> Nostr is a decentralized network protocol for a distributed social networking system. [...] It was designed with goals of censorship-resistance in mind.
I don't really understand Nostr. Without having your own personal relay or website, how can you publish your public key? (or without a trusted centralized authority)
And if you do have a website where you publish your private key, why wouldn't you just publish your content there?
How do you manage public keys you trust? Is this something a client implementation should do?
What happens when all relays you write to go down? You lost all your followers? How would they learn of the new relays you write to? Doesn't really make sense in terms of free speech. Sure, you can still write/publish but if no one knows where anymore isn't that the same as having disappeared/been banned?
I do understand that "nostr is just the protocol" but what makes this usable at all in practice?
So: You sign your message and then attach the public key and push that to a relay?
How would anyone reading that message know that this was actually signed by you and is your public key? There has to be a trusted exchange of the public key before or the relay could just spoof your message. Some messaging apps do a thing where you meet in person and scan the other persons QR code for example. Otherwise, you have to trust the relay. But as I understand it that is not the idea of it.
Again, if you sign a message with a list of pub keys, what if the relay disappears? How do you get around that problem at all without hosting your own relay?
About the relays disappearing, how will people find you on a new set of relays you choose unless they are reading from those already? Relays don't communicate with each other.
Other protocols like ActivityPub ultimately have the same problem. You have to host your own mastodon server to address these things.
I understand the signed message. But this is not P2P, the relay is the (untrusted) middleman. So how is that in any way different than just sending someone an email and signing it? Or publishing signed messages in any other place online? Is it about the convenience of very quickly being able to switch to another relay without a hassle?
Okay. Well, then you have to trust Twitter or Keybase, centralized authorities. And your profiles there can be taken down also.
And if you have a homepage, why do you need Nostr at all? You can just sign content and publish it on your website then, no?
I'm starting to think that the main thing with Nostr is convenience. Should you run into an issue with any relay(s) you simply change to different relays without much work involved, i.e. without "your operations" having to pause. But that doesn't solve the discoverability issue with relays.
It's actually not much different than if you signed your tweets and then if you got banned just moved to facebook. Just more convenient.
I trust any public service like that only as far and as long as needed - as long as they're serving how to find and properly contact me unscathed, (meaning I haven't made it politically or financially uninteresting for them to serve it), what more is needed?
Check archive.org or against the secondary page I have set up on MostPopularNetwork#2, if security-minded.
That’s not strange, given that it’s architecturally similar.
However, blockchains are solving global consensus problems. Nostr doesn’t give a shit. To me, that’s good. One piece at a time. Also, what’s so important about consensus? It’s extremely slow and expensive and mostly matters for financial applications. The less financial speculation the better, imo.
Time will tell I guess if the architecture holds, and also if there are interesting easy-to-use applications on top of it. But I like the simplicity of it a lot. Feels retro and refreshing at the same time.
In what ways is the architecture similar? As far as I can tell, the only similarity to Bitcoin is that it is a "permissionless" protocol. Any relay can participate in Nostr, just like any node can participate in Bitcoin.
They’re both decentralized. Actors are identified by public keys. Messages are signed and processed by other nodes.
The only high level differences are (1) Nostr does not have a persistence layer (much less one with global consensus) and (2) applications live “outside” the system whereas in the crypto world they’re either hard coded (say bitcoin) or through smart contracts that live “on-chain”, ie as part of the system.
Maybe I’m missing something though. It’s just my observation.
Good points, they are more similar than I had perceived. The fundamental objective in Bitcoin is the decentralized construction of an immutable ledger (through consensus attained by proof-of-work). It basically is a persistence layer. Whereas the fundamental objective in Nostr is to prevent central censoring of messages, so it's more akin to a communication protocol. However, censorship resistance is also a property of Bitcoin.
I tried nostr and I was impressed by how fast it is compared to the alternatives and by how seamless it is to connect to everyone. Unfortunately I'm not interested by the current content and I'm not sure a social media without censorship is viable on large scale
> I'm not sure a social media without censorship is viable on large scale
Right, it absolutely isn't. Some form of censorship is vital. This claim becomes more agreeable when substituting "censorship" with the almost-synonymous word "moderation".
Nostr's idea of "moderation/censorship" is quite simple: you (or your relay admin)
can drop whatever content you don't want to see or promote. It's no different than email servers, and (as a system) it works just fine even if you are surrounded by bad actors.
