Oddbean new post about | logout
 Friday night experiments

https://video.nostr.build/57b19c36e10f0049ff431119c204b983ec51f45ab103cbbbe4203e85b388ad55.mp4 
 love it 
 Where can I find documentation that breaks down the fields, commands, cli tools, and fields in the protocol? Looks wonderful, thanks for sharing! 
 Thank you! It really is a proof of concept for now. I'll keep refining and release at some point 
 Right now only works for Android:  @Zapstore 
 If I don’t know who they are or the names are fake 
 You can check the npubs, if you don't trust don't install 
 woah 
 Oh man, that's so sexy, that's what we need. How do you verify the `zapstore`? 
 Thank you, yea it's just a start. I have some ideas around verifying zapstore itself, for now it's mostly through social (kind 1) clients 
 Are reproducible builds possible for zapstore itself? 
 Awesome!!!!
Some thoughts on the WoT part:
1. Enough users to follow the npubs behind most of the apps they're using
2. Where and how do you prompt users to follow those npubs?
3. There is no win-win for making users go through that step (and it might mess up their feeds etc) 
4. Follows don't have a cost and 90% of my follow-list will not know the first thing about trusting in software

Alternative idea 💡 : 
USERS:  Focus 💯 of the UX on letting them zap the apps they value. No ratings, no recommendations, no adding to "Following". 
BUILDERS:  Let them verify and vouch for each others apps. Build a Web of Trust amongst those who actually know how to verify (and what price to ask for it). 

Then you scan say things like: 
- Zapstore & 21 other apps (that you value and use) trust this app. Install?
- Here are the most valued apps in your network
- No other app trusts this app. Enter secret key / Read only?  
 Appreciate your thoughts and generally like the idea. I have a lot of questions though.

Zaps also require a WoT layer or it can be gamed.
Yes there are challenges with follows, but getting devs to vouch might be even more difficult. Will devs vouch, or apps, or the npub behind the app?

I think curators might solve this problem. Let's say Ben Carman (who anecdotally is linked to Mutiny, Harbor, etc) has a list of trusted apps. Curators could perhaps be found by WoT + zap weight. 
 👀👀👀