Oddbean

you own your data (contact list, posts, profile, etc). This is pretty unique, in every other online app the company owns your data and they are just letting you access it until they say you can’t. your data is portable, it can be stored on your devices and copied to many relays. This effectively makes your online presence unbannable and undeplatformable you are not just cattle for big tech to sell ads to. It’s borderless. the protocol integrates the native money of the internet (sats via nostr #zaps) so you can freely transfer value to anyone in the world if you like their post. Its bridged to other protocols like activitypub so its not isolated to just nostr weirdos There are 10+ quality clients to choose from if you don’t like the one you first tried. No other social media protocol has this level of client development.

Good points. #Nostr doesn't necessarily prevent the current social media regime, it just prevents the regime from black holing you if you decide to opt out. nostr:nevent1qqsqglrknfnc30up3mp92f9hfshednvdqpxrrk0ysf455gx7kdelpjgpz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzqvhpsfmr23gwhv795lgjc8uw0v44z3pe4sg2vlh08k0an3wx3cj9qvzqqqqqqyruc0ud

Worth mentioning that the more people run relays the more decentralised and secure nostr becomes. If you understand why that is so important for money #bitcoin then you will understand why it is so important for social media #nostr

SSL is not native Internet money. “SSL (Secure Sockets Layer) is a standard security technology that encrypts data sent between a website and a browser or between two servers. It provides a secure channel between two machines or devices operating over the internet or an internal network, preventing hackers from seeing or stealing any information transferred, including personal or financial data.” - https://www.digicert.com/what-is-ssl-tls-and-https Credit cards are also not native Internet money. #Bitcoin *is* native Internet money. The Bitcoin Timechain only exists on the Internet. Andreas M. Antonopoulos goes further, with his book titles “The Internet of Money” - https://aantonop.com/books/iom/

This is why #nostr is so intriguing. nostr:nevent1qqsqglrknfnc30up3mp92f9hfshednvdqpxrrk0ysf455gx7kdelpjgpz3mhxue69uhhyetvv9ujumn0wd68ytnzvupzqvhpsfmr23gwhv795lgjc8uw0v44z3pe4sg2vlh08k0an3wx3cj9qvzqqqqqqyppqj7y

#introductions Remember to follow lots of people. Make your own feed. nostr:nevent1qqsrnd9aewr37yztt4xru7j3tag8mdr0yzkv3mem3g5l3cd0zy8pjkqpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygzsqt95s7nwqwncr5stf5g4hlqwj64l0qpdnwjwujwhtgprrgxkmqpsgqqqqqqsvp35m8

Note ref not working, missed a space. nostr:nevent1qqsqglrknfnc30up3mp92f9hfshednvdqpxrrk0ysf455gx7kdelpjgpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgq3qxtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsxpqqqqqqzsajdp0

I really want to dig into "you own your data" on nostr. Do people feel like that's true? I certainly don't feel like that. I feel like I can author whatever data I want, but once I publish it I don't have any control over it anymore. My data gets published to many relays in control of many different people with different ideas of how the ecosystem works. I generally have no way to delete or modify the data. I have access to my data whenever I want, but so does everyone else. And that data can be used for seemingly whatever purpose anyone that receives it would like. I'm not sure what would stop a company from using that data to, say, target ads at me. It's not even really clear where the authority to do any of this comes from. There's no user agreement or anything. If I do own the data, it's certainly not treated that way. I don't believe any of this makes the system *bad* per se. It just feels like something we haven't figured out yet. nostr:note1q378dxn83zlcrrkz25jtwnp0jmxc6qzvx8v7fqntfgsdavmn7rys5553zw

Absolutely correct, good job pointing it out. What we need here is some form of repudiation of notes, so that you can later say "I never wrote that". It's effectively deletion. One way is that you can limit the time your notes/posts are valid. Each note will be signed by a temporary key that's valid for, say, a week. The temporary key in turn will be signed by your permanent key which is your identity. After a week you publish the secret key to your temporary key. This will dissociate any note you signed with the temporary key from your identity because now everyone could have written and signed it. Then you generate a new temporary key for the next week. I would expect relays to purge expired notes on a regular basis because what's the point of a note without an associated identity. If you want your notes to be valid for longer than a week you'll have to re-sign them each week with the current temp key. There can be good UX and automation to make this easy.

This only works with repudiation by key rotation. I don't think you've understood that. nostr:nevent1qqstxfs92x47k4y67jtm8lhj3uckyzramkpsth9mstdpf0ee3jz2myqpzamhxue69uhkummnw3ezu6rpde4ksatz9ehx2aqzyprmuze238a25e4u2l6uv7fqxjrd53txq22uk0dnctec7jlgmzqkuqcyqqqqqqg7u95l6

Repudiation is desirable (I believe SimpleX is actively working on it) ofc. But the lack of it does take away the advantages of message timers in 99% of cases. It's a passive defense for when you are not being actively targeted. Yes, if chatting with a fed and confessing a crime, it won't save you.

