WingNews logo WingNews GitHub [2]
top | item 33746360

Nostr is a stupid simple P2P protocol that works, built by builders

248 points| kdragon | 3 years ago | reply

I have been seeing a lot of shilling for mastodon lately, so I thought I would step in and shill Nostr for a bit.

https://github.com/nostr-protocol/nostr

Fun facts about Nostr:

* Nostr stands for "Notes and Other Stuff Transmitted by Relays". It is an odd acronym, but I like it.

* Nostr uses websockets and relays to build a really simple P2P network. We also steal a few ideas from bitcoin (ECDSA ids, schnorr-signed events).

* Relays are simply dumb data stores for events that clients publish and subscribe to.

* Clients don't trust relays to be honest, so all events are self-signed. Your pubkey is your userid.

* It is stupid simple to build a Nostr client. You can easily do it in less than 400 lines of JavaScript. And it runs in the browser.

(shameless self plug) https://github.com/cmdruid/nostr-emitter

* Nostr is powerful enough to host chat apps very easily. Here is a rip of Telegram, running on Nostr:

https://anigma.io

* There's a lot of fun things you can do with Nostr. Check out all these cool projects!

https://github.com/aljazceru/awesome-nostr

* We are constantly discussing how to improve the protocol. Come join the conversation here:

https://t.me/nostr_protocol https://anigma.io https://damus.io https://github.com/nostr-protocol/nips

Thank you for reading my nostr shill post. I did not create nostr, nor do I get any monies for promotion. I just think it's really cool and I have a lot of fun building stuff that punches though nats.

If you have any questions about nostr please feel free to ask.

Also, Happy Thanksgiving to everyone! I hope we're all feeling fat and sassy today. :-D

128 comments

order
[+] egypturnash|3 years ago|reply
So how does nostr propose to solve the problem where there is, in fact, quite a lot of content that you want to filter out, whether because it makes for a better experience for the people using this protocol to talk to each other, or because there are some pretty solid laws about things that various governments require people to filter out?

https://abovethelaw.com/2022/11/hey-elon-let-me-help-you-spe... is a pretty decent rundown of a mix of these things; it is specifically pointed at Elon Musk's decision to buy Twitter and make it a haven for "free speech" but it is a glimpse at what is in the future for anyone setting up a "free speech" platform.

My experience as someone who has been running a Mastodon server since 2017 is that while "we are all for FREE SPEECH, we only block what the government ABSOLUTELY requires us to block!" sounds noble, in practice nodes of the Fediverse that say this become havens for people who are only there to be assholes to other people, and any sane admin will sigh and block the whole server, because it's just going to be a continual source of rude nasty bullshit.

[+] imiric|3 years ago|reply
That's a great article, and balancing free speech with censorship is a difficult problem. But it becomes a constant headache only on centralized platforms, where no amount of resources can realistically monitor and filter all content. This scales in complexity as the platform grows, which is the goal of any centralized service. And if the business model depends on advertising, it becomes even messier and crucial to its existence.

P2P services OTOH work on a decentralized and pull model. Users share and only subscribe to the content they're interested in. Censorship is distributed, and it's a problem for people who don't wish to see specific content. It's the way the internet works, and the existing approach of removing sensitive content applies to P2P services as well. Since there are no advertisers to appease, it's not an existential problem.

[+] Cameri|3 years ago|reply
Nostr lets you specify who and what you subscribe to, so unless you subscribe to everything and everyone this isn't really a problem. You can also subscribe to followers' followers and expand that way.
[+] fiatjaf|3 years ago|reply
Unlike what OP says Nostr relays are not dumb, they can have their own policies and to me they look like a better version of Mastodon servers. They can have identities, "themes" and policies as they wish. On Nostr it's totally fine for one relay to only allow certain kinds of content and block everything else. Users can just connect to multiple relays if they want to read/write about different things.
[+] jonstaab|3 years ago|reply
Relays can censor as much as they want, since they're only stewrding a small part of the network, likely replicated elsewhere. As to building in ways to curate/moderate content in a distributed way, there are lots of ideas out there as to how that might happen. Here's an issue I opened just the other day: https://github.com/nostr-protocol/nips/issues/75
[+] kdragon|3 years ago|reply
Yes this is the crux of any social media application. I don't know if there will ever be a perfect solution.

I like that nostr abstracts this problem away from the relays. Relays only focus on storing data and handling subscriptions. They can choose to censor and/or curate content if need be, but it's not their concern.

