Avatar
Luxas 1y ago

Ideas for a #Nostr client to use... an optional feature for when you send someone a DM it either sends out both a nip04 AND nip44 message. This way, no matter what client the recipient is using, they'll receive the DM.

Or, the client checks the recipient for support of nip89 and based on user's client knows whether nip44 is supported or not.

I can't tell you how many times I've sent a DM and the recipients never get it because their client has either dropped support for nip04 and only uses nip44 or vice versa and hasn't yet added nip44 support.

Reply to this note

Please Login to reply.

Discussion

Avatar
SLCW 1y ago

In my experience, most people can receive NIP-04 messages, while only some can receive NIP-44 messages. And the problem which you've correctly pointed out is that if you send a message the recipient can't receive, you never get any kind of notification so you just have assume they got it, or not. There should be some mechanism to alert when the recipient doesn't accept certain message types. Or some sort of fail over where it tries NIP-44 first, and if it fails, falls back to NIP-04.

Avatar
BitTiger 1y ago

Still waiting on any developers out there to acknowledge nip proposal 80085 here on nostr, or bother to take the time out to even read it.

Their silence speaks louder than words.

#nip

#nip80085

#nostr

#savenostr

Avatar
Luxas 1y ago

what's the link to it?

Avatar
BitTiger 1y ago

[ NIP Proposal 80085 ]

Hello, I hope you are doing well. Thank you for taking time out of your schedule to allow me to explain in greater detail. Why the Nostr protocol is currently a honeypot for criminals and tax collectors.

The Nostr protcol is revolutionary in its ability to almost resist online censorship completely. As well as having the capability to transfer a valuable digital currency asset known as Bitcoin instantly via zaps on the lightning network. When you connect your lightning wallet to nostr. Enabling you to earn an stable income in many ways. Such as content creation appreciation for your Nostr posts.

When zaps are made, depending on your chosen software application you are using. It is a common feature shows bitcoin zapped for any given post. Which allows everyone to publically gauge the posts popularity by listing the total amount of satoshis zapped.

For the vast majority of the Nostr community this is a dire personal privacy and security threat. Not a feature. Which has yet to be acknowledged, addressed, and resolved.

First in order to gain a much more comprehensive understanding of this critical flaw in the nostr protocol. We must first understand the human psychology from a behavioral science perspective. So that everyone can fully understand how zap motiviation and actions take place every day here on Nostr.

Whenever a primate sees another primate doing something perceived as beneficial that that the rest of the group has started doing. Then they themselves may instinctively start to feel the desire to join in. So that way they are actively participating in the social group and its native customs. So as not to feel left out, or be exiled.

Now while you may be saying to yourself so what?

Monkey see, monkey do, more zaps for me, and more zaps for you am I right?

Now think about another primate behavior that is inherent in many of us without a moral compass. For if anyone has seen a nature documentary, or been to the monkey exihibit at the zoo. What happens when one monkey wants something badly enough that they don't already have? They will be tempted into steal it for themselves.

Now that we have established a few basic concepts of behavioral psychology. Let us think about this from an airplane altitude view in relation to the way the Nostr protocol is currently being implemented.

Here are several very important personal and business questions for you to now ask yourself. Regarding basic privacy and security of finances.

Would you ever publicly post your private bank account balance on the internet for everyone to see?

Would a private individually owned small business ever post their bank account balance on the internet for everyone to see?

Lets say a person who is very popular on Nostr continues to stack sats at an exponential rate over time. If one of their jealous followers has fallen to temptation to steal their Bitcoin, because they always see them getting 5-6 digit zaps. Would it be easy for them to calculate a bare minimum bitcoin balance that any popular Nostr user earns in any given week?

Most bitcoiners publically admit that they are never fucking selling. So then could a determined enough criminal gracefully go through any popular nostr community member's entire post history with AI. In order to calculate a rough estimate of their potential current bitcoin life savings earned through nostr zaps?

If a criminal were able to easily acquire this level of knowledge through a very basic investigation. Using readily available tools. Would that person now have enough financial motivation to steal from any popular Nostr community member online? So that they can actively compromise computer devices to gain access to popular lightning wallets. Then steal all of their funds by zapping them into their own possession.

If any popular Nostr community member who is targeted for theft is smart. They may also publically advocate for cold storage. Should those smart people unwittingly post personal information about their home location. Could not a skilled enough investigator deduce their exact location through observation of their local landmarks in photos, or simply by determining their IP address whenever they visit a website domain posted on Nostr controlled by the criminal?

Could a legal licensed tax auditor also deduce these possibilities simply from their basic accounting and investigative training. Then use this publically verifiable evidence against you in a court of law. In a tax audit to legally steal your bitcoin away from you?

If these questions and answers are scaring the ever living shit out of you now. Good, that means you are paying attention. Now realize how screwed everyone who does not solely do anonymous zaps right now is.

Now that we know how big of a risk zaps are in their current condition for the Nostr protocol. How do we retain the behavioral science powered satisfaction for public accumulating of zaps. Without exposing any nostr users to any potential dangers from this big privacy and security design flaw in the Nostr protocol?

