follow those places can see it. There needs to be some sort of relay to relay communication (actual relaying) that needs to go on. And that wouldn't scale, even if it would work for now.
Protocol itself is simple and nice to have. Could be cool as a transport. The concept is uniquely situated too but using it the way it initially came out as feels like trying to shove a square into a circular hole.
I'm building a Nostr app (+- 2mio notes). There is a lot of spam and much worse content.
But it's kinda a solved problem (not through PoW) but through Web of Trust and not having algorithms. You see what the people/communities you follow post.
> I tried Nostr but like a lot of people here have been saying, it falls short in many ways due to the way it is structured. Relays are not really relays, they are more but also less. They are like community servers. Sure you can connect to many, have the same UI, but they are still disjoint and feels lonely.
I'd like to know more. Imho the fact that relays are dumb is a feature.
> You keep saying you can sign your messages and there is value there to people who are saying it is censorable in the ways they described.
All messages are signed. There is no way NOT to sign a message. This comes with the advantage that you don't need to trust the relays/pipes where messages go through which is an immense benefit
> This is not a personal thing, I want to like Nostr and I tried using it. I can and would probably get some use out of using it as a pubsub or message delivery infrastructure for two things I want to connect but what if the relay goes down? It is like a centralized pubsub messagebox thing. But can't even do that fully.
Relays go down all the time. There was an experiment where a major relay (Damus) just deleted the entire dataset. People barely noticed. And as any client (not just the author) and other relays can re-broadcast events the relay eventually recovers.
> There needs to be some sort of relay to relay communication (actual relaying) that needs to go on. And that wouldn't scale, even if it would work for now.
There are three mechanisms that do that:
- clients posts to multiple relays
- clients/followers can rebroadcast notes (to other relays)
- quite a few relays are syncing (negentropy sync)
> Except without the ability to give and receive real value via zaps, and at the risk of being censored, and losing your entire audience at the whim of the network operators
Please take a look at my other replies to other posts.
Read about the outbox model, or Bitchat.
The large relays are not required. They are a public service but not essential. There are plenty of community relays charging for access too, and the outbox model means you're not even depending on them. Nostr can and does successfully operate via even Bluetooth Mesh Networks. Search up Bitchat and see how it has been used in Nepal, Indonesia, and elsewhere.
if the solution to censorship is flooding the network posting the same message to multiple of their preferred relays in hopes that the recipient gets it, what happens if i get banned from all their preferred relays? i dont think i can message them directly so im effectively blocked
Your followers fetch the note from your relays. You tell the network where they can find your notes (self hosted relay) and their client will take the effort to find your content
Relays are not coordinated. For every relay A that bans you because you say X, there will be a relay B that welcomes with open arms if you say X.
If the recipients want to hear all the facets of discourse around X, they will subscribe to A and B. If they really hate X, they will subscribe to A but not to B. If they really love X, they will probably subscribe only to B.
Compare this with Mastodon, where your favourite server can decide to exclude other servers, so if A decides that X is toxic, you will never see X as long as you use A.
Spam and content moderation are basically the same thing. In both cases it's hiding things from the user that the user didn't ask for or want to see.
Unless by spam you mean denial of service attacks. Which should probably be a point of its own anyway. It's the main killer of the decentralized internet currently.
the extra curve with spam is that it must be made economically expensive for the spammer. spam is more of a DoS attack than just content i'm not interested in.
Yeah, true, but now you have to manage 5 accounts on the 5 major social networks, all with different rules, format, public, moderation guidelines. It can be done but it starts to sound like a job.
For who might be pulled in by the vague title, not knowing what a nostr is, thinking this article has anything to do with evolution - it has nothing to do with evolution or nature. Not one example of nature trying to evolve a nostr is descibed.
Maybe like... the author thought a nostr is similar to, I dunno, a pack or tribe or something?
It's clearly a tongue in cheek joke about the progression of projects with similar goals that reach imperfect outcomes, with the implicit assumption that Nostr represents the ideal solution.
There was a “nature keeps evolving crabs” meme that was floating around a while back, I think it is a reference to that. I was also disappointed by the lack of nature, evolution, and crabs in the article.
The problem is that (to use the comparisons given in the article) Nostr is a statically peered superpeer.
All the "downsides" of a superpeer (as the article says - "centralisation with extra steps") but without the benefit of dynamic peering thereby resulting in incomplete routing.
i.e. by its nature Nostr results in a fragmented network, which ends up looking very much like the federated network, albeit more interconnected.
Thats not necessarily a bad thing, but its a bit of a confused article, IMHO.
That's true. The hope is that users will favor generalist / unbiased relays (less fragmentation by design) rather than heavily biased / restricted ones. Maybe even fund them: I will pay you as long as you don't start banning large swathes of the network just because you don't like what they say.
Users you follow can also advertise relays behind the scenes, so it's more probable that, if you follow a coherent set of users, you will converge on a coherent subset of relays that doesn't really feel fragmented.
For all the faults of current Fediverse software implementations, it at least gives more options than nostr. If you don't care about controlling your own identity, you can use someone else's server. Nostr doesn't give you that, it's all or nothing.
No thank you. That last thing anyone should want is governments holding ownership over their private keys.
Private companies are bad enough, but at least they won't declare you an undesirable for your political beliefs or religion or ethnicity or gender identity or sexual preference or whatever and shoot you in the head over it.
Except where governments and private companies collaborate, which of course happens (looking at you literally every American social media platform.)
Neither do all EU member states (in case you mean that by "European") issue ID cards, nor do the ones that do universally enable them for digital signatures.
Many EU countries have existing e-signature rails completely independent from physical ID cards, which only have to conform to ICAO document verification standards (and these are intentionally not usable in an e-signature context).
German ID cards also support eID functionality on their citizen ID cards and even permanent resident ID cards, but ironically EU citizens are qualified for the issuance of neither, so they had to introduce another type of card for them to not run afoul of EU anti-discrimination laws.
All of this is currently pretty messy and there's only limited practical cross-country acceptance of eIDAS signatures, but is supposed to get unified under the banner of EUDI (EU Digital Identity) "wallets".
has been the case for Hungarian ID cards for a decade now, but it was never really used, except maybe by burorats in gov offices to access their systems.
but no one understands it, including the people who need to issue new signing keys.
it didn't get anywhere really. it was just a good opportunity for a lot of taxpayer money to... "lose its taxpayer money nature" (actual phrase by an actual politician when cornered by questions).
and now they are "moving on" to an app that must be installed on your phone to access more and more services.
ID2030 is roaring on worldwide... soon mandatory iris scans, vaccine implants, and who knows when they will try to roll out mandatory brain implants against thought crimes.
the more i think about the sign of the beast (as an atheist), the more sense it makes.
Normies manage their house keys just fine. Obviously crypto keys come with different challenges but that's a UX problem. People losing their house keys is not generally an Earth shattering event. Losing a crypto key doesn't have to be either.
