Oddbean new post about | logout

Notes by Vitor Pamplona | export

 nostr.band becomes the first provider to offer their trust analysis as assertion events, enabling users to select their service and display additional info about each pubkey from a global network standpoint. I hope more service providers join. 

This is particularly useful for summaries about users and events that are impossible for clients to compute locally, like the total amount of zaps sent and received by users, average daily zap amounts, most common topics a pubkey talks about, etc. https://github.com/nostr-protocol/nips/pull/1534 
 If you use open relays on Nostr, all your data is available for anyone to surveil you. 

This is why choosing the right relays for your content is important. 
 Imagine registering for a new account in your favorite Nostr client and instead of getting the boring global trending, you are presented with posts from your city/neighborhood. 

That's where we are going.  
 Yep. It's basically onboarding with the local community first in the hopes that less trash is available. 
 We will have more of them as soon as we ship it.  
 No need to.  
 Also, unless you are using Tor for everything, you are already giving your location to relays. 
 Yeah. You can just connect to a local relay.

Or you can connect to a global relay and search for posts from a city/state/country, depending on how many posts you want. Obviously that filter can be from anywhere, it doesn't necessarily mean you are in those locations. 
 Nip 29 could work, but we can also just do geotagged kinds 1s in the default relays. The key part is helping people to setup the feed and to help them post exclusively to locations like on https://github.com/nostr-protocol/nips/pull/1233 
 Something is up with my #amethyst recently. New posts from follows are not showing in my feed. Ca... 
 I can see your feed. How is your General Relay list setup? 

Are you using Tor? If so, something could be blocking it.  
 Which should we develop next on Amethyst? 
- a Jobs board where you can offer your services and find people to hire, fiverr style. 
- local feeds, where the app will present a feed based on locations and allow you to post only to people in your location.
- integration with nostrnests, with voice participation, like on Nostur/Twitter spaces.
- realtime voice and video calls that integrate with 0xchat. 
 
 
The deletion thing is a bug on your keyboard. There is nothing we can do to fix it. 

We can fix the search thing. 
 Yep, on Amethyst and any app that uses the jetpack compose. Basically the keyboard is too old for the new APIs. 
 The public inbox relays should receive your notes if you are tagged on them. So all your replies, likes, zaps etc go to your inbox as well. New notes shouldn't. Because a reply cites a post, that goes also goes to your inbox/outbox to make sure your follows can find it when loading replies from you.  
 On the relay side, I think that is a feature for Citrine itself, since Amethyst is not supposed to be a relay. 
 But then if you use 10 clients, you get 10 duplicated databases. It's not an efficient way to use nostr, especially if we start using more micro clients.  
 Unless you have an embed Tor :)  
 Yep. That was the purpose of adding it :) 
 It varies if the network is busy or not, but the average user doesn't notice a difference on an average day.

I have used it for everything for the past 4 weeks or so. Tor disconnects when the app goes to the background and reconnects when it comes back. Connecting takes about 200ms but from there it all loads with a couple frames of difference.  
 Yeah, I was surprised as well. It will never be the same speed as the open web but extreme speed is overrated. You can design things in ways that minimize the impact on users while significantly increasing privacy and decentralization.  
 Does nests uses NIP-100 for webrtc? nostr:nprofile1qqsr7acdvhf6we9fch94qwhpy0nza36e3tgrtkpku25ppuu80f69kfqpramhxue69uhkummnw3ez6un9d3shjtnyv4ex26mjdaehxtndv5hsz9mhwden5te0wfjkccte9ehx7um5wghxyctwvshszxthwden5te0wfjkccte9ekk7mt0wd68ytnsd9hxktc79dllq nostr:nprofile1qqsx8lnrrrw9skpulctgzruxm5y7rzlaw64tcf9qpqww9pt0xvzsfmgprfmhxue69uhhq7tjv9kkjepwve5kzar2v9nzucm0d5hsz9thwden5te0wfjkccte9ejxzmt4wvhxjme0qyvhwumn8ghj7un9d3shjtnndehhyapwwdhkx6tpdshssfnq7m?  
 cause I am not a web developer :)  
 Kinda similar to marketplace, but with people for hire instead of products.  
 nostrapp.link  
 Have you used highlighter before? It might have added automatically  
 Well, you can log into nostrapp.link on a desktop and remove the recommendation  
 Final ruling in Epic v. Google, ordering Google to effectively open up the Google Play app store to competition, is some awesome news.

