I think forward and backward secrecy are unachievable in Nostr. You can either be able to load your DMs in many clients and not have any type of real forward and backward secrecy OR you can have DMs that are only visible in the originating client, and thus "broken UXs" everywhere else and then yes with forward and backward secrecy.
There is no way to do both.
Then you have just broken forward and backward secrecy: Attackers can use that feature to reassemble the ratchet state and decrypt all your messages, past and future.
If you are interested in exploring it..
This PR seems clean enough, but adds a little complexity with multiple relays and multiple keys per conversation pair. It works even for group chats, since users can have access to separate aliases even inside the same group.
https://github.com/nostr-protocol/nips/pull/1306
I think forward and backward secrecy are unachievable in Nostr. You can either be able to load your DMs in many clients and not have any type of real forward and backward secrecy OR you can have DMs that are only visible in the originating client, and thus "broken UXs" everywhere else and then yes with forward and backward secrecy.
There is no way to do both.
If you don't use aliases, yes. But in Nostr, your key is always receiving something. Since the public doesn't know if it is a valid message or noise, you can't see the sender and even the time is unreliable for time-collision algos, it's a simple scheme that's truly powerful.
You can always add new keys to it, if you want more privacy, but all algos that I have seen make it worse by leaving extra breadcrumbs in Nostr to be found and broken into.
If you are interested in exploring it..
This PR seems clean enough, but adds a little complexity with multiple relays and multiple keys per conversation pair. It works even for group chats, since users can have access to separate aliases even inside the same group.
https://github.com/nostr-protocol/nips/pull/1306
In the end, you can always simply use a Private Inbox relay (like inbox.nostr.wine) and no one will see your DMs, even if your keys are listed there.
It's hard to beat that simplicity.
Nothing completely solves the problem since any app will always have to ask the relay or a server for messages that match a given query. That query is the public identifier of the user and can be simply traced over time and mapped out with IP and other actions in the protocol.
Yep, because the reality includes all these layers. And they break each other constantly. You can't truly claim any privacy without considering all these layers combined.
The icons enable or disable those relays for Home, Messages, Chats and Global feeds.
Just keep in mind that they will soon disappear. This is a relic of the old model and for now still work, but it will be less so over time.
There is still some interference between two Tors running side by side. If Orbot is always running, it's likely that the Tor lib inside Amethyst is just sharing that connection.
My main pain is event lifecycle management. In summary, the database gets too big too fast and start getting slow. So, the app must rotate event database, even in disk, very quickly.
We need to find an abstraction where the UI tells the core when it's ok to delete stuff.
For instance, let's say the user has a Global feed for about 30 minutes and then leaves back to the regular follows feed. Most of the Global feed notes should be deleted.
Save when the person visits a profile. The app loads a bunch of stuff into the database, but those events are irrelevant later and should be deleted.
If you are doing a client that shows the latest note for each custom feed you have, like the list of people and latest messages of a chat client, you are loading and deleting stuff all the time.
When chatgpt gets a headshot on the first try...
Q: What do social apps miss?
Social apps often miss several key elements that can significantly improve user experience, privacy, and overall value. Some of these areas include:
### 1. **Data Ownership and Privacy**
- **User control over data**: Most social apps collect and store vast amounts of user data but offer limited control over how it is used, sold, or shared. Users should have better control over their personal data and clearer options for opting out of data collection.
- **Decentralization**: Many apps are centralized, which can lead to data breaches, privacy issues, and lack of user autonomy. Platforms like Nostr are exploring decentralized models that prioritize privacy and control.
### 2. **Mental Health Considerations**
- **Designing for mental well-being**: Social media apps often amplify anxiety, depression, and feelings of inadequacy by promoting unrealistic lifestyles or fostering addictive scrolling behavior. Apps should consider mental health by encouraging mindful usage or promoting content that fosters genuine connection and well-being.
### 3. **Authentic Engagement**
- **Less emphasis on virality**: The focus on metrics like likes, shares, and views encourages content designed for mass appeal rather than meaningful interactions. Platforms that prioritize quality, in-depth engagement, or meaningful connections often produce better social outcomes.
