"WORD!" 

 I agree and I feel that we need to embrace delete because it’s both important for users and a core part of how Nostr works. 

Here’s what I wrote about from February reposted.  There’s both a link to the naddr and a viewer version on habla.news since a bunch of Nostr apps don’t support it and the long form post. 

naddr1qqyk7m3dv3jkcet5v5q3gamnwvaz7tmjv4kxz7fwv3sk6atn9e5k7q3qwmr34t36fy03m8hvgl96zl3znndyzyaqhwmwdtshwmt

https://habla.news/rabble/on-delete 

 Sending you a DM. 

 i hope its a nip17 dm, and a nice protected relay like inbox.nostr.wine or auth.nostr1.com 

 Im surprised that ephemeral notes is not the norm. From a design perspective, over a long term timeline, storing everything on relays permanently seems unsustainable.
It seems more reasonable that the default time a note exists on a relay should be some arbitrary number of days, with permanence being a service or a self hosting option. 
Where the idea of storing everything forever came from I don’t know. 🤷 

 "The bad people" can and will store anything broadcast on Nostr that interests them, for as long as they please, NIP-09 be damned.

It is _polite_ for relays and clients to honour NIP-09 requests, but let's not mistake that for any kind of security.

At best, this could inconvenience bad actors who (a) lack the resources to store everything even short term and (b) who first took an interest in your account AFTER you posted a delete request for your content of concern.

Yeah. Nah.

SSB was very good training there. 

 this whole topic is very odd.
the way people respond is quite strange. 
People who want it, invoke portents of doom.
And people who don’t, misrepresent difficulties in achieving it as gigantic impossibilities, so don’t even try, and you’re dumb for suggesting it.

The amount of emotion connected to this, and the know it all vibes seem quite weird and out of place.

it’s a curiosity 

 I didn't use the word "dumb". 

I prefer to think they haven't given thought to the practicalities of retrospectively changing data that was broadcast in an open ecosystem that already has bad actors inside the walls. 

 I have no emotion about it one way or another. I see logic in all the arguments. I’m just trying to determine for myself if the overall misplaced weirdness in these conversations is driven by ego and immaturity, with a dash of Twitter style toxicity habit, or if there are  some underlying motives.
I think you’re all great. 🤷 

 I think so, too. 

I've followed @ava since about the first day I joined Nostr, and her posts are very informative.

But this particular issue attracts too much wishful thinking and not enough information theory. 

 It is like seeing Stargate and saying we should build those and explore the universe... It would be great, maybe it is even possible with technology advanced enough—who knows, but right now I can't imagine it could be done. It is not dumb to ask for something like that per se, but it doesn't change the fact that it can't be done.  

 This community has gone from "delete nothing" to "we need deletes for privacy"

This community has gone from include everyone, to just mute anyone you don't agree with.

This community went from using no kyc WoS to kyc strike.

Honestly, I could keep going, but the point is that nobody knows what they are doing here...

We're all just here.


 

 Talk about yourself, this community is bigger, don't generalise.  

 I've been observing nostr and it's users since mid February of 23.

I'm not generalizing anything. 

It's all just the truth.  

 Lets say a scoped truth, but ok im not going to discuss if you see it that clear 👌 

 im sure you already know this but delete on kind1s appears to be checkmate for nostr if this is indeed a goal of your use of kind1.  nostr kind1 was designed to resist censorship by ensuring anything signed as kind1 can be sent everywhere.

im not against delete, most relays do honor the request, but its very difficult to do because messages propagated by clients themselves will continue reappearing.  much like any large database, deletes are often impossible and more often just a flag that says deleted while the info remains.

again, this is what nostr was designed to do, so thats why you sense that toes are being stepped on hehe 🍄 

 ^ t-y 4 kicking this off! & all commenters t-y! 

 oh ya, upgrading client-side steadily for a bit 

 I'm sorry, but I have to strongly disagree with you. Delete requests honoring can't be enforced on the protocol level. And the idea that it can be done and users could rely on it is dangerous. 

For relay to be compliant with the protocol (now or in the future) is enough to not return deleted notes, but you can't make sure that there is no copy of the old notes. Maybe they are still in the database with deleted flag, or they are in backups or they were broadcasted to a private relay not accepting kind 5 at all and you can't query it... 

By changing the wording in NIP-09 from SHOULD to MUST you are not going to change the reality. The only thing which happens is that users will get a false hope of security. 

Most of the relays and clients are honoring the delete requests to the extant that you can get rid of typos or accidental likes. This is good enough for me, but I do automatically assume that bad actor can have all my notes and keep them indefinitely. 

You are right about the one key pair being dangerous if leaked and the idea of using child keys for different services and applications is something we should be talking more.  

 How do you make a delete request to relays? 

 Read NIP-09, but in general it is a kind 5 note with tags specifying what should be deleted.  