A wallet is easier to lose than a bank vault, but it also holds less money for the same reason. Crypto keys can be designed the same way, with high importance keys managed by safer means like m of n schemes mixed with traditional "hard" storage in geographically distributed safe deposit boxes or whatever, while less important keys can be treated in a more relaxed fashion.
This analogy misses the entire system keeping house keys manageable. If you lose your keys, a locksmith can help you regain access cheaply and quickly because there’s an entire legal system allowing you to prove that you are the legitimate owner. The system you describe for crypto keys is not only significantly harder to use but also lacks that cushioned landing if any part of that fails. Any teenager with poor impulse control can toss a brick through the window and gain access to my house, maybe even grab the spare keys, but they couldn’t occupy it for very long or transfer it to a new owner, which is a significant risk mitigation compared to those crypto keys even before you consider how many more attackers you have to worry about online – there’s no real-world analog to some guy phishing someone on the other side of the planet to post ads or make fake reviews, secure in the knowledge that their local police don’t care.
>People losing their house keys is not generally an Earth shattering event.
yes because if you lose your house keys you don't lose your property, precisely because there is an entire legal and governmental apparatus securing it, the exact thing the crypto people first try get rid off and then reinvent (shoddily) when they inevitably discover that nobody wants to live in the jungle
Not really sure this analogy works since the usability of my house and everything in it is unrelated to having them. The house keys only make getting into my house easier.
> People seem to manage their whatsapp (or signal, etc) keys just fine.
The opposite is the case: WhatsApp and Signal manage the keys for them, mostly in the background (unless you actively verify identities).
You can try it yourself: Turn off your phone, ask a friend to send you a message, throw your phone into a volcano, reactivate your account on a new phone without entering any secret keys. You'll still receive the message.
I personally think that most of Signal's and even WhatsApp's tradeoffs are reasonable for a product with an adaption of hundreds of millions, but it's decidedly not cryptographic self-custody.
My point is that is this is not a trade-off but a complete violation of the principles that are used to justify the existence of nostr.
Nostr's whole shtick is about "users owning their keys". If I can not change the keys used on WhatsApp or Signal, I do not own them. They are not in the same class, so the comparison is moot.
It is not about the difficulty, it's the potential consequences.
People also take care of their house keys and their wallets, but If I lose the keys to my house, it isn't automatically taken over by squatters and if I lose my ID card I can issue a new one quickly.
What happens if you lose the cryptographic key to your nostr account? Who do you call for help?
What happens when the key is lost, and the consequences like "lose all your money" or "lose your account access" are non-starters, as someone who owns a hardware key for my email account
Multi-sig wallets are even more complicated and not for normies
what happens if you lose your password? You click a link to reset it, and it gets sent to your email. What happens if you lose access to your email password?
"Take some ordinary, off-the-shelf servers. Treat them as dumb, untrusted pipes. Their job is just to relay information. They don’t own the keys—you own your keys. You sign messages with your key, then post them to one or more relays. Other users follow one or more relays. When they get a message, they use your key to verify you sent it. That’s it!"
I feel projects like nostr ignore inherent human requirements for social networks. This is a striking quote from their landing page:
"Nostr doesn't subscribe to political ideals of "free speech" — it simply recognizes that different people have different morals and preferences and each server, being privately owned, can follow their own criteria for rejecting content as they please and users are free to choose what to read and from where."
Their statement underlines the fact that nostr is a stream of dirty sewage and they want users to submit their valuable user-created content into this sewage. Then they turn around and say that the sewage is not a problem because you can filter it and even use it as drinking water later on!
I don't see how a person with real-life social rank and social capital will sign up to something like this, or be willing to maintain a technical interface to the "stream of different morals".
You'd need to put immense trust into the "filtering" process so that you are not involuntarily exposed to rubbish. And on the other hand your valuable user-generated content could be showing up in another context with your name attached, directly next to some extremely degenerate trash created by "people with different morals" as nostr calls it. Advertisers have big problems when their brands are advertised next to problematic topics, it is the same with people.
How can you rationalize this as a good value proposition? People want to impress an audience with their user-generated content. And you only want to impress someone you look up to.
If I could sign up to a social network of people who can put a nail into the wall, take a daily shower, brush their teeth, and live in a democratic country I would immediately do so. If I want to get exposed to "different morals" I just open any of the other existing social networks. Until then I'm stuck here :P
"Each server, being privately owned, can follow their own criteria for rejecting content as they please and users are free to choose what to read and from where."
Doesn't this same line of thinking apply to the Internet as a whole? Couldn't your question of "Why would anyone use Nostr?" equally be asked for "Why would anyone use a web browser?"
It depends on if you frame it as a service versus as infrastructure that a service uses. The public roadways are similar streams of unfiltered sewage yet we see billboards along them and large businesses that care about appearances connect to them. Meanwhile gated communities also exist but are far from the norm.
> showing up in another context with your name attached, directly next to some extremely degenerate trash
Check out police bodycam footage on youtube for real world examples of exactly this.
> You'd need to put immense trust into the "filtering" process
I think their audience for that page is people who want to implement those filters. It's not like you can log into nostr and start browsing any more than you can log into https and start browsing.
I don't appreciate the content either but a protocol that doesn't create high value targets for corruption (e.g. certificate authorities) is useful independent of the regrettable vibes that its fan club has. You're not going to catch their cooties if your public key is database-adjacent to someone else's.
One could easily test the author's conviction on "rejecting content as they please" by spamming them with horrible stuff for a few months and the author would learn why 100% of content moderation should not be pushed on the individual user.
I think that moderation should be pushed to the individual user to avoid censorship, but not in the form it's currently implemented by all these platforms.
To give an example on how I think moderation should work. If I follow you and you follow me on some nonexistent platform Y. You see the content I upvote, and I can see the content you upvote. So we'd start with block all by default, with transparency of why something is in one's list.
I pitched a P2P platform like this years ago to NLNet (taking heavy inspiration from I2P's Syndie app, minus the funky UX), though I didn't manage to get any funding due to missing clout as a public developer; to lead such an effort.
I mean from multiple accounts. The idea is that they will get tired of constantly have to block content they don't want to see and they will understand why other people try to enforce stronger moderation defaults.
i'm booted from facebook. does that really mean that i have no "real-life social rank" anymore?
in fact, the further mainstream social networks evolve, the more social rank it started to bring not to be there, and/or having been booted. it's early on this path, but i started to notice the signs.
By the “sewage” analogy you are expressing the assumption that the vast majority of what people write is outright toxic and that being exposed to it is actively hurtful.
My experience on the internet does not reflect this, this is a very pessimistic view of people, bordering on perl-clutching.
Most raw user generated feeds are not great sure, but it’s mostly mediocre jokes and mildly provocative takes from bored trolls, and that’s usually a loud minority. Most people either lurk or make a modest effort now and then, particularly in niche communities like this where most people aware of it will already be fairly deeply immersed in tech. People have better things to do than to constantly be aggressively offensive, I imagine it gets old fast, and you really need to go out of your way to write something that legitimately hurts an adult.
Sure of course there are corners that are cesspits of hate, but they tend to band together and it is quite hard to bump into them accidentally. And when you do, you just feel slightly disgusted for a second, turn back and forget about it.