Google will have to distribute rival third-party app stores within Google Play, and it must give rival third-party app stores access to the full catalog of Google Play apps, unless developers opt out individually.

It also forbids Google from requiring the use of Google Pay on apps shipped through their store, freeing devs to offer other payment APIs to go around the 30% fees from Google.

This is a separate judgement from the DOJ vs Google that is considering a breakup of Google, forcing it to sell Android, Chrome and some other units.

 
 It should but I doubt it will. Apple will put up a much bigger fight because the Apple Store is more fundamental to Apple's survival than the Play store is to Google.  
 I am sure they are going to build whatever text wall they can. But this is a win regardless  
 Random dev thoughts: Would it be a good idea to do an open source web push notification server fo... 
 Yep, it would be super easy to make a push notification mini client that simply receives a push event and redirects to installed clients based on  NIP-89 and a simple URI intent.

Many push clients could use different stacks: Google/Apple/Samsung/UnifiedPush/Foreground service that keeps connection to the user's favorite relays etc.  
 Checking some padding/marging/rendering issues with under screen camera placements in some phones today. Can you reply this post with a screenshot of your Amethyst home feed (make sure only public info is there) and the phone brand/model you are using?

Thanks! 
 STAY HUMBLE AND STACK YOUR HEALTH DATA ON NOSTR. 
 Nopes. 
 You can send a vision prescription to yourself today: Desktop-only vision prescripton micro app demo: http://lazereyes.nosfabrica.com 
 Yep. That's basically Nostr but instead of relays, the information is privately stored in the QR.  
 Why are you in Nostr then. Every single post is a certificate. 
 Yes I know the difference. The state can force you to show your Nostr posts. They can do this literally with everything, including Bitcoin as well. In fact, most health checks were made with the regular CDC card, which is not signed. Adding things to Nostr doesn't change any of that. 

Tech is tech. The state can always fuck any stack. 

Also, the state already has access to your health data on today's system centralized systems. Adding Nostr, removes some of their existing knowledge of you because you can store it in your own relay, away from governments and b8g corporations.  
 You are mixing things .. I am not talking about the key. It's about your posts. The things you sign. 

Also Health data is encrypted. 

Also, you can just put your health data into a Nym account. It's up to you.  
 What you don't understand is that if people allow, government can always put you in jail for anything they want. During COVID, people allows governments to check if you have taken the vaccine or not. They dont need a signed QR for that. The CDC card was used more than any QR code was. 

It's about how gov uses the tech, not the tech itself.  
 nostr:nprofile1qqsdfgaktp2sfsh80jvxl4qc5pqyppayhdwsmtc4afv894ly5ty9h8qpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtccs6eyz 
 Yep, we want/need 1000s of these projects.  
 Why would opening the option to put your relay data on Nostr, on any relay you choose, reduce your options? I don't think you understand what we are building. 

No one is requiring you to use Nostr, or any particular client or relay. 

We are pushing the amount of options to the limit.  
 The health care system has been doing this for 20 years. We are breaking that up by allowing users to choose relays, clients and which keys they want they data encrypted to.  
 >  You had and still have this fucked up view that the State is all powerful and the people, individuals, don’t have any say in the matter.

What did I say that makes you think that? 

I said in this post that it's all about what people let their governments do. I don't know how do you even go from there to your conclusion about me. 