 I just clicked another button on amethyst and there is the request delete option. I will add nip 09 to my reading list. This is kid in the candy store time again. Thanks for your pointer 

 Amethyst does seem to include more features than any desktop client I've tried. It seems to be the way of the world now. #fedilab, one of the #android #fediverse clients is better than any of the desktops clients. Kind of annoying for those of use who prefer to keyboard and mouse our way through life 😞  

 Tell me about it. My desktop isn't bang up-to-date as it is, so I'm usually on the phone  to check out nostr apps.  

 > For relay to be compliant with the protocol (now or in the future) is enough to not return deleted notes,

Also, they can choose to not be compliant. What is anyone gonna do about that? Be angry and scream "you're not compliant"? 

 Openly non compliant relays are much better than relays pretending to be compliant. You can at least theoretically choose not to use it, but still someone else can broadcast your notes on it. So yeah, in reality the only difference is the deception.  

 🍿 

 Having the event is useful of course, but I don't think it solves the underlying privacy issues because relays still can decide to keep the "deleted" notes, secretly or publicly. And non-tech newbies gonna see the button and think that it works like a delete button on Twitter.

I really like the idea that people have to think about what they publish on Nostr. 

 Where posts are full of embarrassing ideas or typos,  deleting is a sledgehammer to crack a nut. Surely an easy solution is, replying to yourself and putting in a disclaimer or explaining yourself better. That subscribes to the idea of owning mistakes and showing growth.

But where an error is disastrous, accidentally posting a private key, that needs some sort of consensus from relays to delete or within apps, some way of parsing and flagging before a final publish. Like where say URLs aren't recognised on some forums etc 

 I love clients that have an "undo" window. 

Don't post immediately. Let me undo whatever I did for a couple of seconds, and if I don't, broadcast it. Prevents a lot of fuck-ups. 
nostr:nevent1qqsp963hwqq430qencm9luk6t2qz5snkgn2mpex243htargfuswdqxspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygzwhzp3p445ak2ud4n289dn6084txu9ltkg7a53mt75qk5jup2ad5psgqqqqqqsh7ev03 

 You are so so early 😉 

 What do you think about the bridge mechanism implemented by simplex to hide clients IP being implemented on nostr? Something similar to protect relay runners would be amazing too IMO. 

 Woke up to see this post. 

I have an initial opinion, but not a very strong opinion because I haven't thought much about it, but I am LOOKING FORWARD to thinking more about it.

I love waking up and finding something interesting to think about.

And maybe in the end the network that host the most interesting questions and debates is the one that will win.

Great post.

nostr:note1zt4rwuqptz7pn83ktled5k5q9fp8v3x4krjv4trwh6xsnequ6qdq4q7nhj  

 Great post. 

 So if deletes are challenging - as we have to trust & would often end up only being ’flags’ -  what about edits? As long as connected to the same relays, can you edit notes reliably? 

 Can't count on deletion requests being honoured. Maybe start afresh with a new Nostr key pair every now and then? 

 You won’t have a permanent record if you stop relying on others’ relays 

 Just sounds like reusing wallet addresses onchain. Right?  

 once published someone can always screenshot / ai / mod n repost
so even deletion will NOT purge anything that goes viral in reality - copies with another eventID will be floating all over.
nostr digital track n trail will be always open n traceable except for DM content 

 @note1u2hgxt27l25wx8fcpuzmepa0pgs48xpzwsa62jv4pxxj9endtlfqu0xvuq 

 Thank you for sharing this.
It’s something the team and I have been grappling with while building on Nostr. 

 yea, delete being flaky was one of the first things i've noticed here, it definitely makes me more hesitant to post 

 Aha!! you are here. Glad to see you fren. :) 

I just post to private member only relays if i am feeling paranoid. 

 good to see u too !!! 😄

haha i'm trying to be as little paranoid as is viable, unfortunately that's still a fair bit
i'm still pretty light on the technical details here, haven't done anything like manually setting a relay, maybe i should consider running my own on x0f.org 

 :D 🧡

maybe strfry would be of interest to you as its in c++. 

 We need better keys, but demanding to be able to delete things from the Internet is a pretty hot take. There's no way to require relays / clients / the NSA / ransomware to behave a certain way. What's been said cannot be unsaid. People can choose to publish first to relays that (appear to) honor deletion. Most devs that push back probably do so out of concern for people fooling themselves into thinking that something has been erased. 

It's of course possible to build something more sophisticated on top of the current protocol. Something with limited distribution that's more likely to bitrot than survive. Not many relays are going to retain encrypted messages that are megabytes each, though archive.org might and the NSA of course will.

So, the energy is right, but taken at face value the demand to be able to delete messages doesn't make sense. 