With power comes responsibility. I think un-censorable publishing is power, and that’s a feature here that comes with the responsibility of being tied to what you’ve written in the past. I also think this is in and of itself is a feature preventing folks from being massive dickheads on here. As for the ad targeting and such, you can configure your usage of this open protocol in any combination you want and make decisions on value trade offs. We’re widening the attack surface, definitely not fixing everything about capitalism and human nature.

Not sure "you own your own data" is the right way to put it (I don't word it like that), but here is what I think they mean. If you use a mainstream platform, the platform owner can, at least at the *technical* level (they might have all sorts of legal, economical and practical reasons not to): - Delete your profile. - Delete some (but not all) of what you publish. - Publish things with your identity. When you use Nostr, you know full well what data is signed with your key (or, at least, you *can* know), you can very easily have a backup of everything and everything is verified, so none can publish in your name. That said: > It's not even really clear where the authority to do any of this comes from. There's no user agreement or anything. If I do own the data, it's certainly not treated that way. Note that TOS are only as strong as the law makes them strong (usually contract law, but INAL and this is not legal advice). Laws exist that can overrule things the TOS say. Also, laws can say things TOS don't say and those things will apply regardless of whether there's any TOS anywhere. In the EU and the UK, for example, the GDPR will apply regardless of what any TOS anywhere says. So, at least in principle, you will absolutely have the authority to object to certain usages of any data associated with your identity, especially for targeted ads. Whether companies will follow the law or not, is of course a different question. But the answer to where authority comes from is always the same: from the law. And indeed only the law can give value to any TOS anyway.

Also note that when you publish to mainstream platforms you also can't take things down if someone else doesn't want them to go down. I can quite easily make a bot that backups everything you post on Twitter and posts it somewhere else. Once you send something to a receiver, there is never any technical way to take it back. It's an actual impossibility. And if you *publish* something, everyone is (potentially) a receiver, whether you publish it using Nostr, Twitter or anything else.

What ways do they have to limit audience? My point is that anyone receiving content will be able to retain it forever and republish it. Of course if only a few people ever receive certain content, and you trust them to never republish it, it won't be republished.

yeah, of course it boils down to trust and "loyalty" of receivers not leaking having public key of users you can do symmetric encryption of content and distribution of only such key for each viewer (be it pgp style or whatsapp groups or any other way to achieve "group encryption") would be a way to take heat off relays (they cannot censor / cannot see content) and also basically have an hidden profile (only metadata leaked as in time/size/amount of recipients) accessible for example only to subscribers. or for example send them the symmetric key when a certain amount of sats thru zaps is sent... sort of like medium style "articles" with "pay per view" on each post, some posts or how you desire

Well, Nostr does have private messages. The issue with private messages is that everyone can still se who is sending a private message to whom, at what time and how long. The only private thing, which not even relays can see, is the content of the message. My point was that Nostr isn't very dissimilar respective to your direct control of things that you publish (not just send to others privately): whatever you use, others may use that content in any way, including illegally. It's not really something you can technically prevent.

In a sense, data ownership on traditional platforms like Facebook and Twitter is governed by a terms of service, but on Nostr, it feels somewhat closer to publishing to the public domain. It doesn't feel forthcoming to compare Twitter's ability to delete your data upon request to Nostr's. Someone could, theoretically, be backing up your tweets, sure. But large platforms do quite a bit to prevent that, it's against their terms, and anyone using it would or should know that the data was obtained in bad faith. On Nostr that's not the case. Nostr's operating model has no real agreements. And the core idea of the model is that anyone can and should be backing up that data on their own servers. It seems much more reasonable for someone to think that the data could be used for whatever they want in that model. That is the de facto ownership model on Nostr and fediverse content right now. You own the identity, but you don't own your data. To be clear -- I don't think that's bad. I *like* the idea of that data being free and open when it's published -- who owns your words after you say them aloud? But it does inform what data I put here. And I think that's a big shift for most people coming from large traditional platforms. We should embrace that distinction to help people's experience here.

> In a sense, data ownership on traditional platforms like Facebook and Twitter is governed by a terms of service, but on Nostr, it feels somewhat closer to publishing to the public domain. TOS are a contract. They only mean something because of the law. Copyright law and privacy law still apply in the absence of a TOS document. Of course relays and other parties can break the law, but the same would apply for mainstream platforms. > Someone could, theoretically, be backing up your tweets, sure. It's not theoretical, it's very doable. This has been done before. > But large platforms do quite a bit to prevent that, They can't prevent that. It's why there was an archive of Trump's tweets, for example. Also tweets end up all the time on the Wayback Machine by the Internet Archive. I have accessed deleted tweets before this way. In fact, backups of large portions of social media platforms have been made before by data hoarders. > it's against their terms People can break TOS. > who owns your words after you say them aloud? If they are copyright-worthy and recorded, the speaker owns them. Mainstream platforms sometimes give users the delusion that they will be able to take things back, but they won't, or at least there is no guarantee that they will.