Oddbean new post about | logout
 this is an example of what nostr will fix, and why NIP-42 is so important

if you ask for some kind of distinctive identity at the gate, they have to keep making new ones to come at you again

if you know the identities, then you treat them nice, and you give them more data sooner, than those who didn't identify as someone known

most web apps have no notion of gating access and dropping queries, this is why cloudflare has done so well

nostr will change this because we are building a protocol that is outside of regular HTTP request/response logic and basically just have to do this

the spam and dos attacks haven't even started yet, but by the time there is enough users to be worth mounting attacks hopefully you all will understand that we won't succeed with this unless we understand how to deal with these attacks at the protocol level instead of making dumb apis only

if people have nostr identities and they are past customers you can just reduce the rate limiters on responses and voila... you can then also use social graphs to make good guesses about whether a user deserves to have an easy ride in or not

web of trust is going to be a very big part of how this works, and right now, CF is doing this for you, and forwarding all that user information back to the NSA for analysis 
 Making new identities is cheap (unless one grinds for a vanity address like yourself!)

NIP-42 can help but is no silver bullet, sadly.

Even NIP-05 is no defense when nostrich.house is renting verified identities at 1 sat per hour. 

Human moderation at relays is the only reason Nostr hasn't become Usenet already.

I've sent a draft of another partial solution to a friend on Nostr, if she likes it she can lobby her friends into adding it to clients.