Some moderation is critical, but it usually needs to only be enforced for a few bad apples, most people act with decency and common sense, even when anonymous. And yes including people with lesser means and/or from shitty countries. People from different cultures are mostly the same when you peal away superficial customs, and I find much more in common with someone of my age with similar interests from the other side of the world, than with a grumpy old neighbor frankly. At least that’s my experience.
My experience is that most forum style social media has been devoured into the reddit world, and furthermore that any attempt at making an offsite version of reddit or similar forum-like functionality is either locked down with rules that would make the Stasi blush or quickly converges on a new Stormfront forum.
The problem with reddit's panopticon moderation, with its ill defined, nebulously (and now AI) enforcement of sitewide policies, ends up repressing a negative behavior rather than refuting it, and, when people move to a similar off-reddit site, they are itching to start taking part in discourse they weren't allowed to before.
The end result is that people who are used to policing their own speech to avoid the panopticon rather than because it's the right thing to do eventually lose that moral code that was previously shaped by discourse and pushback from their peers rather than anonymous opaque moderation.
Repressing rather than refuting pretty closely models real life though.
Usually if you violate social norms people just push you out of the group and not bother explaining it to you. Not always, but usually. Yes if it is so bad it gets violent or something you will find out for sure why, but if you just show up to a friend function and start spouting off about gassing the jews or something most likely people just won't invite you back and never explain why.
Actually finding out why you were violating social norms I've found is mainly found either on the internet or from your parents when young. Hardly anyone in real life is going to bother telling you why, especially when some people are liable to act violently and there is no upside to them for bothering to explain it to you.
Socialization usually involves corrective action and nuance. A platform that will give you an AI issued permaban for saying "Say that again and I'll knock ur block off pal" about some silly topic makes people too aware of the repression and then it's sublimated in communities that approve of actually heinous stuff.
> If I want to get exposed to "different morals" I just open any of the other existing social networks. Until then I'm stuck here
I think the point is that "opening all other existing social networks" to get a rounded point of view has immense friction, especially in an enshittified world. Even with supposedly non-enshittified solutions like Mastodon, for example, you have to subscribe with different users to distinct instances that allow only a subset of the network and manage that for you. They can alter their banlist behind your back, for starters, so you have to manage that as well.
The proposal of Nostr is that you can follow as many relays as you want, in the same app, with the same user. Compare to having separate accounts for Facebook, X, Threads, Instagram, Telegram, TikTok, YouTube, <woke-friendly Mastodon instance> and <reactionary-friendly Mastodon instance>.
With millions of daily users Mainline DHT is the most successful truly decentralized social network.
Successful decentralization is about incentives, and Mainline DHT's incentive is downloading digital media for free.
I asked this in another comment, but why aren't we using DHTs for peer discovery for social apps? The ratio mechanic provides incentives in the file sharing realm, but you need different incentives for the threaded chat realm.
We already see "paid relays" and relays that filter certain content, even as small as nostr is today. I think the end state, if it manages to really catch on, is going to be as "oligarchical" as mastodon or other federated networks today - just via relays instead of via homeservers.
A step in the right direction for sure! But I don't feel like Nostr is the final target that nature is shooting for here.
The solution to bad relays is to just use different relays. Changing your relays is just a matter of publishing a new 10002 relay list, and optionally copying over your old notes (or reseeding them from local backups).
+1, user owning the ID is a step in the right direction compared to "homeserver" owning the right key and makes this possible.
That said - maybe (total hypothetical) the reason one relay becomes really big is because a lot of people think it provides really good service, and maybe it's difficult to convince the majority of the network to route around it. This would create a similar problem to what we see in more well established federated chat networks.
It has been long predicted that federated models (like Nostr) just degrade into a few providers that monetize in the same way they would if the network was centralized. It's the worst of both worlds between centralization and real decentralization — which (unfortunately to the haters) almost certain requires Byzantine fault tolerant consensus (blockchains).
Nostr doesn't even have the decoupling afforded by what we typically think of when we think of federated networks (email, activitypub, matrix). If you and another party aren't using the same relay, there is 0 way for you to interact. It assumes either you pre-agree on a relay (sticky defaults encouraging centralization) or shotgun messages to many relays (economies of scale encourgaing centralization). The protocol explicitly forbids relays from forwarding to each other.
Nostr is a very simple protocol that could have been invented in essence in 1995. There's a reason it wasn't invented until recently, because it's difficult to build robust protocols with good guarantees about discoverability and reliability with a foundation that is as limited as it is.
This is not true. Read up on the outbox model. I have linked it elsewhere in replies in this thread.
You post to your own preferred relays, as well as to the preferred relays of others who are involved in the conversation, as well as to a couple of global relays for easy discoverability.
These global relays are useful, but are interchangeable and totally replaceable. As soon as you've connected with someone you can retrieve their updates, because you know their preferred relays, and can query them directly.
That's exactly what I'm talking about with having pre-agreed relays. Those relays become preferred as a sticky default, especially with low-sophistication users that don't have organic onboarding paths away from the sticky defaults.
Everyone can announce to the network where they read/write from. Clients can figure out (based on the people you follow) from which relays to get the content.
I've been using it like this for nearly a year. It works
It's a little different to federated networks like GNU Social/Mastadon since the data and the relay are separate. You can post the same data to multiple relays and read from many relays simultaneously. Meaning you aren't tied to picking a single relay with network effects, and although a big relay going offline might cause temporary chaos, it's fairly easy for new ones to be set up and added to clients, without having to explicitly move things like accounts and so on.
- how well does such an ecosystem resist enshittification? Given some of the other comments, Nostr itself would not. However, is that true for every relay networks?
- does the Willow protocol have the same basic constraints? I know willow works with user-owned keys, but can it also organize as something similar to relays?
- local-first apps organized this way would be an interesting ecosystem
- how well would this work with keyhive? (Local first access control)
Something that I feel is missing in this conversation is that IMO a multi relay architecture like Nostr is not trying to solve moderation or remove it altogether: it's trying to make activist moderators less relevant.
Activists, in this case, are people with a social mission that they deem it's more important than any other considerations: they think ideology K is dangerous and they are trying to prevent as many as possible recipients to be exposed to it. They will report you on Threads or Facebook to ban you, if you speak in favor of K. They will send e-mails to your employer. They will even send bomb threats to venues where you gather to celebrate K. If they are moderators, they will not only ban you if mention K in a positive light, but they will try to avoid other people from hearing K-speech as well. If they run a Mastodon instance, for example, they will have a ban list of other instances that are K-friendly, and they will make sure that, if you are using their instance, you can't see any posts about K. If you're curious about K, now you have to do the inconvenient dance of switching between two instances that in theory should be federated, but in practice are two different networks that don't speak with each other. This is good for activists, but bad for you, if you don't want to take sides on a culture war you don't really care about.