In the end, you can use Nostr and opt out of the health care system as it is today and keep your info with the government or not. It's up to you.  
 I have 15 years in multiple levels of health care. Believe me when I say that if the government wants your data they WILL have it. They have all the power over the rest of the players inside health care, both officially and unoficially. Picture what happened on the censorship level with Twitter and Facebook over the past decade and apply the same methods to ALL health care companies, constantely, over the past 30-40 years. 

If you trully think government doesn't have the power, you are the one being naive about this. 

But yes, obviously all juridictions are different and get your data in different ways. I know particularly well the US, canadian, european, indian, chinese and brazilian system. Other than that, all dictators out there have full access to your data. Indian, Chinese and brazilian systems do have your complete health record with the government. Europeans and Canadians also have large chuncks of their health information with the government. US is per state. Some states have a lot, some states have little info. But all states have SOME info. The Federal information usually comes from the insurance companies when you use them. 

Anyway, if you trully think the status quo is good and you want to support the government surveillence that exists TODAY you can keep using it. 

All we are doing is to create a balance of power, where patients can decide where to store their data, which clients they cant to use to access and manage that data, and which keys they want to encrypt that data with. 

 
 Yes, Amethyst already displays Vision Prescriptions :)  
 Yep, that's why it's important to know your relays and work with them to manage your data correctly. Encryption can only go so far. 
 If Nostr had a token everybody would be here. 

But for the wrong reason.

GM. 
 GM Nostr. 

I was chatting with a friend about MLS messaging yesterday and he said something that... 
 They should be able to do that without using anything more than basic crypto libraries. 
 It's Friday... You know the drill. We ship.
nostr:nevent1qqs959p8r87kg2v5hwz5wcs0ypr8arwgs96agjj7dn4y8zntkmgzt4cppemhxue69uhkummn9ekx7mp0qgs24yz8xftq8kkdf7q5yzf4v7tn2ek78v0zp2y427mj3sa7f34ggjcrqsqqqqqp7ha8d6 
 Dystopian versions of smart homes aside… couldn’t you build a comprehensive Nostr IoT client ... 
 There is a NIP proposal for IoT devices somewhere...  
 A big challenge of client performance is that you cannot optimize filters. There are a few object... 
 Yep... And this is one of the reasons people tend to use a large number of relays. The reply times are quite "random" from the set of relays they have. Adding more relays just makes things work out of luck.  
 Removing it is a step, but it doesn't undo the fact that users' privacy has already been violated... 
 So, I am not finding any reference to Google analytics on the WP's scripts. Can you point me to where you found the Google link? 
 Breaking silos doesn’t mean breaking the law! 🚨 You can’t just hand over user data to 3rd ... 
 We will remove it. The website is just using a default install of WordPress... So relax... 
 Btw, your profile picture doesn't load over Tor. Why are you tracking everyone's IP? 
 I know..  
 Hahahah.. look! They are breaking down the silos of a 3T  dollar industry! Oh no Google analytics on the company's website... Everything is wrong.  
 Health Care 🤝 Nostr. 

Micro apps all the way. 

Who else is joining this movement?
https://nosfabrica.com/ 
 It's a micro website 😅 
 Encryption + private relays. 
 Everything will be saved in the patient's relay. 
 We are counting on it. When they noticed it is going to be too late.  
 Yeah, my bad. This was part of the old template. 
 You want microapps? You are going to have micro apps!
nostr:nevent1qqstefmq6hrlyq0u2xgrgpxct73ryg7u77kl52cch60unxy4ufhg8dcpzemhxue69uhkummnw3ex2mrfw3jhxtn0wfnj7q3q8pudjhdhhp2v8gxnkttt00um729nv93tuepjda2jrwn3eua5tf5sxpqqqqqqzpjtmpd 
 Hum... Gotta fix that 
 In my nap dream I went truly nostr only and deleted every app from my phone and only used nostr a... 
 Imagine creating a bank account with just your npub...

