I have to repeat my most important concern about Nostr from ~3 months ago[1]: Nostr makes you forward data from strangers unencrypted. If anything unlawful which you forward for Nostr is ever found on your computer, or found transmitted from your computer, you'd have fun time to explain to the authorities how it even ended up on your machine, and why are you disseminating it.
Encryption is not trivially easy to introduce into this scheme, and it can't be too seamless. It's possible though, and I encourage the developers to work on that.
Then I guess I'll have to repeat my top reply to you then.
"Relays can be authenticated. If you don't want your relay to accept data from anyone, don't leave it open. Same with any other Internet protocol."
If you don't want people to host illegal stuff on your server, do not run an open relay, an open FTP server, a social network, or an image host.
If you do, be prepared to have to work hard to keep bad actors at bay.
It's not strictly a NOSTR fault, and there is no reason why YOU need to run a relay.
Your comment is misleading and a little disingenuous: Nostr doesn't make you forward stuff. A client doesn't have to forward anything. It just connects to relays and subscribes to topics. Relay != client.
Authorities are already working together with companies in lots of ways to filter out illegal things, and it doesn’t look like they are putting CEOs for prison as long as they try to filter these things out with the tools available.
What Nostr changes is the backdoor deals that are happening and Elon was showing: FBI, CIA and other governmental organizations censoring politically sensitive, but legal content, which incentivises governments to be more transparent (and of course CSAM will remain illegal, there’s no controversy around it).
I guess what I meant to say, for those who missed out on the good old scuttlebot days, is that encryption is trivial and also you should not be syncing strangers.
People have solved these problems before, and we will solve them again.
To me the entire protocol seems like a slightly shittier reinvention of the fedi approach; centralize what some people would consider hard to decentralize, assume there's enough willing souls to run the centralized technology and pray that you don't end up with one big default who can exclude all the others.
The problem is that you get the Tor exit node problem with this approach - being a relay means becoming the toxic sewage plant of the network in this way. Running a Tor exit node basically means arranging for the authorities to try and bust you down because someone tried to get unencrypted CP over your exit node. (Running between nodes over Tor is marginally safer since you'll only be handling partial requests but still not recommended for much of the same reasons.)
Now, Tor is perfectly functional since some countries have relaxed laws for that sorta thing, but Tors data transfer is also transient - an exit node does not store anything long-term. Nostr's relays on the other hand need to do long-term data retention. I wonder how long that will last outside of flagship/VC-backed instances.
Not that it is 1:1 equivalent (due to expense and difference in encoding), but blockchains such as bitcoin can be used to store arbitrary data (and have been). Thus far I believe no one has gone to jail for running a cryptocurrency node because of non-financial reasons.
The internet itself is a network of relays that store and forward traffic for other nodes, unencrypted.
With that modern perspective, the internet would be unthinkable.
And, yes, these days you might have to "explain", but even the law says you are clearly not liable for passing other people's traffic. At least until recently, that was the principle. In the US, that's e.g. DMCA §512.
> Resilience is provided by the protocol being simple enough to implement in a weekend, in your language of choice. Platform lock-in is impossible, since any client can republish any note to a different relay if one misbehaves or enacts a disagreeable policy.
That's a wonderful sentiment but we said the same thing about the web and email and both are effectively controlled by large companies.
Twitter is centralized due to being the creation of a single company, but that's not the fundamental problem.
The web and email got effectively centralized because distributed protocols create problems of search, filtering, abuse, identity, community continuity, etc. You can't easily solve them in a distributed way, and even if you _can_, you can't easily get everyone in the network to upgrade. Hence, providers arise that say "We're Nostr, only better!(tm)" or "We're the best way to find what you want on Nostr!" and they work on locking in their customers.
If you want to be resilient to monopolization you have to show how you're going to solve those other problems.
As a crypto-skeptic (lol), I really like Nostr. Unfortunately, I don't think it will catch on until someone takes the time to shave off the sharp technical edges and figure out spam + identity verification. The current Nostr network is full of cult-like bitcoin cryptobros, racist Twitter/Fediverse refugees, and spam. Lots, and lots of spam. But the technology is cool af and could be made into something more.
