Oddbean new post about | logout
 1. By default, I'd priotize opening that page in a native app the user already has or a web-based app he has some link with (zapped it, known app in his network, etc etc...)
2. By selecting who you are first, the app adapts the Verifiers it shows to your npub
3. I'm including Verifiers in my onboarding flow so that an onboarded user has an initial set of Verifiers (preferably independent from the app) like he would have initial Relays, Blossom servers or Mints.  
 What Arthur is saying is that 2. cannot be trusted.

The app could show you these icons of the verifiers without them having really verified anything.

 
 yeah, or like #nostrudel where it shows a verified badge but you have to click to the profile to see the domain associated with it

he added a color ring around avatars which goes some way but those things can be faked in about 2-3 weeks of vanity key mining, as well 
 yes, colors can be minted, and they are only useful to the extent you remember the colors of the people you are following.

I could probably remember 20 or 30, so not really useful. 
 The whole point of a follow is that you don't have to remember anything about them. 

That's why you literally bookmark them.  
 Colours are useful: 
- to find yourself
- to find someone new 
(I'm pippelina. Pink pippelina 😎)
- for imposter detection services
(If pfp, bio, last digits of npub, color, ... match with an earlier created profile) 
 creation date for npubs can be faked as well, unless they are using Open timestamp or something like that.

And even if they couldn't be faked, they don't mean shit, because I can create Apple npub

 
 i think color, last 6 characters of the pubkey, and the nip-05 URL should all appear right next to the display name always 
 that entails a pubkey grind of at least 2 years plus taking over a DNS record 
 Good Imposter detection + removal goes a long way. 
(will probably some kind of timestamp yes)

No way that I'm showing anything more than Display Name  +  Following/Not icon on 95% of screens.  
 Yes, I know. Every app can fake everything. 

That's why I think a verification button that opens the same data set somewhere else (that you already know) in the onboarding process is a good solution. 

It beats blindly trusting the app or centralizing "Nostr login" to a few honeypot services. 

A newcomer that is only part of Nostr group chat and then opens his first new app can do a loooot more with trusting the app he already knows and the Web of Verification that that app has, than with trusting who the other chat members are following.  
 fair. Public square dynamics (follows) aren't that useful if you aren't in a public square (e.g. a group)