It's up to the client to come up with a solution, and that client can be a platform or a protocol of its own.

edit it also feels really great to work on that problem from the application layer. I can come up with a solution that isn't confined to the parent protocol.

[+] barnabee|3 years ago|reply
I'd like such a protocol to be designed so servers, relays, etc. are unable to censor content at the protocol level (if someone creates it, it is available) and the filtering is done on the client side.

Commonly filtered things (account block lists, post flag lists, filter rules, etc.) could be shared via the same system — indeed there could even be competing versions and everyone could follow their preferred filter source.

Users would also likely run statistical and machine learning based spam and content filters locally (perhaps on a personal relay/server of some sort, or an account on a shared one) configured to their preferences.

I would expect the infrastructure running such a network to be in the same position as Signal, who do not know the content of messages and can't censor them, leaving individual clients to figure out blocking etc. (albeit the client side options as well as ways to share configurations etc. would need to be much more advanced for a social network or similar than for a messaing app).

[+] assetlabel|3 years ago|reply
Just mute them. Or just follow who you follow with no suggestions of other people. Or relays can have a censorship policy based on the law or community standards or anything else they want... and the people will use whatever relays work for them (typically multiple relays to follow multiple crowds). Some people want censorship, some don't, the protocol is totally agnostic on this point.
[+] ekianjo|3 years ago|reply
> r because there are some pretty solid laws about things that various governments require people to filter out?

There are solid laws protecting copyright everywhere yet it is stilm trivially easy to find copyrighted content available for free online. Laws dont mean anything unless they are or can be enforced.

[+] anon291|3 years ago|reply

[deleted]

[+] olah_1|3 years ago|reply
I'm beginning to think that ActivityPub will never add anti-censorship features into the core protocol (for example, independent IDs that don't live on a relay server). Because I spoke with a core developer on ActivityPub stuff a couple of years ago about the issue of servers going offline and losing your account and he said that he was working on it.

But I wouldn't be surprised if he was discouraged from continuing this work because ultimately people like ActivityPub because server admins can be little dictators that censor and ban at will.

[+] StillBored|3 years ago|reply
A huge advantage to many large projects is separations of concerns, particularly in the case of protocol (or API/etc) vs policy.

From the sounds of it, you have the protocol but not the policy. Which is by itself huge that they are separate, but now the clients (?) needs flexible policy, no? Otherwise its just going to turn into a billion people all talking in the same room, or your going to have a ton of tiny rooms with no activity. The discoverability of interesting rooms will be difficult. Its sorta the IRC problem in a nutshell (or discord/etc). Balancing the noise, vs the quiet is the difficult part (AFAIK).

[+] leke|3 years ago|reply
Still trying to understand how it all works but maybe there could be some agreed way of creating rooms, like naming them after sub Reddits.
[+] bawolff|3 years ago|reply
So reading the github page this sounds basically like a variation on RSS.

There are a number of web servers that host content (either for free or for money) [called relays].

Clients download recent posts

Identity is based on public key, allowing users more control and the ability to easily change relays.

So is RSS + pubkey based identity the right way to think about this?

[+] klabb3|3 years ago|reply
Not saying this is the future, but something like it is. All of the core decisions here are solid (pub key identities, signed events, dumb relays).

There are still features that many apps will need such as tying multiple devices to an identity, abuse prevention for relay operators, etc.

[+] procrastitron|3 years ago|reply
“All of the core decisions here are solid (pub key identities…”

I agree, except for the bit about public keys as identities.

I think public key identities are a step in the right direction, but there’s still a gap between that and what the ultimate solution is going to wind up being.

We need to have some layer of indirection between user identities and public keys so that users can do things like rotate keys, have multiple keys, and recover their identities.

I don’t know what the right solution to that is; I think it’s an open problem and probably one of the most important ones to solve. Keybase probably came closest to a good solution, but it wasn’t decentralized.

[+] chromatin|3 years ago|reply
A couple of ideas that have been tossed around for relay abuse prevention:

- Proof of work: computing some hash, which is not enough to be onerous but enough to reduce spam

- micropayment over Bitcoin lightning network

[+] chromatin|3 years ago|reply
Link to nostr NIPs (nostr improvement proposals): https://github.com/nostr-protocol/nips/blob/master/README.md

One of the neat things about nostr is that while it has already been used to build a decentralized Twitter like social network, the protocol could also be used to build encrypted P2P chat, traditional discussion forum, alerting/push style notifications, and numerous other applications.

