Oddbean new post about login | logout PSA: If your relay does not support NIP-09 (event deletion), I am removing it NOW. NIP-09 respects the fact that privacy-conscious folks may not want everything they post on Nostr to be archived on a permanent record. Did we not learn anything from Snowden? In garnet and Amethyst, go to your relays and tap on the name to see the NIPs each relay supports. The ability to delete events is not just about "not owning up to past comments"; it also respects the fact that among many potential issues (including malicious relays), people may accidentally doxx themselves and want that post removed. This can be especially dangerous for women who are dealing with stalkers or abusive exes, etc. Using relays that do not respect users' requests to delete events poses significant privacy and potential safety issues, and I will not continue to support the reluctance of relay runners to adopt and honor NIP-09 event deletion requests.
Plz note that relays supporting NIP-09 are sometimes a problem too. Dev of Amethyst is using client to update relays who serve old versions of 'replaceables' due to relays not properly deleting/replacing.
What about repost/boost? Would it not force the note to be copied to another random set of relays?
Do you know how I can delete a note in Damus? Or Primal? Is this possible?
Yes go to Amethyst or snort.social to delete it.
Nostrudel.ninja have it as well https://image.nostr.build/8a0ad6b1e62b6d4925add0c9f40a8011f2216cea1b7157d34f31059d13ed0a75.jpg
Just checked here and nostr.band don't support NIP-09 😒
Sadly with broadcasting services, it makes it nearly impossible to take enough control of your notes. And nothing can really be done to stop it. I agree this is a major safety issue. Best you can do is pick the best relays and hope for the best
I hear you. It starts educating people and opting out, then verifying and holding relay runners to the new standard. If enough people do this, the tech will evolve to meet user expectations, or privacy-conscious users will just stop using Nostr, and it would be a shame to see that happen.
How can you check this? I.e. how does a pleb know if their relays support NIP-09 or not? (PSA)
You can check on https//nostr.watch On the details page for a relay, it lists the NIPs. Link and screenshot provided. https://nostr.watch/relay/nostr.thesamecat.io https://m.primal.net/Jwem.jpg
What if I run a relay that does not delete and anyone can still see all your notes?
The perfect is the enemy of the good enough.
But for Ava concerns about privacy/safety and have notes deleted on Nostr, it's either possible or it's not, and it's not, it's just a best try effort, there is no guarantee, all your favorite relays can delete but others won't and anyone can still see it.
I completely agree with this! When I first joined Nostr I thought it was weird that I needed to request to delete things. I should be able to have complete control on my accounts. "Own up to what you said" seems like a method to harass someone for something that was posted previously. Other than Nostr, I use Reddit and every now and then I completely delete my post and comment history. This is to prevent people from reading through my extensive comment history and tracking my identity.
Your posts are still saved in Reddit even if you delete them. Also fuck Spez.
I had actually recommended a NIP for exactly this deletion purpose. @Vitor Pamplona started working on that after my recommendation, which I was surprised it started to happen.
What NIP are you referring to that you originated?
This here: https://github.com/nostr-protocol/nips/pull/1256
This you, 18 minutes ago, wanting people to thank you for the idea? Do you have a post for reference showing that you originated the idea? Genuinely curious. https://i.nostr.build/2I36E3jTymdfnZ7A.jpg
This was the note it originated from: https://primal.net/e/note1d4a8wgj09glmlrl9dpgtrw2dv4n5n90px8ljhtmkgq874w84ndnsfer5e7
Your comment was from August 10th 2024. Vitor started work on this in May 24th 2024. I believe you have a misunderstanding by what he meant by "on it."
That might be a bug on the client side.
Unfortunately, it is not.
I have gone ahead and deleted the comment, for I hadn't seen the date it was posted. I thought this was recent.
You're asking for a false sense of security. NIP09 does nothing at all for your privacy. If you dox yourself on a broadcast network your key is burned. Your identity shouldn't be so important to you that youre unwilling to discard it if you're trying to remain anonymous.
Nostr is not just for uber paranoid anons, and if it is, it fails miserably at it, and is also dead in the water as a protocol that anyone else would use.
OK... Those not uber paranoid people can keep using their keys then even when they broadcast a message they shouldn't have. The feature you want is, first for uber paranoid people in the first place and second, it's not possible. A scheme to request deletion is fine. But it's always going to be a request. And the relay can always lie to you. I'm not talking about how nostr should be. What I'm telling you is, there is no scheme whatsoever in any protocol that can ensure that a message you've sent to another machine is deleted by that machine and/or not relayed elsewhere. Event deletion requests for a key that youre trying to remain anonymous with is nothing more than a false sense of security. If you're not uber paranoid then it makes no difference to you, you're still going to use the key. If you are, it makes no difference to you, you're still not going to use the same key if you screw up. You can choose to use relays that honor deletion requests (or at least say they do, again, you can't enforce it or know for sure), and that's a nice thing if they do, but it gets you no guarantees as far as your security is concerned.