- **Smaller communities**: Large-scale social networks tend to dilute the quality of interactions. Supporting smaller, niche communities can lead to more meaningful and relevant conversations.
### 4. **Content Moderation and Freedom of Speech Balance**
- **Fair moderation**: Many social platforms struggle to balance content moderation and freedom of expression. They often face backlash for inconsistent moderation practices. A clearer, fairer moderation policy could help maintain trust while fostering open discussions.
- **Algorithm transparency**: Most apps hide how their algorithms work, which can lead to suspicion and misuse. Greater transparency around content recommendation algorithms would allow users to understand and control their feeds better.
### 5. **Data Interoperability**
- **Cross-platform interactions**: Many apps operate in silos, limiting the user's ability to move their data or social connections across platforms. Offering interoperability or easy data portability would enhance user freedom and reduce dependence on a single app.
### 6. **Monetization Models**
- **Alternatives to ads**: Most social apps rely heavily on advertising revenue, which drives the focus on user data collection and engagement maximization. Exploring alternative revenue models, such as user subscriptions, micropayments, or decentralized monetization (e.g., Nostr's Wallet Connect), could reduce the need for aggressive data practices.
### 7. **Diversity in Social Interaction Models**
- **Beyond text and images**: While most social apps revolve around text, images, or video, exploring new interaction formats such as augmented reality, virtual reality, or richer multimedia experiences could increase user engagement in more creative and interactive ways.
### 8. **Long-Term Value**
- **Archiving and meaningful records**: Social platforms often miss opportunities to help users preserve valuable memories or connections in meaningful ways. Offering features for users to better organize, archive, and access their digital histories could add long-term value.
Would you add anything else?
Acho que o highlighter gera 2 eventos quando vc escreve um comentario.
nostr:nprofile1qqs04xzt6ldm9qhs0ctw0t58kf4z57umjzmjg6jywu0seadwtqqc75sprfmhxue69uhhq7tjv9kkjepwve5kzar2v9nzucm0d5hsz9thwden5te0wfjkccte9ejxzmt4wvhxjme0qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0y8qdrm is highlighter going with the `comment` idea from nostr:nprofile1qqsr9cvzwc652r4m83d86ykplrnm9dg5gwdvzzn8ameanlvut35wy3gpzpmhxue69uhkummnw3ezuamfdejsz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcpz4mhxue69uhhyetvv9ujumt0wd68ytnsw43qdwkdtx or are you creating a separate kind 1 post for the quote when the user adds a comment?
nostr:nprofile1qqs8y6s7ycwvv36xwn5zsh3e2xemkyumaxnh85dv7jwus6xmscdpcygpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz8thwden5te0dehhxarj9ekh2arfdeuhwctvd3jhgtnrdakj7qghwaehxw309aex2mrp0yhxummnw3ezucnpdejz7qxvpy4 has to add Amethyst's key to his relay :)
Transactions are never free. If they are free, you are the product.
From Primal's Terms of Service:
Transaction fees for incoming and outgoing payments within your Primal Wallet are a combination of bitcoin network fees, fees charged by Primal's affiliates (if any), and fees charged by Primal (if any). Transaction fee policy is subject to change without notice.
I think nostr:nprofile1qqs8y6s7ycwvv36xwn5zsh3e2xemkyumaxnh85dv7jwus6xmscdpcygpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz8thwden5te0dehhxarj9ekh2arfdeuhwctvd3jhgtnrdakj7qghwaehxw309aex2mrp0yhxummnw3ezucnpdejz7qxvpy4 was signing for us.
nostr:nprofile1qqsr7acdvhf6we9fch94qwhpy0nza36e3tgrtkpku25ppuu80f69kfqpramhxue69uhkummnw3ez6un9d3shjtnyv4ex26mjdaehxtndv5hsz9mhwden5te0wfjkccte9ehx7um5wghxyctwvshszxthwden5te0wfjkccte9ekk7mt0wd68ytnsd9hxktc79dllq does nostrnests.com run over Tor?