 You can delete your events on

Snort
Nostur
Iris.to
 
or here:

https://nostr-delete.vercel.app 

 Even if the protocol very strictly mandated, in NIP-01, from the very beginning of Nostr, that relays delete events upon request, how would you ever be sure that they do? Anyone can develop a relay that doesn't. You could argue that such relay wouldn't qualify, technically, as a "Nostr relay", but so what?

Also, even if everyone avoids such relays (how would you? They could just selectively refuse to delete some of the notes. They could even hide them for two years, just to trick you, then put them back online), anyone can build a Nostr archive which pulls from public relays, then publishes all notes and refuses to delete them.

You could rely on the law and sue such relays, but they can be in any country and/or behind a darknet.

> Nostr, as it is right now, is a permanent record that seeks to tie all of your apps and your coin transactions to one key pair.

Don't use it for anything related to "coins". Use it for things you want to stay published.

> Relays must use the protocol to participate in the network.

No, they do not have to. They can break the protocol in tactical ways that will still allow clients to interact with them.

> If the protocol requires honoring event deletion requests to participate in the network, then Nostr will have avoided this festering security and safety issue.

Absolutely not. You can just build a non-compliant relay.

In the context of security you *NEVER* assume that your "attacker" will comply with any rule whatsoever.
Every party gets to decide everything about their own behavior and you must act in a way which will be secure regardless of the ways in which others will act.
You can't "defend" yourself from "bad" relays by telling them to delete events. There is nothing you can do that will make them do so, unless they are well-meaning.

But even if all relays you use behave the exact way you want (which you can only know if they are run by parties you know and trust), anyone can and will do whatever it is that you hope won't happen: get on Nostr, fetch notes and publish them again, refusing to delete them.

If you aren't assuming someone *will* act against you, in the smartest way they could, you are not doing security. 

 Exactly. You cannot unpublish information for the same reason you can't unleak a key. 

 Yes, that's a good way to put it.
Writing in a protocol not to do bad things isn't security. 

 🤝 

nostr:note1zt4rwuqptz7pn83ktled5k5q9fp8v3x4krjv4trwh6xsnequ6qdq4q7nhj 

 🫡 

 many points to think about. thx! 

 Even if there was a delete on relays that honored NIP-09 wouldn't there be backups on Cloudflare/ Amazon etc?  

 Sorry, what you ask is technically impossible in a decentralized and censorship resistant protocol. Actually, it's quite dubious in a centralized one, too. 

 Screenshots effectively make this moot in centralized ones too 

 It's not only a screenshot matter, in a centralized environment you cannot be sure that what you deleted is actually vanished from the service database. 

 Use burner npubs. You can't build a following / brand / whatever, but if the goal is privacy who cares? 

 Important points are mentioned here. I have already criticized in the past that the "right to be forgotten" with the Nostr protocol is hardly or only very poorly implemented. And I also know the reasons and arguments against it.

But that is precisely where the challenge lies. If you want to boast that you it's a decentralized system, you also have to manage all the basic CRUD operations with it. Otherwise, it all still feels very much like an alpha version.

So no excuses; no matter how hard it is, it has to be done. Especially when you get into the promotional phase and you're pushing it as a serious alternative to fiat social media. Otherwise some, especially newbies, are in for a rude awakening.

nostr:note1zt4rwuqptz7pn83ktled5k5q9fp8v3x4krjv4trwh6xsnequ6qdq4q7nhj  

 I mean just to play the devils advocate. 

None of the NIPs are enforceable, so even if nip-09 exists, there's really NOTHING you can  do about a relay that doesn't honor it,  other than trying to make sure your note doesn't reach it, which is very hard since anyone of your followers can broadcast it to such a relay.  

Its really not much different than someone screenshot-ing your tweet. 

I like @rabble 's  take on being able to dissaciate from your note atleast as a signal.  

 nostr:nevent1qqswzks26hvt4pg9rjcr6fhu4hl823hvkefv6w7clrjdqerjq32tx4sprfmhxue69uhhyetvv9ujumn0wd68yurvv438xtnrdaksygzwhzp3p445ak2ud4n289dn6084txu9ltkg7a53mt75qk5jup2ad5psgqqqqqqsqxvd2g 

 Also:

nostr:nevent1qqsvvjj79hngatu0ak0k7fzxx7vyngnvw0mezmyd683xl7ws2k59knspr3mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmqzyp8t3qcs666wm9wx6e4rjkea8n64nwzl4my0w6ga4l2qt2fwq4wk6qcyqqqqqqg35vvhs 

 Good, but again "none of the nips are enforceable" trying to use the law to scare people into deleting might actually work for big relays, but "you'll never know" if it actually worked. 

 It's okay for messaging and maybe even closed groups, publicly available notes are "publicly available" trying to remove them is almost futile. 

 What is your take on privacy regarding the npub? Anyone who knows it can see Nostr through my eyes. The broader the user base and the topics here become, the less I want everyone to see who I follow and what I’m interested in.