Oddbean new post about | logout
 What do the ReplyGuy spam accounts all have in common? They don’t have NIP05.

Who else doesn’t have NIP05 - brand new Users with Zero WoT built up who don’t know NIP05 is a relevant thing here. Ie the bottom of the foodchain on #Nostr.

Everyone with presence on #Nostr has NIP05 whether through some paid service or their own domain. Users setup NIP05 before they setup their zap wallets in most cases.

NIP05 imposes friction and cost. It’s the equivalent of proof-of-work here where you can pay for it or DIY.

Requiring NIP05 puts the onus on paid providers to avoid spam or back on the spammer to have sufficient domains to continue their spamming - it limits a bad actors ability to spam the shit out of the network if Users can avoid seeing non-NIP05 verified accounts or filter out known-bad providers.

I want to filter on the vast vast majority of Nostr users who DO have NIP05 on their npub - per Will, head of the biggest Nostr client, that’s retarded.

I’ll tell you what is retarded - being head of the biggest Nostr client and doing three fifths of fuckall to help users deal with spam for 3 weeks because you personally have a setup where you don’t see the problem because you control the biggest public relay as well.

Where there’s no perfect solution so instead of providing solutions with tradeoffs, you get defensive to protect how you’ve done nothing to help users who are paying you to be an open source Dev and double-down on your doing nothing.

Where you don’t use your official App account to tell paying users about the limited mitigations you do have to offer.

Where you expect everyone to follow your main account on the opposite side of the world to Users where they’ll hopefully see your posts in their feed despite only having a chronological feed and no delayed reposting.

That’s retarded Will. nostr:note1tf87zywts0rydfs0s8q0ychypxz5hw3ae03yrfum8vnujznjhp6qe626sk 
 anyone with web server + domain do NIP-05 
however ADDING additional hurdle is NO HARM - makes attacker work more
WOT is NOT FUCKING LON TERM FULL SOLUTION - was just fast easy but GOOD  workaround
turned off WOT to welcome new users now THIS IS CAT N MOUSE GAME 
 very important have all OPTIONS n TOOLS filter rate limit  WOT NIP05Filter  etc etc - attacker has money n time he can circumvent anything slowly 
 The mouse has won because the cat got fat and lazy and didn’t think the mouse could get any cheese.

When we tell the cat he’s been outsmarted he tells everyone he hasn’t and that they’re retarded for not following the cat’s setup where the cat controls both the biggest relay and the biggest client and hasn’t communicated how his personal setup has avoided the mouse getting his cheese but we’re all retarded because the mouse gets all of ours. 
 he or his brothers  will come back again - another vector of attack. relay admins need have framework ready any filter can be deployed once attack or exploit pattern is idenfied
everyone using WOT closing nostr means he has WON 
 workaround have 2 parallel relay door WoT + PoW for new npubs just VIP n ECONOMY class in plane 
 It’s not on relay admins.

 isn’t spreading ReplyGuy - you pay 6969 Sats and you are on the whitelist. ReplyGuy and his tens of thousands of accounts aren’t on the whitelist.

It’s on client admins to give us *something*.

Anything.

Anything is better than nothing but the fat cat would rather ignore the problem because he’s found a way around it even though he’s not shared it.

Shits me to tears. 
 100% good
NIP-42 is another way or paid WL 
something is better than nothing - DYNAMIC based is event situation - now he gone REMOVE FILTER - put back if he comes back
all options n tools should available in SW for admin ON OFF MODIFY.