Oh wait!.. 
 It will come in time 
 I will need your services in a consulting gig soon. But let me get some cash first. 
 Nostr transmits notes and other stuff over relays.  This is good.  However developers are using n... 
 I don't think this is optional for non-personal relays. They will have to grow up to use thousands of servers if they want to serve users globally.

The Client won't even know if it is an enterprise stack or not. It will just use the same interface we have today. 
 True, bandwidth will always be high on Nostr. But Negentropy can help. Clients most likely will have to have a local relay to sync to and work with directly. And some of the Client-side processing will never be possible to solve, like like a true WoT with graph analysis. 
 It's New-NIP Friday!

Certain calculations in Nostr require access to the entire dataset of events and are impossible to do directly by Clients. This NIP offers a simple way for users to declare their trust in  service providers for those calculations.

https://github.com/nostr-protocol/nips/pull/1534 
 Makes sense 
 Hum.. it has nothing to do with NIP-78 because it is not client-based. 

Its more like relay lists: you just select a few for the app to use. 

Trust is needed because they are doing the calculation for you and there is no way to check if the calculation was done correctly. 
 That's correct. But none of those settings are saved on NIP-78. They have been generalized to be used by any client.  
 You can def do Place scores and things like that. I don't know what other assertions it would need to be signalled, but it could be added.  
 Nice! Yeah, it feels like BTC Map can attest for who currenctly controls each place in this PR. We just need to create a new kind with the d-tag equals to the identifier of the place. That event would then have a "result" field with the pubkey of the current owner.

Or maybe the opposite, the event's d-tag is the user and BTC Map lists the locations that user owns.  
 In the early days, yes. As it grows we can break it off. 

Right now we just need to start the work of specifying stuff. 
 I just added a "Common Topics" idea that will just bring up the common topics each of us write about and allow clients to display in each user's profile. 

This could become a really cool NIP, with lots of real value-adds by decentralized services out there.
nostr:nevent1qqswhw3c4l60tcpvv99ul576akq9m3zwhhest00slutuqk8d8vea7uspzemhxue69uhkummnw3ex2mrfw3jhxtn0wfnj7q3qgcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqxpqqqqqqzdrmup7 
 Is there a way I can tweak an EXISTING secp256k1 signature with a user's pubkey so that only that user's private key can verify the event without allowing that user to find out the event's real signature?

Meaning, can I give an event to a user without allowing that user to reshare a verifiable version of the event without also exposing their main private key? 
 The idea is indeed to disallow re-sharing. 

Picture a company relay. All the information should be strictly contained into that main relay. 

However, for Nostr clients to work, they need to verify events by themselves. Which means they receive a full copy of the event and can re-broadcast that copy to another relay very easily.

That creates a problem.

We could just delete the signature field and ask Nostr clients to not verify and "trust" that the company or its relay is not modifying the message from its original author. But relying on trust defeats the purpose of using Nostr in the first place.

Since the company relay authenticates who is connecting to them, it could easily modify the event to make sure only that user can verify it. 

My initial solution was simply to encrypt the signature field to the pubkey of the connecting user. Then the client would have to decrypt it before verifying. The issue is that once the user has decrypted, the user has access to the full signature in plain text and can add it back in the event and re-share it with another relay. 

Which is not really a solution to the problem.

This led me to the question in this post. How do we make a modified event signature that only one user can verify. It could be still possible to allow other people to verify the new event, but that implies having to make the user's main private key public and hopefully there is enough sensitive information in that private key to serve as a deterrant from users doing so.  
 Interesting... I need to do some testing, but maybe this is the beginning of a modified Nostr protocol for enterprises and trully private groups.

I do think there is a lot of need and money waiting for solutions in that realm.  
 release notes: nostr:naddr1qq8k2m3dwfjkcetpwdjj6v3c9ccqzymhwden5te0dehhxarj9eurqe3wdaexwq3qga6sza...