Yeah I much prefer my posts to be ephemeral online. If I say something I want to stick I have a blog for that. This place for me is akin to a chat in real life. I don’t want those captured for eternity either, although in this country maybe they are already…
@Ava This would be easy to test. Auto-write a note to each relay and then follow with a deletion event and then mark the relays 🔴🟢 I might try that, later.
apparently this "cybersecgirl" doesn't understand one of the first principles of signals intelligence: if it's too sensitive, don't send it over a public network, even if you encrypt it with GOD level encryption
Irrelevant to the point she's making, to be honest. There's a wide range between a customer expecting perfect security and wanton negligence from a service provider.
someone who touts themselves as an expert has a higher grade to pass
No, they don't. You just don't care about the OT and only joined the conversation to insult them.
yeah it's very relevant because if you are really worried about not being able to delete your posts you don't post them which is elementary signals intelligence
she doesn't get a handicap because she is a "girl" if that even means anything for someone who if you actually follow her stuff you'd see that she is constantly making shit up
Nah, by far one of the most high-signal npubs on here.
Agree. One of my favorite accounts on Nostr. Keep the posts coming.
good to keep abreast of who is a dupe
If a Note is on 1 node that deletes it, and another node still has it, will it somehow populate back to the node that deleted it if enough users are searching for it? i guess what i'm asking is are the Nodes interconnected. if this is like a Hub and Spoke network, then sometimes you have to fly from one hub to another hub to get to small towns or small relay villages.
the specification is very vague about this but part of the reason is there is no consensus you basically have to assume two things: 1. anything you publish is probably picked up immediately and stored by somebody 2. any delete or replace event is probably not going to be acted upon by somebody this is why fiatjaf and the general consensus among everyone who understands the protocol is that delete just doesn't work i'm one of the small number who points out that the very concept of replacement should involve a reference to chain them and that deleting should not be all or nothing but moving old versions to a state where they can be deleted but usually not immediately most of the nostr devs do not really understand distributed systems theory adequately, and i'm not a competent expert but they mostly understand less than me (i've been working on distributed systems since 2018 pretty much full time) anyhow, i hope that helps
Agree, if something can be performed as an "attacker" then you cant just standardize non-forceable good behaviour in participants. When online-status on nostr based on recent connections to relays!?😋
That's like saying we shouldn't bother locking our front doors because someone could break through a window. There is value in making misbehavior inconventient or counterproductive.
If the front door is really locked by a tech implementation that actually works, then yes. But internet makes things scale in a hardly to imagine way, and a "mostly locked door" easily become equivalent to an open door. Imagine exchanging offline paper messages using some sort of Ceaser Cypher to crypt them. In most cases, if you are not an high target or someone is motivated to see the messages, you have a mostly closed door that can work for some situations, protecting messages from accidentally leaks. Put that exchange-scheme on internet and you have an open door, you can consider your flawed encryption as exchanging cleartext.
this is why rule number one is: don't put sensitive data on a public network. period.
Nope. I disagree. I may decide to delete something just because I want to clean up or accidentally posted something. And it's bizarre if it stays in my feed, regardless, because a relay operator doesn't have their shit together or holds fanatical views on data retention.
Rude interactions like this are not Christ-like brother. I’m guilty of it as well
letting my brothers and sisters be duped by an obvious spook is not helping anyone either, and being afraid to speak that warning is not Christ-like either Christ spoke out against the scams of the system... and that's all i'm doing here it doesn't take an expert in espionage to recognise a counterintelligence operative (or loon)
Nothing they have said indicates they’re a spook
she doesn't know her subject at all and she acted like i was stalking her just because she kept on being replied to by my follows and made threats and shit she's either a spook or she's got a personality disorder are you going to tell me it is Christ like to not warn people about someone who is possessed by evil or?
Thanks for this. I didn't even know this is a thing. Some clients like @damus don't even support event deletion unfortunately. At least I couldn't find it.
there will be so many redundant caches that deletion is pretty much nonsensical on nostr. you can of course try your best but the idea of the note disappearing from every nostr database cache is a pipe dream. every damus client has a copy... what happens to the caches that are backed up and don't get the delete request. the data is still there.
Clients should request deletion events from the author of each note and if there is one, hide the note content in the client and indicate that the author has requested the deletion of this note.
Distinguished fellow, I implore you to graciously share your expertise on a matter of paramount importance: the identification of malicious Nostr relays. As one navigates the vast expanse of this decentralized network, the ability to discern trustworthy relays from those with nefarious intent is a vital consideration. Your insight and wisdom in this regard would be a beacon of illumination, shedding light upon a subject shrouded in complexity. I would be most grateful if you could indulge my request, and I extend my sincerest appreciation in advance for your forthcoming response.
it is a great nip
Not my main point at all. Those are your words. There are many other reasons. Here is my post from yesterday with another couple of examples of why not having a delete event function is dangerous. There are many more examples. The inability to delete posts on a platform like Nostr can have serious implications for personal safety, privacy, and overall well-being, particularly for vulnerable individuals or those in precarious situations. nostr:nevent1qqspwjy7f6u8gxy2tvu89ttjur4pwxe4qwnxen362x9lf0mgku7rk4spr3mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmqzyp8t3qcs666wm9wx6e4rjkea8n64nwzl4my0w6ga4l2qt2fwq4wk6qcyqqqqqqgtnwstz