While each developer can tackle this problem with solutions in their own unique way. As a community we should make privacy and security a vital focus in protocol implementation via a new NIP which I am naming NIP 80085. For obvious memetic purposes to get everyone's attention.

Nostr developers please note that these are very purposefully dumbed down non functional examples. So that any Nostr user reading this nip proposal, regardless of their software development knowledge. Can easily get the general idea of how to fix this very critical issue we all now face as a protocol gracefully.

Solution A: Allow any Nostr user to assign their own unique emojis corresponding to customizable preset zapped amounts for any given Nostr post they make.

Example A:

0-100 satoshis zapped = Kiss emoji

101-1,000 satoshis zapped = Astonished Face emoji

1,001-100,000 satoshis zapped = Mind Blown emoji

Solution B: Color coded custimizable icons that lets followers know how popular their post is. Based on the current network wide zap averages accumulated for all content posted on Nostr within the past 24 hours.

Example B:

Red Icon = High Post Zap Average Score

Green Icon = Medium Post Zap Average Score

Blue Icon = Low Post Zap Average Score

Solution C: Simple text based notification that lets nostr users know how popular their post is. Inspired by a zap themed weather status. Which is also based on the current network wide zap averages accumulated for all content posted on Nostr within the past 24 hours.

Example C:

Zap Hurricane = High Post Zap Average Score

Zap Tornado = Medium Post Zap Average Score

Zap Shower = Low Post Zap Average Score

It is in my professional scientific opinion that any one of this simple solutions would satisfy our primate groupthink mentality. Which we are all hardwired to do here via zaps right now. Without giving anyone enough definitive publically verifiable financial information.

Each solution has pros and cons like many things in life. This will require a less busy mind to physically design and implement NIP 80085. As I am currently busy producing multiple projects at this time. I will not be posting the NIP 80085 proposal on GitHub. For ethical and moral reasons related to company ownership.

It will require Nostr hero developers who now believe passionately in NIP proposal 80085. Please take my propsal and format it into a official NIP submission on GitHub. Then complete the work I have started for you.

This is not my first rodeo when it comes to providing innovative solutions. While pointing out the elephants in the room that most people never see. I believe this is a good starting point for a public discussion on how to address this dire situation we are in as a protocol. The vast majority of Nostr users now have to face this harsh reality now, or face the consequences later.

I am a firm believer in FOSS. Financial privacy and security should be a universal right by Nostr protocol design. This should be the absolute bare minimum responsibility all developers must account for. To safely protect all of their Nostr community members. As we ensure that all of us maintain true censorship resistance and financial freedom for everyone on Nostr.

No one should have to move into a jail cell for a tax related conviction from using Nostr. As well as robbed if someone tracks you down in your new mansion in a few years. Just as soon as Bitcoin hits 10M USD per 1BTC. To make theft, and/or murder become a calculated risk for any professional criminal heist.

I genuinely help people. I want you all to be safe and become aware of this very real and present danger. Don't panic. Have courage to save Nostr. Motivate Nostr developers to help themselves by designing and implementing NIP 80085. Fix this critical flaw in the Nostr protocol together now.

GN Nostr.

#bitcoin

#nip

#nip80085

#amethyst

#damus

#nostr

#dev

#valueforvalue

#zap

Avatar
Luxas 1y ago

Some valid claims here. Thanks for sharing. I do know that they briefly touch on eventually encrypting the notes, listed at the bottom of NIP-57 spec: https://github.com/nostr-protocol/nips/blob/master/57.md

I'm sure it will happen eventually, for some of the reasons you've outlined. For now, I think the easiest solution here is practicing good OpSec hygiene and limiting your exposure by using LN wallets that only hold a small amount for zapping.

And maybe look at expanding on NIP-57 by submitting a PR to add the encryption of zap request notes?

Avatar
BitTiger 1y ago

If I step foot into the world of GitHub again. It would be going against my core beliefs. Which is something I wont do. Otherwise I could not forgive myself for contributing to their success.

If Nostr developers ever move away from github. Start acting ethically responsible and move over to codeburg, notabug, or literally almost anywhere else. I would be all over it like white on rice on a paper plate in a snow storm.

Also, I do not have the time and dedication required to personally take on this epic huge responsibility. Too many projects going on right now to claw my way out of personal poverty. As well as many demanding responsibilities. I am simply stretched way too thin right now. Just trying to survive without a stable income.

When I asked the nostr community if I should expose a dire privacy and security flaw in the protocol. The people said yes. So I needed to do a brain dump that motivated developers blessed with passion, free time, and the ability to save nostr. Thus the nip 80085 proposal was literally born from a hold my beer moment.

The best I can do is create awareness. Hoping for another true hero to come to our aid. To save nostr by finishing the work I started.

Many people are either lazy fucks, and/or have short attention spans. They always seem interested, but when I show them. I either get no response, or a TLDR. So sincerely I am appreciative that you actually read it. Then took the time to give a thoughtful response.