nostr:nprofile1qqst94nsmefmya53crp5qq39kewrtgndqcynhnzp7j8lcu0qjple6jspzpmhxue69uhkummnw3ezuamfdejsz9nhwden5te0wfjkccte9ec8y6tdv9kzumn9wsq3qamnwvaz7tmwdaehgu3wd3skueqtvj70p is collecting names
https://github.com/0xtrr/onion-service-nostr-relays
Thanks to nostr:nprofile1qqsrx4k7vxeev3unrn5ty9qt9w4cxlsgzrqw752mh6fduqjgqs9chhgppemhxue69uhkummn9ekx7mp0qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qg3waehxw309ahx7um5wgh8w6twv5hsxct838 and npub.pro :)
nostr:nprofile1qqs8eseg5zxak2hal8umuaa7laxgxjyll9uhyxp86c522shn9gj8crspzemhxue69uhkyetkduhxummnw3erztnrdakj7qgwwaehxw309ahx7uewd3hkctcprfmhxue69uhkummnw3ezuargv4ekzmt9vdshgtnfduhsgjx9px says .onion personal relays are coming to relay.tools 😁
nostr:nevent1qqsfyw6qsvjhcn2clltdl2vflp4awcqdhm6z57jhgv2zupg6yejka9cppemhxue69uhkummn9ekx7mp0qgs8eseg5zxak2hal8umuaa7laxgxjyll9uhyxp86c522shn9gj8crsrqsqqqqqp7xeeja
Tor version is up! But I will keep this in pre-release for now check for bugs. Please use Obtainium to get it (you have to activate pre-releases in their settings.
nostr:nevent1qqsf3u4v47dnadcdsas8jsh9wmu6pp4v9zklx7rfm2dznayptnk2epspzdmhxue69uhhwmm59e6hg7r09ehkuef0qgs24yz8xftq8kkdf7q5yzf4v7tn2ek78v0zp2y427mj3sa7f34ggjcrqsqqqqqpt6z7yh
The difference is that play has automated translations and notifications from Google and FDroid doesn't have translations and notifications are for ntfy
F-droid is as centralized as Google Play. It's just have different overlords for the app catalog.
Obtainium is the only real way to download the app from source.
Tor version is up! But I will keep this in pre-release for now check for bugs. Please use Obtainium to get it (you have to activate pre-releases in their settings.
nostr:nevent1qqsf3u4v47dnadcdsas8jsh9wmu6pp4v9zklx7rfm2dznayptnk2epspzdmhxue69uhhwmm59e6hg7r09ehkuef0qgs24yz8xftq8kkdf7q5yzf4v7tn2ek78v0zp2y427mj3sa7f34ggjcrqsqqqqqpt6z7yh
A few tips:
1. Zaps go to your Public Inbox relays. That's the only setting that matters for this.
2. If a Public Inbox relay is paid, only the paid subscribers of that relay can send you notifications/zaps. The relay will reject everyone else and you won't receive it. So, make sure the inbox relays are open for anyone to send.
3. Many people are using wallets that don't send zaps (they don't have a zap service to send the event). In those cases, Amethyst will tell you that the zap went out but it will never receive anything.
4. You can remove the local server 127.0... from Public Inbox/Outbox/DM relays. Since no one can connect to it, it doen't make sense to tell your followers to send or download from there. Just add it to the local relays and Amethyst will send your posts there.
5. You are using Damus as a Search relay, but Damus doesn't implement NIP-50 yet. So, nothing is coming from there. The default button can offer the only 3 relays I know that implement NIP-50.
4.
Yeah, I forced the video to be a given size on compression and it looks like the compressor set it up like that. I you can still see it on full screen though.
In-device video translations > filtering content by language
nostr:nevent1qqs24u39w8jwv4z8nw9yjlc5ygkhne63hkc4euxa9863nm6kdh4fgdspz9mhxue69uhkummnw3ezuamfdejj7q3qqny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysxpqqqqqqz8kws2v
The icons enable or disable those relays for Home, Messages, Chats and Global feeds.
Just keep in mind that they will soon disappear. This is a relic of the old model and for now still work, but it will be less so over time.
If it's not open source, it's not private.
If you can't choose to use your own server, it's not private.
If you can't use it when the company is gone, it's not private.
If you can't create anonymous accounts, it's not private.
Stop trusting the marketing. Start verifying.
Oddbean new post about login | logout
Notes by Vitor Pamplona | export