[+] remram|3 years ago|reply
Might be worth going with "enhancement proposal" instead so you don't call your governance documents "nips".
[+] ilaksh|3 years ago|reply
If everything goes through relays then is it really P2P? Why not even try to have a direct connection of any sort, such as WebRTC?
[+] kdragon|3 years ago|reply
You can argue that it is not true P2P, since you rely on a public-facing intermediary.

A lot of p2p protocols cheat with relays, it is really hard to traverse nats otherwise.

Nostr can be used for peer discovery to bootstrap a direct p2p connection.

You could also use a client/relay hybrid application, similar to other p2p networks. That would be fun to build. :-)

[+] nine_k|3 years ago|reply
Is email p2p? Can you configure multiple relays like MX records for email? Can a receiver be its own relay?

Relays are important for two reasons: peer discovery and communicating when one of the parties is offline. Same as with other p2p networks.

[+] rgbrgb|3 years ago|reply
Cool! How do you discover users to follow on nostr?
[+] kdragon|3 years ago|reply
Great question! Relays aren't involved in curation or discovery, so it fall on the client.

You can request very broad subscriptions from relays! For example, here is a site that subscribes to everything, showing you a gods-eye view of events streaming into a relay:

https://nostr.info/relays

Events have different "kinds", so you can filter this based on the type of traffic you are looking for (like public posts or user profiles).

Platforms like damus.io are more user-friendly, and offer better tools for discovering users and content.

You can subscribe to a user's feed via their pubkey, so discovery methods typically revolve around learning pub keys.

[+] fiatjaf|3 years ago|reply
How do you discover users to follow on Twitter?

I doubt anyone has ever been successful into signing up on any social platform and just followed the big names that are suggested automatically at the beginning or based on some "key interests" you select.

But hey, if you want that, it's easy for a third-party website to grab a ton of public Nostr data and build custom recommendation lists and whatnot.

[+] stonogo|3 years ago|reply
What does "built by builders" mean?
[+] ffggffggj|3 years ago|reply
Crypto people talk like this to distinguish real projects from ones that were purchased off the shelf and launched by marketers/hustlers. I’m guessing the guy who wrote this is a crypto person who doesn’t realize the slang is so local.
[+] jasonlotito|3 years ago|reply
shill: One who poses as a satisfied customer or an enthusiastic gambler to dupe bystanders into participating in a swindle.

It's not shilling. It's recommending. Shilling is a bad thing. It's a simple thing.

[+] kdragon|3 years ago|reply
I was being a bit dramatic with my choice of words but you are absolutely right :-D
[+] eps|3 years ago|reply
> A relay doesn't talk to another relay, only directly to users.

Can you elaborate on this point? It would seem that meshing relays would've facilitated the dispersal of updates.

[+] assetlabel|3 years ago|reply
People generally post to 5 or so relays for censorship resistance. If you want to follow them, you need to query at least 1 of those 5 relays.

Nothing in the protocol specifies relay-to-relay communication, but nothing stops them either.

[+] Reventlov|3 years ago|reply
The inability of people to spell Mastodon correctly will always surprise me. Also, isn't « nips » a slang for nipples ?
[+] googlryas|3 years ago|reply
It is, but it also means other things too: nip in the bud, a nip of alcohol, to nip off with something, to nip by, etc.
[+] usgroup|3 years ago|reply
I don’t understand —- this isn’t a P2P protocol since it isn’t peer to peer by definition. And the “relays” don’t even relay anything … a “relay” is a server acting as a Dropbox that you have to query.
[+] yjftsjthsd-h|3 years ago|reply
So, Usenet built out of modern tech? Nice:)
[+] Cameri|3 years ago|reply
Check out more-speech (a Nostr client) being built by Robert C. Martin (Uncle Bob).
[+] huimang|3 years ago|reply
At this point I don't see much point in adopting something that doesn't support ActivityPub. I'd rather just use Mastodon/Pleroma/Akkoma with some heavy blocklists.
[+] remram|3 years ago|reply
I've been looking at alternative implementations since I don't want to run the entire Mastodon app for just myself. The fact that every single ActivityPub implementation runs into so many interoperability issues, such that they have to be fixed to work with each other system one by one, is a sign to me that the protocol is either too complicated or not robust enough (probably both).

There is tremendous value in a much simpler protocol, especially if it can deal with the identity migration issues that Mastodon has faced since day one.

[+] nine_k|3 years ago|reply
A stupid simple message relay protocol can be used for stuff other than social media.

OTOH websockets are hard outside the browser :(

[+] terminal_d|3 years ago|reply
Isn't this just Urbit with extra steps?