I’ve switched over to only private and/or paid relays and don’t experience any spam whatsoever. Not that this is the best solution to spam, but it has been effective.
I see a problem. I'd say a majority of the posts on Nostr are media posts (mostly images) and the network relies on Imgur and other image hosting services for all content. Not very decentralized in practice.
> Software for chatting on the Internet should be small and fun.
Small and fun is the magic here. There's immense product insight in building a product experience that feels really small, intimate. It's the counterbalance to the unwieldy scale of Big Tech.
We're in the natural cycle of things, I'm just saying I seem to really get the feeling "the future is small", if that makes sense. It's quite stressful to navigate the entire planet's information and inventory.
Anything Jack is involved in is tainted for me until further notice. I wouldn't even dare to touch any of his new platforms, seeing his connections with Elon and how his judgement failed so spectacularly with the Twitter deal - it's not worth it, just to be sold out again when he gets bored of it or it doesn't end up being a business. At least he admitted to it.
I'm not saying Mastodon is the solution, but at least no one can take it away from me at a whim or has full control over the protocol and the app.
> how his judgement failed so spectacularly with the Twitter deal
A CEO doesn’t approve an acquisition in a publicly traded company. The Board of Directors decide.
> or has full control over the protocol and the app.
Jack does not have any control over the nostr protocol.
He may arguably have some control over one of the iOS client apps (due to him finding the dev), but that’s about it.
I was an organizer of nostrica (nostr’s first conference) last month. Yes, Jack paid for the venue, food & merch but he didn’t ask for anything in return.
He was very humble about the whole thing. More than I thought he would be.
I have played with this a bit lately and my conclusion thus far is: The idea of trying to bind everything to a single private key is such a bad idea for the average person. In order to truly secure a private key you have to go to pretty extraordinary lengths. It is not easy. It is not, "common sense."
Like most of crypto, the basic immutable nature of things is simply bad for humans. Here, your private key is eventually going to get stolen because you have to type in your private key for every login. It creates a phishing/key-logging jackpot. And once the attacker gets you private key there is no recourse. No password reset. No way to regain access. Your accounts are forever compromised. This is the problem with "decentralization" in general. All of the benefits it brings are completely washed away by the mundane daily activities of being human.
Nice (blog author here); just heard this showed up on the frontpage from someone on Nostr.
If I was writing an update to this, I'd probably point out how much better the clients (especially mobile) have gotten, in such a short span of time. As well as how lightning integration (zaps) are letting us build new capabilities (instead of just cloning twitter) that don't exist anywhere else.
Glad its getting traction, it was a fun read and introduced me to something new (tm). One issue I had about 'Zaps' was the 'pay-to-play' aspect which seemed in discord/disharmony with the OG vision of Solving the Right Problems
There is no blockchain. No proprietary social sign-in. No “real-name policy” No distributed hash table, onion routing, raft consensus, or peer-to-peer protocol. There is just a method of providing simple digitally signed text, and a simple, scalable search service.
I mean I get it aaannnndd 54 lines of Spec etc and there is a need for something like you offer/describe and I'm glad to have stumbled across the link that lead to this blog that leads to the GH <phew!>
In a similar vain, I'm curious how Bluesky[0] will pan out. The protocol looks very cool with how much it separates and distributes the different concerns[1] (storage, recommendations, clients, etc.) as opposed to something "federated but fairly monolithic" like Mastodon.
For what it counts, you don't need to deal with Mastodon if you want to use the fediverse. There's plenty of other servers available like Misskey and Pleroma, both of which require far less computer power. The only thing you need on paper is a domain name. Heck - you can even use a WordPress blog since Automattic if you just want to run a blog outbox.
Mastodon itself is a rails beast (lending credence to the tendency for the Fediverse to seem fairly monolithic), but that's hardly necessary. There's many other options out there (as much as the lead dev of Mastodon has been on a spree to try and hide this fact lately).
I wish Nostr were invented 30 years ago because it seems like a elegant protocol with room for extensions that could have served as the backend language for Twitter, IRC, FB, and more. But network effects are just so powerful and people post to be seen. Twitter isn't going to willingly open the door to competitors, and so I hope Nostr can find a few unique use cases and communities to let it blossom.