A relay-based architecture makes the work of activists a bit less relevant: they can still run their instance and ban every mention of K, of course, but now you can subscribe to their instance AND another instance that doesn't ban people who speak fondly of K, and they can't limit or control that in any way. In theory (and everything is a bit theoretical at the moment), relays that heavily censor certain topics are less preferable to a generic public than relays that don't do that, so activist moderators will pay their effort to shape discourse with less participation from users. Of course, if relays ban something universally considered bad, such as spam, they will have more success than if they ban some heavily divisive point of view that 50% of the public shares. In theory, these controversial actors can even advertise friendly relays without you knowing, and your client can decide to follow them transparently (the intent is "I want content from this user", the behaviour is "follow relays they advertise behind the scenes"). Of course they have to do that before they're banned, but the point is that, for every activist relay that tries to remove K from public discourse, there will always be one or more generalist or counter-activist relay that welcomes K, and you can choose to follow both at the same time, with the same client and the same identity, and nobody can do a damn thing about it.
This is one of those statements that sounds reasonable because K is a variable, but it actually matters what the content of K is. You can start by inserting "CSAM" and work from there, until the police arrive.
> Of course, if relays ban something universally considered bad, such as spam, they will have more success than if they ban some heavily divisive point of view that 50% of the public shares.
You can add CSAM to that. Also, legality always trumps any other consideration: if you're doing something illegal in your country, you should expect your country's police force to come and get you, there's obviously no relay architecture that can prevent that.
My point applies more to situations where K is not illegal, but heavily divisive.
It is all wishful thinking and beside the point. Pubkey auth and normies do not mix. They lose their keys, their identity, their history, then back to zuck or elon’s plantation where things can be administratively resolved.
Disagree though, people manage keys just fine, or they can be thought.
But even if there are people in the world that never get it, it could be outsourced to a central identity provider that manages your key and messages. For the end user they would have a user/password combo they can reset.
If the network becomes more popular someone will definitely build something like that.
The technical capabilities (remote signers, bunkers, ...) already exist
rglullis wrote that they "do not want to". I went a step further, expressing that they couldn't even if they wanted to. Not necessarily from lack of understanding so much as poor computing habits--malware, crashes without backups, forgetfulness, post-it notes in the same household as untrustworthy relatives, etc. Normies need the administrative solution, but then we're back to Sauron.
> The combination of layered system and uniform interface constraints induces architectural properties similar to those of the uniform pipe-and-filter style.
See also Figure 5-8.
The dissertation is all about deriving that network style.
The key thing is that all messages are signed and have a few standard fields, making them easy to replicate across many relays while maintaining the ability to verify their origin. And the second thing being that it is based on websockets, allowing the client to maintain an open connection and have new data be pushed instantly rather than relying on polling.
Yes as with many things these days it just makes it easier to integrate with existing systems, like web browsers. So you can have an entire client built into a web page without needing special server software to translate between NOSTRs native connection to a websocket. Plus it makes hosting easier in some cases.
The presentation of blockchains as some kind of historical imperative would be downright Marx-like if it weren't for the primary difference that Marx put some thought into justifying his position. It's eminently possible to cryptographically secure software without lugging around an immutable distributed database because you're emotionally invested in the idea.
the blockchain is useful in solving double-spending problems in purely p2p applications. Aside from cryptocurrency, take for example name systems like namecoin or ENS: these systems need a way of reconciling who owns what, which involves synchronizing some data across the whole network.
It is inefficient, but the inefficiency seems to lie at some fundamental problem with p2p. Centralized systems need to do the same synchronization, but between fewer actors, and may outsource some of the verification for an exponential increase in speed.
blockchain isn't inefficient because it's p2p. it's inefficient because it assumes peers are untrustworthy and solves for that by imposing a proof of work, requiring cooperative peers to waste more electricity than bad actors.
After setting up dkim, dmarc, etc. I've had no problems in the past decade except for one person using aol. I told him that his email was broken and if he wanted to receive my email he needed to fix it. I don’t count such things as deliverabilty problems, but as receivability problems on the other end.
I’ve never sent any kind of bulk email and I suppose my host has a good IP. Everything I do depends critically on email deliverability, often to addresses I’ve never sent to before, so if I had a problem I would certainly know about it.
I think the people with the soundest minds are the ones who are willing to accept that the idea of social networks as they used to be are going the way of the TRL countdown.
And what they’re about to become is going to be something more like political yard signs.
It explained all the traditional approaches, which are all able to help discoverability and shareability of data between servers, and then says "the solution is relays" and then describes something that doesn't seem to be relaying anything. It sounds like a single dumb, untrusted message store on a single server that doesn't relay anything anywhere. It even specifically says "Relays don’t talk to each other, and users only need to join a small number of relays to gain autonomy—at least two, and certainly less than a dozen".
Not sure where the less than a dozen relay bit comes from. Are they expecting clients to do all the relaying between the relays? If so, wouldn't you get every relay getting pummeled by a load of clients simultaneously, all trying to push the same message. It sounds like the complete opposite of what you actually want. The article seems to just stop short at exactly the point when it should say how what they're proposing actually works.
Why would "every relay getting pummeled by a load of clients simultaneously, all trying to push the same message"?
Relays get one client pushing one message. That one message is pushed to multiple relays. To your own preferred relays, as well as to the preferred relays of others who are involved in the conversation, as well as to a couple of global relays for easy discoverability.
These global relays are useful, but are interchangeable and totally replaceable. As soon as you've connected with someone you can retrieve their updates, because you know their preferred relays, and can query them directly.
In this way Nostr has the benefits of centralised networks for discoverability, federated networks for communities, and private individual web site for p2p and archival purposes.
Because that is the obvious thing that would happen without further implementation details. A few large relays taking the brunt of the vast majority of the network. It isn't an inherently scalable architecture.
Of course you can do other stuff in addition and thereby achieve scalability. At least arguably. But then a relevant explanation needs carefully walk through those additional non-obvious details.
I think "without further implementation details" is the key point here. Client developers usually have these. Sure, Nostr is still small, but there's several clever ways of dealing with scalability issues. Not least of which is the outbox model, linked in my first post.
Your criticisms of the article are valid tho. And I don't think it is unique in its failing. Perhaps Nostr's fatal flaw is in the way it is being sold by its fans, myself included.
But that's OK. It will take off as Bitchat, or Primal, or whatever the next iteration is that figures out a way of selling Nostr's benefits, without confusing people with its implementation.
From the information given in the article, it states categorically that the relays do not ever connect to other relays (which makes you wonder why they even choose to misname them if they're not actually relaying anything).
It then continues saying that clients need to connect to multiple (but not more than a dozen) to be able to receive all content from anywhere. The only inference I can make from that is that a client is responsible to receiving a message from one "relay" and transmitting it to another.
The obvious question then is how does the client know if the other relays already have the message? There are two obvious options:
* The client informs the relay about every new message it receives from every other relay. That means each relay will be informed about each new message from the vast majority of the clients that connect to it, which is obviously going to be expensive. It would also put the burden on clients to remember which relays they've informed, and if they add a new relay, the client would presumably have to replay every message it knows just in case the relay is missing it.
