most nostr apps you can click a single button to create an account, since it just generates a keypair. no email verification, nothing. what is simpler than that?
you don't even need to know how to host something on a server, the relays do that for you.
> The event protocol that drives the system doesn't authenticate public keys, so asymmetric signatures are performative: attackers that can intercept messages (Nostr servers, the presumed adversary of an E2EE messaging system) can just swap out keys and re-sign.
This is completely nonsense, most clients do in fact check signatures. All relays do as well.
> Two major clients, the mobile phone Damus app and the web Iris app, don't even verify signatures to begin with.
Author of Damus here. this is an analysis of an old version. This has since been fixed. In the early days we connected to a fixed relay list of trusted relays. These relays verified signatures. This was just a pragmatic tradeoff thing until we had an optimized work queue for verifying notes (this lead to nostrdb, a custom embedded nostr database built on lmdb. it's a sqlite but for nostr https://github.com/damus-io/nostrdb)
> DMs in this system are unauthenticated CBC, so attackers can simply bitflip messages and events to say what they want.
not really true since the whole note is covered by a secp256k1 signature.
> The apps do automatic link-preview, so they've managed to reconstitute the EFAIL attack: attackers can locate links within messages (they'll be revealed by SNI and DNS anyways) and then bitflip them to point to attacker-controlled servers, exposing both the URLs (which will often contain tokens) and, with a bit of extra work, the message itself (by tacking `?foo=` onto a URL).
you can turn off these, you can turn off images as well. people should run a VPN of course if they are worried about these things.
I don't think you can say "this is complete nonsense" and "this has since been fixed" in the same comment. Also: don't use ECC signatures as MACs. Signatures are not MACs.
I don't want to speak for Will, but from my read he is specifically highlighting that "The event protocol that drives the system doesn't authenticate public keys" is the nonsense, because the protocol specifies that clients validate signatures on events using the public keys.
This makes sense in nostr, because anyone at any point can mint new public key and start posting events and other people are free to start following them, from which point they can ensure that the new events are coming from the person holding the same private key. And this is what relays and clients do.
My comment was worded a bit too harshly, sorry about that, I certainly wouldn't have worded that way in a personal message.
As I mentioned the hexadecimal printing coincidence is a neat fact, I was just excited when clicking the link to find a novel bitset idea. In my disappointment to find the standard bitset (albeit with 16-bit limbs) I reacted a bit too harshly. And as per https://xkcd.com/1053/, just because something isn't new to me doesn't mean it's not new to anyone.
I will remove the novel wording just for the hacker news geniuses. I have been programming for 26 years and have never encountered this pattern, nor could I find it in any libraries, which is why I decided to wrap it up in a library.
If a simple bitset like this exists in a library somewhere I would love to see where! Most implementations I've seen over-complicate it for simple use cases like this.
I have had the experience of explaining to coworkers how bitwise operators even work more than once. I think sometimes people overestimate the average programmers knowledge when it comes to bit operations. modern programming is so detached from having to use that for day to day work.
I am aware of the bithacks page, but I just found encoding the bit coordinate in the ID itself so clever.
Can I ask, how would you do it otherwise? Is there any other way? Or is the supposed novelty here that the two values are packed into the same byte instead of having some zero bits between?
I guessing this is because you are used to an algorithm that is constantly showing you the most liked content. average day to day discussions between humans can be pretty shallow, nostr feels more like shooting the shit with your friends instead pumping rage bait and dopamine into you brain 24/7
This is also why I suspect people are generally nicer and happier on nostr, there is much less fighting because there is no algorithm that boosts angry and controversial threads.
not to say algorithms can't happen on nostr, there just aren't many in clients yet.
Correct user counts need to have a web-of-trust applied if you want an accurate count of "real followers", but I suspect that's the same on X as well.
As one of the largest accounts on nostr I can say there aren't many "crypto" fans on the network, those are all on farcaster. Lots of bitcoiners and freedom lovers though! Maybe try following #grownostr, there is lots of non-"crypto" content, mostly gardening, homesteading, etc.
You have to curate your feed to see the things you want by following specific people. There are no algorithms that automatically tailor the feed to your interests. If you go into the "global" or "universe" feed you will see lots of crap, but that is just noise that can be filtered out by setting your global feed to only show paid relays.