I.. agree, but I don’t think recreating existing platforms is a good idea either in FOSS or commercial projects. As you say, it’s already there.
> Network effects are just so powerful and people post to be seen.
Yeah, but those people aren’t moving the needle anyway, so they can be safely ignored, for now. They’ll come when it gets popular or trendy (see the recent mastodon influx).
Current gen social media is clearly not the end-all be-all. It’s riddled with problems, both because of the business model which incentivizes short-termism like clickbait, but also inherent problems in the social graph, feeds, etc. We’ve had at least a decade of experience to learn from the mistakes of the giants. Maybe this sounds elitist, but whenever I see a Twitter clone (say current gen Mastodon or Substack Notes) all I see is a lack of creativity and courage to face novel opportunities.
Other than the tech, one big thing that’s kept me away from Nostr is the people on it. I’d rather not have my feed spammed and have Bitcoin maxis endlessly talking about how stacking Bitcoin is great.
What makes social network work is the diverse range of people and it currently doesn’t have that at all.
I'm all for the best solution winning but here's the perspective of a regular end user.
When I read about nostr I see code examples and cryptography charts.
When I read about Mastodon (fediverse) I just run docker-compose up and I'm in business. That is what made the fediverse breakthrough and nostr not.
It needs to be user friendly for both end users and sysadmins for it to catch on.
Also unrelated to all that, I'm kinda skeptical about any system that claims to be resistant to censorship because it will become a hotbed of racists and bigots online. On one hand certain parts of the fediverse take moderation too far, but on the other hand you can't have a platform with zero moderation. It would be chaos.
Intrigued by the protocol, and have been lurking on Damus for some months. But ultimately I worry it has been tainted too much by Bitcoin cultism, and its ties with Bitcoin will prevent it from being trusted by the mainstream.
Between this new tool and https://github.com/simplex-chat/simplex-chat I am starting to feel like (at least from my filter bubble) that the web may be slightly starting to think about maybe someday turning the corner on centralized-by-default model for building new applications.
And/or it's just my first time seeing a complete pendulum swing on the apocryphal mainframe-pc-mainframe-pc cycle.
I've tried using snort.social , dog testing it with the intent of recommanding it, but it's basically unusable. Would someone have a good web interface to recommand?
https://www.nostr.net maintains a list of all known clients. I am a bit partial to astral, though it is resource intensive. You could try coracle, snort, or iris to see if they're more your fancy.
After using Nostr a bit, I don't think there's a huge difference between SSB and it except that Nostr has no blob sync and they abandoned append-only logs and use different signing key cryptography.
Scuttlebutt just suffers from an inaccessible implementation at the moment, but there is a team coming together to make a working implementation again.
Telegram has stuck with me as a red flag. Mostly because Signal, which emerged around the same time, apparently had the better tech and was open. Not sure whether that changed.
That’s pretty subjective. I happen to like astral, though many say it’s too slow for them. I think a lot of people are using coracle, snort.social, and iris. There are a lot of other ones under active development.
[+] [-] nine_k|2 years ago|reply
Encryption is not trivially easy to introduce into this scheme, and it can't be too seamless. It's possible though, and I encourage the developers to work on that.
[1]: https://news.ycombinator.com/item?id=34529931
[+] [-] sph|2 years ago|reply
"Relays can be authenticated. If you don't want your relay to accept data from anyone, don't leave it open. Same with any other Internet protocol."
If you don't want people to host illegal stuff on your server, do not run an open relay, an open FTP server, a social network, or an image host.
If you do, be prepared to have to work hard to keep bad actors at bay.
It's not strictly a NOSTR fault, and there is no reason why YOU need to run a relay.
Your comment is misleading and a little disingenuous: Nostr doesn't make you forward stuff. A client doesn't have to forward anything. It just connects to relays and subscribes to topics. Relay != client.
[+] [-] xiphias2|2 years ago|reply
What Nostr changes is the backdoor deals that are happening and Elon was showing: FBI, CIA and other governmental organizations censoring politically sensitive, but legal content, which incentivises governments to be more transparent (and of course CSAM will remain illegal, there’s no controversy around it).