* The other option is that the client has to query the relay for a list of every single message on the relay and only forward on new messages to the relay if the relay says it doesn't have it. This could potentially be even more expensive, and even if the client/relay maintain some kind of shared state, if the client tries another relay, it'd have to re-download the entire list of messages. Even if we're only talking about message IDs, that's a huge amount of data to download.
In any case, if relays will just accept any old message and rely on the clients to check they were signed correctly, then it stands to reason that any relay can be trivially DDoS by bombarding it with junk. The impression the article gives is that relays would never verify the authenticity of a message itself, because that would break their distributed model.
The article doesn't provide any detail about how its new "relay" solution works. It just stops abruptly after asserting that relays fix everything, with no explanation. This is exactly the reason why I said the article feels like it's cut short.
So, without any hints to its possible implementation, one can only speculate and I personally can't see any way in which this solution would be better than a peer-based solution where "relays" actually relay messages between themselves. It's possible that whatever the author has created is truly innovative and groundbreaking, but they haven't chosen to tell us why in the article.
My suggestion would be to skip it and learn about nostr from other sources. I'm on Nostr since almost the beginning and it's been very exciting to watch. For reference my android client app (Amethyst) is currently directly connected to 390 relays (using the new "outbox model") and it works well, no slow down, no battery drain.
And "Nostr can't be censored" is, of course, a statement identical to "Blockchain solves all consensus problems" and "AI can do anything better than a human."
Nostr is so simple because it handwaves away the fact that everybody seems to use the same small set of relays and there's nothing stopping them from censoring the network. I'm also not aware of any incentives for the relay operators either.
Also, beyond just no positive incentives, there are nontrivial negatives... they're hubs for an entire network, which can be a lot of traffic and bandwidth if peers are sharing anything other than text. That's a potentially significant cost for literally just being a dumb router. The idea of charging for this doesn't make sense... you don't choose a router, it's automatic based on location, so there's no incentive for quality. That ends up being a race to the bottom, which there's no room for arbitrage; prices are driven down to near-zero profit.
Abuse-wise, the model is fundamentally flawed. Economically, the idea kinda works so long as hub traffic is low enough to be swallowed in background noise for whoever manages the hub. Beyond that the model breaks pretty quickly.
You cannot censor Nostr.
Also, check out how zaps work, and relay authentication. You can charge for relays if you want.
But... Outbox model prevents censorship because you push your (cryptographically signed and so impossible to impersonate) messages to multiple relays. To your own preferred relays, as well as to the preferred relays of others who are involved in the conversation, as well as to a couple of global relays for easy discoverability.
These global relays are useful, but are interchangeable and totally replaceable. As soon as you've connected with someone you can retrieve their updates, because you know their preferred relays, and can query them directly.
In this way Nostr has the benefits of centralised networks for discoverability, federated networks for communities, and private individual web site for p2p and archival purposes. As well as making it impossible to censor.
And if you take down THE ENTIRE INTERNET in order to censor Nostr? Well, Bitchat is Nostr via Bluetooth Mesh Networks. Do a quick search and find out where and when it has been used (Nepal, Indonesia, and elsewhere)
And as for zaps fixing the economic problem, I'm not sure what else to say other than you can give and receive value directly using the Lightning Network. It is seamless in most Nostr clients, and built into the Nostr protocol. If you don't believe in Value For Value (v4v) then you can just charge a fee, and the economics problem is solved.
[0] https://eprint.iacr.org/2025/1459
That is a good paper, the leaks are mentioned the app Damus (notes browser) which wasn't really much worried about verifying the authenticity of the notes. The details: https://crypto-sec-n.github.io/
These are apps developed on free time and made available for free so these issues are bound to exist and be repaired.
A government could make it illegal to run or connect to nodes. It could DPI traffic in and out of the country, and block known nostr relays. Or it could just mandate that smartphone manufacturers block it, which would take out a large fraction of potential users.
(How does nostr avoid hosting known CSAM? Because that is the one thing that law enforcement will definitely come after)
Sure you can. A relay operator absolutely can censor what goes through their relay. More to the point, you cant even prove that such censorship has occurred.
Nostr is censorship resistant in that you can publish to multiple relays, but that is far from censorship-proof.
It also seems like this is sort of reinventing email.
It is "kind of" like reinventing email with PGP. Main difference is that you can choose to send the message in plain text with a cryptographic signature that proves it was sent from you or full encrypted like PGP.
There is still (in my opinion) a disadvantage when compared to PGP: key rotation. Once you create a key pair in NOSTR it is your identity forever, whereas in PGP you have mechanisms to declare a key obsolete and generate a new one.
In overall PGP failed over the last 30 years, sharing public keys with other people was always the biggest difficulty for real adoption. With NOSTR this process is kind of solved but we are yet to see about adoption.
and yes, one of the hardest parts of this domain is the implementation of the web of trust (key management).
The innovative concept is that npub/nsec along with sending notes is trivially simple. The content does not need to encrypted, there is a huge value on publishing clear text messages that are crypto-verifiable. You also didn't had this feature on groove and others. I'd argue that NOSTR has indeed pioneered them into mainstream.
You could say that if Nostr was successful but it isn't. Nostr has <1% the DAU of Bluesky.
Over time I realized that residential IP blocks were banned on most servers. I moved my email server to a VPS. No luck. I quickly understood that self-hosting email was a lost cause. Nevertheless, I have been fighting back out of pure spite, obstinacy, and activism. In other words, because it was the right thing to do.
But my emails are just not delivered anymore. I might as well not have an email server.
(After self-hosting my email for twenty-three years I have thrown in the towel, Carlos Fenollosa, 2022)"
From the article, quoting this other article
https://cfenollosa.com/blog/after-self-hosting-my-email-for-...
Using NIP-65 (https://github.com/nostr-protocol/nips/blob/master/65.md) you can broadcast a note to the network to mention your preferred relays.
Most clients fetch that note when you first sign in and make sure you connect to your preferred relays
As I have said in other replies to this post, read up on the outbox model. Global relays are useful, but are interchangeable and totally replaceable. As soon as you've connected with someone you can retrieve their updates, because you know their preferred relays, and can query them directly.
And there are incentives to running a global or community relay. Read up on Zaps. With Nostr, you can give real value via the lightning network, and it is built into the protocol. This allows you to charge for usage if you so desire. And then there's all the other reasons why people run community web sites or global services.
Should likely be called a "database server" since it's main purpose is to host user data and perform queries over it. A relay is something connecting two devices and makes a best effort to get out of their way.
Nevertheless: NOSTR is the most exciting social network that I've seen in the past 20 years. The concept of owning the keys without a blockchain associated enables not just decentralization, it also permits a complete offline functioning to login, view private messages and so much more that isn't possible from any other popular social network predecessor.
NOSTR "accounts" are meant to trivially generated and used outside the context of micro-blogging. That is the reason for being popular, the npub becomes a signature that validates texts and there is value in that.
AT always feels like mastodon meets RSS with US-centric political moderation on top.
* https://stream.place
* https://tangled.org
* https://www.germnetwork.com/
* https://slices.network/
* https://smokesignal.events/
* https://www.graze.social/
This is something you opt-in to. Two concepts, labels and moderation policy.