Hey, author of https://damus.io here (ios twitter-like nostr client)
> First, I want a replication strategy. Nostr messages get lost in time, and many of the clients end up just blasting an entire message history at your client. Because there's no clue in the protocol how messages are related other than a timestamp this also means you can fake timestamps and write fake messages in the future or back in time
You can do this with email or git too and it doesn't make it any less useful. I actually like the backdating feature as it allows you to copy your account to a new key.
As for replication, at damus I am working on https://github.com/damus-io/nostrdb which is intended to be a "sqlite for nostr". I plan on implementing set-reconciliation based syncing with strfry relays (using a technique called negentropy), so that replication is very efficient.
> Second, I don't like that many Nostr clients are using the same signing key for messages as they do for lightning transactions.
This is simply not true.
> Third, someone needs to delete some of these NIPS. The arms race to make Nostr as complex and difficult as possible to implement is not going to do much for the ecosystem in the long run. In the beginning Nostr was simple to implement from scratch, they should get back to that!
All nips are optional except for nip01, you can ignore them all for the most part.
> Fourth, it needs a dedicated blob store protocol. Yah, I know IPFS isn't great but someone should come up with something that is simple and works.
It does not, in the same way email or git or any text-based protocol doesn't need a dedicated blob store. These are separate concerns and they should be a separate protocol. nostr clients can of course integrate and link to any blob store it wants via new NIPs that describe this. I believe there are a few already in the nips repo.
> > First, I want a replication strategy. Nostr messages get lost in time, and many of the clients end up just blasting an entire message history at your client. Because there's no clue in the protocol how messages are related other than a timestamp this also means you can fake timestamps and write fake messages in the future or back in time
> You can do this with email or git too and it doesn't make it any less useful.
In the sense that you can fake timestamps, you're of course correct on git and anything else beyond public blockchains.
In the other sen, git is a counter-example of what I take the author's main point to be, in that commits do have an mandated relationship and linkage that Nostr noted don't.
Zaps just put a signed nostr note inside a lightning invoice so that clients can show that a specific user send some amount of money to some note or profile. clients request lightning invoices via lnurl (an http lightning specification). You could do the same thing for any other fiat or crypto system if you want to, but nostr was mainly build by bitcoiners which is why there is lots of bitcoin tech integrated, but its completely optional.
How do you request your Zaps balance to send it somewhere else (like to a Bitcoin wallet)? Maybe this is a Lightning thing and not a Nostr thing.
I guess I assumed it was based on the private key you generated when you got started on Nostr and if that private key became compromised then the Zaps could go to whoever had the private key.
Perhaps there is a document somewhere that explains this.
There is no "zaps balance". Zaps are just receipts of lightning payments.
The basic idea is that a lightning node will detect when the invoice with a nostr note inside is paid, and then send the receipt to nostr as a nostr note, with the original bolt11 invoice inside with the signature from the user who sent the zap.
It's all described by NIP-57, a spec I put together to support this:
I was working on c-lightning at the time and I thought it would be really cool to replace the "like" button with an instant bitcoin micro-payment. I think it worked out quite well! There are many sites utilizing zaps in all aspects of the protocol, such as a decentralized market for AI job requests (data vending machines), zapgoals and zap fundraisers. All built on this note type. protocol synergy!
I guess what confused me is I've used Nostr clients where everyone has a Zap button. Who is holding onto those lighting receive addresses until they specify where they want the funds to go?
Like if someone Zaps me right now, I haven't specified a place for those Zaps to go. Do I call the Damus staff and they send the total of the micropayments Zapped to me over Nostr to a Bitcoin receive address? I don't think anyone has Zapped me, I'm just trying to wrap my mind around how it works since I was wrong earlier.
Maybe I need to set aside an afternoon and read about how Lighting works, perhaps I just don't get that protocol.
Ok, this makes sense. I must have been using a client that had 'Zap' icons and because I didn't have a Zap balance I just assumed the buttons didn't work because I had no balance.
I didn't realize every single person who downloads a zap-supporting client had to also set up a separate app to handle the micro-transactions and host that app somewhere where it is available 24/7 in case their post gets zapped.
What does it rate-limit based on? If it's just IP address then I doubt that'll do much good as it won't stop any spammer worth their salt and yet could affect large groups stuck behind a NAT device.
you don't even need to know how to host something on a server, the relays do that for you.