[+] [-] evbogue|2 years ago|reply
People have solved these problems before, and we will solve them again.
[+] [-] noirscape|2 years ago|reply
The problem is that you get the Tor exit node problem with this approach - being a relay means becoming the toxic sewage plant of the network in this way. Running a Tor exit node basically means arranging for the authorities to try and bust you down because someone tried to get unencrypted CP over your exit node. (Running between nodes over Tor is marginally safer since you'll only be handling partial requests but still not recommended for much of the same reasons.)
Now, Tor is perfectly functional since some countries have relaxed laws for that sorta thing, but Tors data transfer is also transient - an exit node does not store anything long-term. Nostr's relays on the other hand need to do long-term data retention. I wonder how long that will last outside of flagship/VC-backed instances.
[+] [-] beardog|2 years ago|reply
[+] [-] ibz|2 years ago|reply
That can only happen if you are running a Nostr relay. Nostr clients don't forward anything.
[+] [-] rendx|2 years ago|reply
The internet itself is a network of relays that store and forward traffic for other nodes, unencrypted.
With that modern perspective, the internet would be unthinkable.
And, yes, these days you might have to "explain", but even the law says you are clearly not liable for passing other people's traffic. At least until recently, that was the principle. In the US, that's e.g. DMCA §512.
[+] [-] evbogue|2 years ago|reply
Why would you connect to people out of your friend of a friend zone?
An algorithm should decide who you are relaying.
[+] [-] neilk|2 years ago|reply
That's a wonderful sentiment but we said the same thing about the web and email and both are effectively controlled by large companies.
Twitter is centralized due to being the creation of a single company, but that's not the fundamental problem.
The web and email got effectively centralized because distributed protocols create problems of search, filtering, abuse, identity, community continuity, etc. You can't easily solve them in a distributed way, and even if you _can_, you can't easily get everyone in the network to upgrade. Hence, providers arise that say "We're Nostr, only better!(tm)" or "We're the best way to find what you want on Nostr!" and they work on locking in their customers.
If you want to be resilient to monopolization you have to show how you're going to solve those other problems.
[+] [-] packetlost|2 years ago|reply
[+] [-] gonehome|2 years ago|reply
Though I’m biased and just generally like the urbit approach more.
[+] [-] leesalminen|2 years ago|reply
[+] [-] mikae1|2 years ago|reply
[+] [-] apsurd|2 years ago|reply
Small and fun is the magic here. There's immense product insight in building a product experience that feels really small, intimate. It's the counterbalance to the unwieldy scale of Big Tech.
We're in the natural cycle of things, I'm just saying I seem to really get the feeling "the future is small", if that makes sense. It's quite stressful to navigate the entire planet's information and inventory.
[+] [-] meibo|2 years ago|reply
I'm not saying Mastodon is the solution, but at least no one can take it away from me at a whim or has full control over the protocol and the app.
[+] [-] leesalminen|2 years ago|reply
A CEO doesn’t approve an acquisition in a publicly traded company. The Board of Directors decide.
> or has full control over the protocol and the app.
Jack does not have any control over the nostr protocol.
He may arguably have some control over one of the iOS client apps (due to him finding the dev), but that’s about it.
I was an organizer of nostrica (nostr’s first conference) last month. Yes, Jack paid for the venue, food & merch but he didn’t ask for anything in return.
He was very humble about the whole thing. More than I thought he would be.
[+] [-] evbogue|2 years ago|reply
[+] [-] themagician|2 years ago|reply
Like most of crypto, the basic immutable nature of things is simply bad for humans. Here, your private key is eventually going to get stolen because you have to type in your private key for every login. It creates a phishing/key-logging jackpot. And once the attacker gets you private key there is no recourse. No password reset. No way to regain access. Your accounts are forever compromised. This is the problem with "decentralization" in general. All of the benefits it brings are completely washed away by the mundane daily activities of being human.
[+] [-] scsibug|2 years ago|reply
If I was writing an update to this, I'd probably point out how much better the clients (especially mobile) have gotten, in such a short span of time. As well as how lightning integration (zaps) are letting us build new capabilities (instead of just cloning twitter) that don't exist anywhere else.