You subscribe to "labelers" which will apply labels to posts. You can subscribe to many labelers. Some labelers will be generic or some will be focused on a certain idea/niche. You might have a labeler focusing on nsfw content or another for human vs ai content. Or one who just tags spiders. Labels can be anything, and are stand alone data objects in the atproto ecosystem.
Your moderation policy is up to you, on how to handle those above labels. You can decide to allow, warn, or block for each label applied by your labelers. Warn shows a content warning you must click through first to see.
Bsky does have a default labeler and moderation settings when you sign up, which you might be experiencing.
Original Author posts a kind:1 note with a question
A bot sends a kind:1985 note (NIP-32 https://github.com/nostr-protocol/nips/blob/master/32.md) that labels the content.
It can be done by the author (self-label), by an app, or by third parties (moderators/curators), depending on the trust model.
Other clients can decide to use that classification/label
--
For moderation purposes. If the behavior is closer to abuse (spam, scams, harassment...), use NIP-56 (Reporting). Reporting harmful/should-be-moderated content.
Will put on the list for a deeper review.
> N^2 scaling: if every fed has to talk to every other fed to exchange messages, the number of connections will scale exponentially
No. That's quadratic growth, which is a fairly mild form of polynomial growth, which is much much much slower than exponential growth.
But yes i agree its really sloppy for them to say exponential. I'd actually call it linear since what matters (mostly) is how many connections each node has to do, not the total number of connections in the system.
Nonetheless imagine if email worked by making a connection to every computer in the world to check if they had mail for you. It would obviously not work.
1. Content discovery
2. Spam
3. Content moderation
I can see relays offering unique solutions to each one. But now they are more than just dumb servers.
You get to the point where you might as well just write posts locally then submit them to X, Facebook, etc. You get the same result. And if you include a cryptographic signature with each post, you can prove you are the same person across the different platforms.
Boom. Same as Nostr, but with existing platforms
NOSTR was a response to the situation where virtually all other social media platforms could basically block your identity and delete all your posts. There is no such drastic possibility at this platform. Sure enough that relays might refuse to receive messages from a user and delete notes from their servers but they will never be capable of silencing that user and he can continue sending his (verifiable) messages to any other relays out there in the internet. Followers of that person will continue to read his texts without disturbance, which is quite relevant when not long ago you'd see large groups of people de-platformed when refusing to inject toxic substances on their bodies.
It is a world of difference between centralized/federated platforms to NOSTR where your freedom to write messages as yourself can never be taken away.
Spam is basically a solved issue. There's both proof of work and paid relays, not to mention web or trust. It has been at absolute worst a minor annoyance.
There's plenty of ways to discover content on Nostr, from hashtags to channels to location based chats to just following some interesting people. It's perhaps not as frictionless as X, but imho that's a feature not a bug.
This is easy to say when there is little adoption and attackers don’t care about the network. It doesn’t mean it’ll remain true if that changes. Proof of work is much less effective when people are willing to use botnets and paid relays complicate life for regular users so there’s a cap on how aggressively that can be used.
This is especially challenging in the social space where people are accustomed to not paying and you have significant network effects from anyone being able to sign up for free. Bitcoin’s transaction fees are one of the major reasons why it failed as a currency and that has orders of magnitude fewer messages.
Nostr relays are like Discord "servers" if they were actually servers you could deploy yourself and each client had a cryptographic identity and was used in DMs. You can have the same UI to interact with them all. But they are disjoint. You can interact with people in the channels as long as you subscribe to the same "relay" etc.
Also you keep bringing up Lightning as if it is successful but it is not. It failed in every way. Its model simply does not make sense unless you are a node that receives as much as it sends or sends as much as it receives. You know this yourself if you are a Lightning user. Bitcoin is cool, crypto is cool, even Nostr is cool but some of your statements are conflicting with each other and they aren't making great points.
I tried Nostr but like a lot of people here have been saying, it falls short in many ways due to the way it is structured. Relays are not really relays, they are more but also less. They are like community servers. Sure you can connect to many, have the same UI, but they are still disjoint and feels lonely.
You keep saying you can sign your messages and there is value there to people who are saying it is censorable in the ways they described.
This is not a personal thing, I want to like Nostr and I tried using it. I can and would probably get some use out of using it as a pubsub or message delivery infrastructure for two things I want to connect but what if the relay goes down? It is like a centralized pubsub messagebox thing. But can't even do that fully.
That other guy that said it is just like writing a message, signing it, posting it on X, Facebook, YouTube and BlueSky. People who follow those places can see it. There needs to be some sort of relay to relay communication (actual relaying) that needs to go on. And that wouldn't scale, even if it would work for now.
Protocol itself is simple and nice to have. Could be cool as a transport. The concept is uniquely situated too but using it the way it initially came out as feels like trying to shove a square into a circular hole.
But it's kinda a solved problem (not through PoW) but through Web of Trust and not having algorithms. You see what the people/communities you follow post.
> I tried Nostr but like a lot of people here have been saying, it falls short in many ways due to the way it is structured. Relays are not really relays, they are more but also less. They are like community servers. Sure you can connect to many, have the same UI, but they are still disjoint and feels lonely.
I'd like to know more. Imho the fact that relays are dumb is a feature.
> You keep saying you can sign your messages and there is value there to people who are saying it is censorable in the ways they described.
All messages are signed. There is no way NOT to sign a message. This comes with the advantage that you don't need to trust the relays/pipes where messages go through which is an immense benefit
> This is not a personal thing, I want to like Nostr and I tried using it. I can and would probably get some use out of using it as a pubsub or message delivery infrastructure for two things I want to connect but what if the relay goes down? It is like a centralized pubsub messagebox thing. But can't even do that fully.
Relays go down all the time. There was an experiment where a major relay (Damus) just deleted the entire dataset. People barely noticed. And as any client (not just the author) and other relays can re-broadcast events the relay eventually recovers.
> There needs to be some sort of relay to relay communication (actual relaying) that needs to go on. And that wouldn't scale, even if it would work for now.
There are three mechanisms that do that:
- clients posts to multiple relays - clients/followers can rebroadcast notes (to other relays) - quite a few relays are syncing (negentropy sync)
Every large relay has the same problem
Read about the outbox model, or Bitchat.
The large relays are not required. They are a public service but not essential. There are plenty of community relays charging for access too, and the outbox model means you're not even depending on them. Nostr can and does successfully operate via even Bluetooth Mesh Networks. Search up Bitchat and see how it has been used in Nepal, Indonesia, and elsewhere.
Your followers fetch the note from your relays. You tell the network where they can find your notes (self hosted relay) and their client will take the effort to find your content
Compare this with Mastodon, where your favourite server can decide to exclude other servers, so if A decides that X is toxic, you will never see X as long as you use A.
Unless by spam you mean denial of service attacks. Which should probably be a point of its own anyway. It's the main killer of the decentralized internet currently.
Maybe like... the author thought a nostr is similar to, I dunno, a pack or tribe or something?