The main difference with Mastadon is tha with Mastadon you have a single node that you get your federated feed from, and that verifies your identity. Therefore if your node operator doesn't peer with some other node, you wouldn't automatically be able to communicate with users on that node.
With nostr, your identity is just a pubkey, and you can publish to / read from several nodes simultaneously. So if some node refuses to puplish certain content, you can just get it from another node without having to create a whole new identity.
This take is terrifying to me. Obviously we all have things that we don’t want to be exposed to, and probably many things that we don’t feel anyone should be exposed to, but who gets to make the decision of what is acceptable and what isn’t?
Bias and financial interests in speech and content are more rampant, now, than they have ever been. I don’t trust anyone but myself to “save” me from seeing what I can only describe as “wrongthink”.
I don't know Nostr, but why can't you moderate anonymous forums? HN is anonymous. Or is Nostr literally non-censorable, in that I can't get an undesireable message or user off my personal feed.
Moderation is expensive, scaling with popularity and some really nasty points where you become popular enough to attract spammers, criminal activity, and mobs. HN survives because it doesn’t allow you to upload files, the 90s aesthetic keeps it a niche, and–most importantly–it’s the pet project of a very rich guy who is comfortable paying skilled people decent money to moderate it:
Despite that, usernames and their corresponding IPs get blocked routinely and we still see spam regularly even if only for a brief time.
Any forum will have the same problem: get popular and whacking spammers becomes a full-time grind. Allow people to upload files and you’ll have the FBI asking why you’re facilitating transfer of pirated movies, CSAM, etc. Have the wrong people decide to use private messages and now the FBI is back asking if you knew they were planning terrorist attacks.
None of those are completely impossible, of course, but they end up being expensive and burning out volunteers. Limiting anonymity helps, but only so much - it’s just an expensive space to be in.
The problem all these technologies are trying to address is the centralization of control and authoritarianism. Free association is the cornerstone of a free society and our information technology foundation is not currently equipped to handle a totalitarian adversary. Speech should be unsuffocatable.
I found Ryabitsev's 2019 meditation [0] about maybe using git with secure scuttlebutt interesting (though not terribly compelling). Ryabitsev's fantasy scenario involves a developer exchanging git patches for a particular project via phones, to a laptop. Because that person uses secure scuttlebutt, the bug tracking thread is part of the enabling software, rather than out of band. I am of the impression that Ryabitsev's history as mailing list manager and software patch attestation more likely informed this dalliance than typical web3 inroads.
The referenced article does not mention git-ssb, which was actually used for some time to develop the Patchbay and Decent clients for Secure Scuttlebutt!
Git-ssb went far beyond just sending and receiving patches. You could actually clone, pull, and push a repo between your friends and your friends friends.
I remember discovering git-ssb and thinking wow this is it, this is how code can be uncensored and decentralized.
Does this Nostr based approach solve the problem as well or should they be looking at git-ssb and extending it?
It seems extremely likely governments and courts all across worlds will be increasingly threatened by code in the next decade, so pretty important that a censorship resistant infrastructure is built asap.
Nostr is everything that fediverse social networks claim to be, but aren’t.
I was shocked to find out that the Lemmy instance I signed up on was blocking dozens upon dozens of other instances, which defeats the entire purpose of a federated network.
In which case the point is useless. It's a pie in the sky statement.
Fediverse instances being too trigger-happy in blocking other instances means the network as whole is less open in comparison to a centralized social network. So, why bother? You have little to no control over whom you can connect to.
Also, "switching" is an alien concept to normal social media users. You never have to "switch" and you never lose your content or followers, exceptions aside when you get yourself into serious trouble.
Decentralization/federation is not about "potential user base". It's about diffusion of control. People need to learn to fish because the SaaS model is a precarious foundation to build a culture on.
We are having this conversation in a more mainstream way now because more people found out how precarious their online cultural foundations are. Your Facebooks and Reddits and Twitters will get ruined by changes of ownership or on the whim of billionaires. You data will be sold out from under you. You will be squeezed for every penny.
The point is to either host your own instance, or use the instance of someone you trust and/or whose moderation policy you align with. It's not to amass a large user base and watch your charts go up.
> The point is to either host your own instance, or use the instance of someone you trust and/or whose moderation policy you align with.
This should be the goal but will never happen with an activity-pub-based fediverse. It just doesn't scale to everyone or even every small group having their own instances because. Current fediverse software is also too complicated and too resource hungry for even most technically inclined people to self host.
You really need a better foundation that is designed for efficient communication between millions of hosts from the start.