[+] [-] Logans_Run|2 years ago|reply
There is no blockchain. No proprietary social sign-in. No “real-name policy” No distributed hash table, onion routing, raft consensus, or peer-to-peer protocol. There is just a method of providing simple digitally signed text, and a simple, scalable search service.
I mean I get it aaannnndd 54 lines of Spec etc and there is a need for something like you offer/describe and I'm glad to have stumbled across the link that lead to this blog that leads to the GH <phew!>
[+] [-] cube2222|2 years ago|reply
[0]: https://blueskyweb.xyz/
[1]: https://atproto.com/docs
[+] [-] noirscape|2 years ago|reply
Mastodon itself is a rails beast (lending credence to the tendency for the Fediverse to seem fairly monolithic), but that's hardly necessary. There's many other options out there (as much as the lead dev of Mastodon has been on a spree to try and hide this fact lately).
[+] [-] dgellow|2 years ago|reply
So far it has been very friendly and wholesome, hope that will work out in the long term!
[+] [-] tough|2 years ago|reply
[+] [-] SnowProblem|2 years ago|reply
[+] [-] klabb3|2 years ago|reply
> Network effects are just so powerful and people post to be seen.
Yeah, but those people aren’t moving the needle anyway, so they can be safely ignored, for now. They’ll come when it gets popular or trendy (see the recent mastodon influx).
Current gen social media is clearly not the end-all be-all. It’s riddled with problems, both because of the business model which incentivizes short-termism like clickbait, but also inherent problems in the social graph, feeds, etc. We’ve had at least a decade of experience to learn from the mistakes of the giants. Maybe this sounds elitist, but whenever I see a Twitter clone (say current gen Mastodon or Substack Notes) all I see is a lack of creativity and courage to face novel opportunities.
[+] [-] dgerges|2 years ago|reply
[+] [-] kinakomochidayo|2 years ago|reply
What makes social network work is the diverse range of people and it currently doesn’t have that at all.
[+] [-] dgellow|2 years ago|reply
[+] [-] kevinak|2 years ago|reply
[+] [-] INTPenis|2 years ago|reply
When I read about nostr I see code examples and cryptography charts.
When I read about Mastodon (fediverse) I just run docker-compose up and I'm in business. That is what made the fediverse breakthrough and nostr not.
It needs to be user friendly for both end users and sysadmins for it to catch on.
Also unrelated to all that, I'm kinda skeptical about any system that claims to be resistant to censorship because it will become a hotbed of racists and bigots online. On one hand certain parts of the fediverse take moderation too far, but on the other hand you can't have a platform with zero moderation. It would be chaos.
[+] [-] allanrbo|2 years ago|reply
[+] [-] kinakomochidayo|2 years ago|reply
[+] [-] Multicomp|2 years ago|reply
And/or it's just my first time seeing a complete pendulum swing on the apocryphal mainframe-pc-mainframe-pc cycle.
[+] [-] dekervin|2 years ago|reply
[+] [-] leesalminen|2 years ago|reply
[+] [-] jonstaab|2 years ago|reply
[+] [-] snuckr|2 years ago|reply
[+] [-] EGreg|2 years ago|reply
Also Dat / Hypercore from Matthias Mullie, powering Beaker Browser
[+] [-] anarchogeek|2 years ago|reply
https://mattlorentz.com/weblog/2023/01/18/nostr-v-ssb.html
[+] [-] evbogue|2 years ago|reply
Scuttlebutt just suffers from an inaccessible implementation at the moment, but there is a team coming together to make a working implementation again.
[+] [-] leesalminen|2 years ago|reply
https://github.com/nostr-protocol/nostr#the-problem-with-ssb...
[+] [-] phkx|2 years ago|reply
Telegram has stuck with me as a red flag. Mostly because Signal, which emerged around the same time, apparently had the better tech and was open. Not sure whether that changed.
[+] [-] mikae1|2 years ago|reply
[+] [-] djschnei|2 years ago|reply
[+] [-] leesalminen|2 years ago|reply
[+] [-] breck|2 years ago|reply
[+] [-] jonstaab|2 years ago|reply
[+] [-] leesalminen|2 years ago|reply