(Whether the author is convincing on the other hand...)
Or if you really care about the crypto piece, then freenet.
All the "downsides" of a superpeer (as the article says - "centralisation with extra steps") but without the benefit of dynamic peering thereby resulting in incomplete routing.
i.e. by its nature Nostr results in a fragmented network, which ends up looking very much like the federated network, albeit more interconnected.
Thats not necessarily a bad thing, but its a bit of a confused article, IMHO.
Users you follow can also advertise relays behind the scenes, so it's more probable that, if you follow a coherent set of users, you will converge on a coherent subset of relays that doesn't really feel fragmented.
It's crazy that some functionality on e.g. the IRS website requires me to verify my identity using a private company (ID.me).
For all the faults of current Fediverse software implementations, it at least gives more options than nostr. If you don't care about controlling your own identity, you can use someone else's server. Nostr doesn't give you that, it's all or nothing.
Passports have had keys in them for a while now (so-called "e-passports")
Private companies are bad enough, but at least they won't declare you an undesirable for your political beliefs or religion or ethnicity or gender identity or sexual preference or whatever and shoot you in the head over it.
Except where governments and private companies collaborate, which of course happens (looking at you literally every American social media platform.)
Many EU countries have existing e-signature rails completely independent from physical ID cards, which only have to conform to ICAO document verification standards (and these are intentionally not usable in an e-signature context).
All of this is currently pretty messy and there's only limited practical cross-country acceptance of eIDAS signatures, but is supposed to get unified under the banner of EUDI (EU Digital Identity) "wallets".
but no one understands it, including the people who need to issue new signing keys.
it didn't get anywhere really. it was just a good opportunity for a lot of taxpayer money to... "lose its taxpayer money nature" (actual phrase by an actual politician when cornered by questions).
and now they are "moving on" to an app that must be installed on your phone to access more and more services.
ID2030 is roaring on worldwide... soon mandatory iris scans, vaccine implants, and who knows when they will try to roll out mandatory brain implants against thought crimes.
the more i think about the sign of the beast (as an atheist), the more sense it makes.
A wallet is easier to lose than a bank vault, but it also holds less money for the same reason. Crypto keys can be designed the same way, with high importance keys managed by safer means like m of n schemes mixed with traditional "hard" storage in geographically distributed safe deposit boxes or whatever, while less important keys can be treated in a more relaxed fashion.
Your local locksmith would beg to differ.
yes because if you lose your house keys you don't lose your property, precisely because there is an entire legal and governmental apparatus securing it, the exact thing the crypto people first try get rid off and then reinvent (shoddily) when they inevitably discover that nobody wants to live in the jungle
So i think there are viable solutions here. It mostly just means having an app to manage the keys for you.
The opposite is the case: WhatsApp and Signal manage the keys for them, mostly in the background (unless you actively verify identities).
You can try it yourself: Turn off your phone, ask a friend to send you a message, throw your phone into a volcano, reactivate your account on a new phone without entering any secret keys. You'll still receive the message.
I personally think that most of Signal's and even WhatsApp's tradeoffs are reasonable for a product with an adaption of hundreds of millions, but it's decidedly not cryptographic self-custody.
Nostr's whole shtick is about "users owning their keys". If I can not change the keys used on WhatsApp or Signal, I do not own them. They are not in the same class, so the comparison is moot.
People also take care of their house keys and their wallets, but If I lose the keys to my house, it isn't automatically taken over by squatters and if I lose my ID card I can issue a new one quickly.
What happens if you lose the cryptographic key to your nostr account? Who do you call for help?
What happens when the key is lost, and the consequences like "lose all your money" or "lose your account access" are non-starters, as someone who owns a hardware key for my email account
Multi-sig wallets are even more complicated and not for normies
It is the same problem.
It's not the same problem
sneak’s law: “Users can not and will not securely manage key material.”
This is NNTP.
"Nostr doesn't subscribe to political ideals of "free speech" — it simply recognizes that different people have different morals and preferences and each server, being privately owned, can follow their own criteria for rejecting content as they please and users are free to choose what to read and from where."
Their statement underlines the fact that nostr is a stream of dirty sewage and they want users to submit their valuable user-created content into this sewage. Then they turn around and say that the sewage is not a problem because you can filter it and even use it as drinking water later on!
I don't see how a person with real-life social rank and social capital will sign up to something like this, or be willing to maintain a technical interface to the "stream of different morals".
You'd need to put immense trust into the "filtering" process so that you are not involuntarily exposed to rubbish. And on the other hand your valuable user-generated content could be showing up in another context with your name attached, directly next to some extremely degenerate trash created by "people with different morals" as nostr calls it. Advertisers have big problems when their brands are advertised next to problematic topics, it is the same with people.
How can you rationalize this as a good value proposition? People want to impress an audience with their user-generated content. And you only want to impress someone you look up to.
If I could sign up to a social network of people who can put a nail into the wall, take a daily shower, brush their teeth, and live in a democratic country I would immediately do so. If I want to get exposed to "different morals" I just open any of the other existing social networks. Until then I'm stuck here :P
Doesn't this same line of thinking apply to the Internet as a whole? Couldn't your question of "Why would anyone use Nostr?" equally be asked for "Why would anyone use a web browser?"
A relay is a stream of stuff you then have to filter
It's really like apples and oranges, web pages or blog sites is probably a better thing to ask about than web browsers
A relay is more like page updates across all of the internet being event streamed
> showing up in another context with your name attached, directly next to some extremely degenerate trash
Check out police bodycam footage on youtube for real world examples of exactly this.
I think their audience for that page is people who want to implement those filters. It's not like you can log into nostr and start browsing any more than you can log into https and start browsing.
I don't appreciate the content either but a protocol that doesn't create high value targets for corruption (e.g. certificate authorities) is useful independent of the regrettable vibes that its fan club has. You're not going to catch their cooties if your public key is database-adjacent to someone else's.
To give an example on how I think moderation should work. If I follow you and you follow me on some nonexistent platform Y. You see the content I upvote, and I can see the content you upvote. So we'd start with block all by default, with transparency of why something is in one's list.
I pitched a P2P platform like this years ago to NLNet (taking heavy inspiration from I2P's Syndie app, minus the funky UX), though I didn't manage to get any funding due to missing clout as a public developer; to lead such an effort.
DoS on the infra is a different question, though.
in fact, the further mainstream social networks evolve, the more social rank it started to bring not to be there, and/or having been booted. it's early on this path, but i started to notice the signs.
My experience on the internet does not reflect this, this is a very pessimistic view of people, bordering on perl-clutching.
Most raw user generated feeds are not great sure, but it’s mostly mediocre jokes and mildly provocative takes from bored trolls, and that’s usually a loud minority. Most people either lurk or make a modest effort now and then, particularly in niche communities like this where most people aware of it will already be fairly deeply immersed in tech. People have better things to do than to constantly be aggressively offensive, I imagine it gets old fast, and you really need to go out of your way to write something that legitimately hurts an adult.