Except once instances block other instances for not going along with their blocks. Then you really cannot talk to anyone from a single idenity. This makes the whole system not much better than a bunch of independent sites.
Then there is the fact that you once you choose an instance your identity is bound to that instance. Why would anyone invest in such a dead end network.
This is a strawman argument. The biggest advocateds of federated social media are not promising a fully decentralized and censorship-proof network. Federation is built on trust, and blocking untrustworthy instances is a critical function of any open federated system.
There is another side of the Fediverse that operates on the principles you are talking about (eg. Poast, Baest, Spinster, Gleasonator, NoAgendaSocial, NicecrewDigital, et al). That part of the Fediverse, like Nostr, is covered in Lolicon, gore, and Nazi memes because that's the userbase you get when you promise that nobody can stop you from posting whatever you want.
More and more I am learning that the people who desire censorship-free social spaces are the kind of people that others rightfully exclude from polite social spaces, because these are people who lack respect and want to say and do horrible things without opposition.
By definition, an instance will only block instances it doesn't trust, so yes, only untrustworthy instances are blocked by an instance that doesn't trust them
The mistake is believing that all instances behave the same and block the same. The whole point of federation is that every instance chooses who it wants to block.
That's not how it works at all. Admins pressure other admins in apply the same blocks, or risk getting defederated. The entire thing is ran by power hungry bullies.
That's not how it works at all (see, I can do exactly the same).
1) I, as an admin, have never been pressured by anyone to do anything and can federate with whoever I want. Thousands of instances are the same. The only ones who are pressured are the biggest ones, who also happen to host the worst content (xenophobic, racist, gore, pedo content).
2) You are not owed an audience. Not everyone wants to ear what you have to say. Moderation at scale needs to happen if we want marginalized communities to thrive, and unfortunately since the internet is mostly hostile to those the most efficient way to do this is to block. But if you're not ok with the blocking policy of your instance, change it. That's the whole point of federation. You'd do the same with Nostr: you disconnect from a relay if you don't like what comes from them, connect to another one, except with Nostr you can't totally be sure the bad content will be filtered out.
Sure, but at least this time it's more than one power-hungry moderator. In the forums of the 90s, if a forum moderator banned you from the server in the middle of a flamewar, that was it.
Now at least there could be (in theory) regional blocs of federated servers that share content. I heard some people are proposing a common account interchange format, so you could migrate accounts? (not being in the fediverse yet, I don't really know...)
Nostr can be thought of as an open, decentralized, censorship resistant messaging layer with a built-in micro payments system.
Regarding why this might be useful. Remember when youtube-dl got taken down from GitHub? I think it’s now back after all the outcry. But the point stands, if you develop something that someone powerful might not like, a Nostr based git solution for that might make sense.
That’s a fair point. In the current iteration there’s not much functional difference.
The vision though would be to build something that feels a lot like one of the centralized git services, just built on top of Nostr. So, it’d be some kind of a frontend that you may be able to run yourself if it’s open source which you could point to a set of relays to get the ‘git notes’ from. Couple this with the integrated payments functionality, and I think it becomes an interesting proposition.
If I recall correctly some time ago Jack Dorsey pledged some amount of BTC to make that a reality.
Bitcoin uses secp256k1, Nostr uses secp256k1. I was surprised as anyone to learn that when you exchange money using Nostr clients it is not directed at the private key that you use to sign Nostr messages.
Bitcoin was developed just barely before ed25519 was finalized, which is probably why it uses secp256k1. Unless intended mainly for government users (FIPS), almost every new cryptographic system uses ed25519 -- except Nostr.
I always assumed Nostr chose secp256k1 so you could send bitcoin to another Nostr user without some extra "payment address request protocol" bolted on the side. Very surprising that this was not the motivation!
Why would anyone want to use an inefficient complicated network to send a Git patch rather than sending it over email, using Git integrated workflow?
What I'm actually eagerly waiting for is GitLab instances being able to federate using ActivityPub, allowing remote forks and auto-updates, merge requests, issues opening and commenting, following users and projects… all that without having to open an account per instance.
Can anyone compare this to https://radicle.xyz/? (Or am I wrong thinking they're similar? I've used neither.)
I suppose gitstr would have the benefit that you'd already have the public key of whatever person you'd want to send the patches to? Because you learned of the existence of their repos via nostr, or so?
https://en.wikipedia.org/wiki/Nostr
(Because the linked page doesn't describe/link to a description either, AFAICT)