Sure of course there are corners that are cesspits of hate, but they tend to band together and it is quite hard to bump into them accidentally. And when you do, you just feel slightly disgusted for a second, turn back and forget about it.
Some moderation is critical, but it usually needs to only be enforced for a few bad apples, most people act with decency and common sense, even when anonymous. And yes including people with lesser means and/or from shitty countries. People from different cultures are mostly the same when you peal away superficial customs, and I find much more in common with someone of my age with similar interests from the other side of the world, than with a grumpy old neighbor frankly. At least that’s my experience.
The problem with reddit's panopticon moderation, with its ill defined, nebulously (and now AI) enforcement of sitewide policies, ends up repressing a negative behavior rather than refuting it, and, when people move to a similar off-reddit site, they are itching to start taking part in discourse they weren't allowed to before.
The end result is that people who are used to policing their own speech to avoid the panopticon rather than because it's the right thing to do eventually lose that moral code that was previously shaped by discourse and pushback from their peers rather than anonymous opaque moderation.
Usually if you violate social norms people just push you out of the group and not bother explaining it to you. Not always, but usually. Yes if it is so bad it gets violent or something you will find out for sure why, but if you just show up to a friend function and start spouting off about gassing the jews or something most likely people just won't invite you back and never explain why.
Actually finding out why you were violating social norms I've found is mainly found either on the internet or from your parents when young. Hardly anyone in real life is going to bother telling you why, especially when some people are liable to act violently and there is no upside to them for bothering to explain it to you.
I think the point is that "opening all other existing social networks" to get a rounded point of view has immense friction, especially in an enshittified world. Even with supposedly non-enshittified solutions like Mastodon, for example, you have to subscribe with different users to distinct instances that allow only a subset of the network and manage that for you. They can alter their banlist behind your back, for starters, so you have to manage that as well.
The proposal of Nostr is that you can follow as many relays as you want, in the same app, with the same user. Compare to having separate accounts for Facebook, X, Threads, Instagram, Telegram, TikTok, YouTube, <woke-friendly Mastodon instance> and <reactionary-friendly Mastodon instance>.
I think the blogosphere is the most succesful distributed social network. People just dont like viewing it that way.
it's only the storage infra, though. but it stores content, nodes, and messages in the same DHT.
A step in the right direction for sure! But I don't feel like Nostr is the final target that nature is shooting for here.
That said - maybe (total hypothetical) the reason one relay becomes really big is because a lot of people think it provides really good service, and maybe it's difficult to convince the majority of the network to route around it. This would create a similar problem to what we see in more well established federated chat networks.
Same thing over and over again.
Nostr is a very simple protocol that could have been invented in essence in 1995. There's a reason it wasn't invented until recently, because it's difficult to build robust protocols with good guarantees about discoverability and reliability with a foundation that is as limited as it is.
You post to your own preferred relays, as well as to the preferred relays of others who are involved in the conversation, as well as to a couple of global relays for easy discoverability.
These global relays are useful, but are interchangeable and totally replaceable. As soon as you've connected with someone you can retrieve their updates, because you know their preferred relays, and can query them directly.
Everyone can announce to the network where they read/write from. Clients can figure out (based on the people you follow) from which relays to get the content.
I've been using it like this for nearly a year. It works
- how well does such an ecosystem resist enshittification? Given some of the other comments, Nostr itself would not. However, is that true for every relay networks?
- does the Willow protocol have the same basic constraints? I know willow works with user-owned keys, but can it also organize as something similar to relays?
- local-first apps organized this way would be an interesting ecosystem
- how well would this work with keyhive? (Local first access control)
Activists, in this case, are people with a social mission that they deem it's more important than any other considerations: they think ideology K is dangerous and they are trying to prevent as many as possible recipients to be exposed to it. They will report you on Threads or Facebook to ban you, if you speak in favor of K. They will send e-mails to your employer. They will even send bomb threats to venues where you gather to celebrate K. If they are moderators, they will not only ban you if mention K in a positive light, but they will try to avoid other people from hearing K-speech as well. If they run a Mastodon instance, for example, they will have a ban list of other instances that are K-friendly, and they will make sure that, if you are using their instance, you can't see any posts about K. If you're curious about K, now you have to do the inconvenient dance of switching between two instances that in theory should be federated, but in practice are two different networks that don't speak with each other. This is good for activists, but bad for you, if you don't want to take sides on a culture war you don't really care about.
A relay-based architecture makes the work of activists a bit less relevant: they can still run their instance and ban every mention of K, of course, but now you can subscribe to their instance AND another instance that doesn't ban people who speak fondly of K, and they can't limit or control that in any way. In theory (and everything is a bit theoretical at the moment), relays that heavily censor certain topics are less preferable to a generic public than relays that don't do that, so activist moderators will pay their effort to shape discourse with less participation from users. Of course, if relays ban something universally considered bad, such as spam, they will have more success than if they ban some heavily divisive point of view that 50% of the public shares. In theory, these controversial actors can even advertise friendly relays without you knowing, and your client can decide to follow them transparently (the intent is "I want content from this user", the behaviour is "follow relays they advertise behind the scenes"). Of course they have to do that before they're banned, but the point is that, for every activist relay that tries to remove K from public discourse, there will always be one or more generalist or counter-activist relay that welcomes K, and you can choose to follow both at the same time, with the same client and the same identity, and nobody can do a damn thing about it.
> Of course, if relays ban something universally considered bad, such as spam, they will have more success than if they ban some heavily divisive point of view that 50% of the public shares.
You can add CSAM to that. Also, legality always trumps any other consideration: if you're doing something illegal in your country, you should expect your country's police force to come and get you, there's obviously no relay architecture that can prevent that.
My point applies more to situations where K is not illegal, but heavily divisive.
Disagree though, people manage keys just fine, or they can be thought.
But even if there are people in the world that never get it, it could be outsourced to a central identity provider that manages your key and messages. For the end user they would have a user/password combo they can reset.
If the network becomes more popular someone will definitely build something like that.
The technical capabilities (remote signers, bunkers, ...) already exist
On the other hand, what're the economic incentive to run relays? If there are economies of scale, we swiftly go back to the oligarchic model.
Sounds like REST. The original REST, not the botched CRUD that companies pushed for.
https://roy.gbiv.com/pubs/dissertation/fielding_dissertation...
> The combination of layered system and uniform interface constraints induces architectural properties similar to those of the uniform pipe-and-filter style.
See also Figure 5-8.
The dissertation is all about deriving that network style.
I refered to a specific quote and figure in the dissertation.
Otherwise, I'm afraid we're comparing it with something else.
It is inefficient, but the inefficiency seems to lie at some fundamental problem with p2p. Centralized systems need to do the same synchronization, but between fewer actors, and may outsource some of the verification for an exponential increase in speed.
FTFY
FUD. I and many others on HN run our own email servers with essentially no delivery problems.
I’ve never sent any kind of bulk email and I suppose my host has a good IP. Everything I do depends critically on email deliverability, often to addresses I’ve never sent to before, so if I had a problem I would certainly know about it.
And what they’re about to become is going to be something more like political yard signs.