Subnostr

PSA 🚨- Don’t use Freefrom!

Somehow I’m getting a *ton* of spam about “Freeform” in my main feed, from a ton of nothing accounts that I don’t follow and have no reposts or likes from anyone I follow. Also doesn’t seem to have any hashtags I’ve chosen to follow. So I can’t understand why they would make it to my main feed.

Any idea how they snuck in? Did they manage to trick some relays or something? I’m on nostr:npub18m76awca3y37hkvuneavuw6pjj4525fw90necxmadrvjg0sdy6qsngq955 and they seem to be targeting Damus users. But I should only be able to see this in global.

Horrible strategy, imo. If they are legit, they’ve made me think it’s fucking spam trying to steal people’s nsec. Scammy advertising is a huge red flag 🚩

If they’re dumb enough to do that shit, don’t dare paste anything sensitive into that app until you know more about it.

Reply to this note

Please Login to reply.

Discussion

Majere 1y ago

People that went to to the conference heard about nostr and are targeting well known people to boost their platform. Just a guess

semisol 1y ago

Maybe don’t blame them with “exploiting relays/clients” when the problem is that you are following hashtags with no filtering. Let’s be fair here

Guy Swann 1y ago

I said this in my post, but this has nothing to do with hashtags. They didn’t even tag anything.

semisol 1y ago

Hashtags don’t need to be included in the post. The t tag used for filtering for hashtags is used, not the content that you actually see

Guy Swann 1y ago

And did you really just say “don’t blame the scammers”?

semisol 1y ago

No…? I said don’t blame them for the wrong thing?

Guy Swann 1y ago

lol, it sounded that way. And I wasn’t blaming clients either, I was literally just pointing it out and asking what may have led it to end up in my feed. Found out very quickly from some helpful people that there is just a way to hide hashtags on nostr:npub18m76awca3y37hkvuneavuw6pjj4525fw90necxmadrvjg0sdy6qsngq955

semisol 1y ago

Yeah, just saying it’s more that you are following hashtags (which have no filtering) + they are adding hidden ones.

semisol 1y ago

Hashtag following should be treated just like global.

Guy Swann 1y ago

I do treat it that way, but that’s why I pointed it out. The tags were hidden. I wasn’t aware that was possible.

semisol 1y ago

Amethyst shows those tags by adding to the end of the note.

liminal 🦠 1y ago

The system allows for it. An effective system makes spam difficult to produce or irrelevant to be seen even when accelerated and amplified by technology.

Yes, don't blame the spammers or the scammers - because it will happen anyway in ways we can't control or predict by individuals with the power to do so. These attacks are the tip of the iceberg and are good baby problems to solve when we are looking to the future in building a permissionless system.

Guy Swann 1y ago

Correct. What can be done will be done, that’s why I worried for a moment that they “snuck through” somehow, but it was just invisible tags.

semisol 1y ago

nostr:npub18m76awca3y37hkvuneavuw6pjj4525fw90necxmadrvjg0sdy6qsngq955 also does not do validation of filters yet, so relays can return any notes they want and inject it into your feed, along with inserting fake notes.

NostrDB will fix this.

PABLOF7z 1y ago

Can you give me an event id of one of these events that shouldn’t be in your feed? Wanna see the payload

Guy Swann 1y ago

Here’s a random selection:

nostr:note1g06tvgzy03n439229489s5ke67f7hxkkl7yaytjh4ahf36w0nkfstxxmeu

nostr:note1sh3hhnkpznvdcafnea9w30cyzu5qmyjgkasu9gp4a8jyth4kyajq98253e

nostr:note1csecv4x3h8fhs4wgep0ruchzg2tyhy2z0y9wkyfuj469462yn54q6d4ns4

nostr:note1qewe99rp08666cgr0aksd698jutwy7ld6ddp24lq046mns7vfpcst74dlu

nostr:note1rv5jhflmue9ahsh56fnmgc7fgxaw7nj2vxr2ayud6dz4lqtq77vs7tg6xv

note1thc7pc07xa7gpj250vslpq76zpdhl8su58uhxvh53xunnup8gwvqy7f

NotBiebs and 69 others 1y ago

There’s a whole bunch of popular hashtags on these notes if you look at the raw event json for the notes. Spammers often use this technique on Nostr.

Guy Swann 1y ago

Yeah someone else could see them on Amethyst, I’m just on Damus and we’re driving so I couldn’t really do much with it.

NotBiebs and 69 others 1y ago

so if you follow popular hashtags, this type of spam will leak into your feed unless you mute the spammers or use a client like coracle that has a WoT implementation that helps auto-mute this kind of stuff.

eric 1y ago

Yeah WoT to hashtag follows could be a solution in Damus here. Maybe we could also display the “t” tags in notes so it’s visible to users. cc nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s nostr:npub13v47pg9dxjq96an8jfev9znhm0k7ntwtlh9y335paj9kyjsjpznqzzl3l8

jb55 1y ago

yeah we should be displaying hashtags near the reply line somewhere

eric 1y ago

something like this?

eric 1y ago

lol https://v.nostr.build/zE3IqQv1iNAi35tM.mp4

NotBiebs and 69 others 1y ago

Just auto-flag it as spam if there’s more than a few 😂

jb55 1y ago

auto-flagging duplicate content as spam is one approach, but would be easy to get around by noncing the content.

NotBiebs and 69 others 1y ago

I meant if there’s more than a few hashtags

Guy Swann 1y ago

Yeah WoT would be a huge help here. I like to follow hashtags though just to get a “taste” of global and be exposed to new people/stuff on the network. I realize I get some crap that way too, but it just looked as if the post had no tags, so wasn’t certain how it happened.

NotBiebs and 69 others 1y ago

What’s Freefrom?

crimsonleaf363 1y ago

They are closed source. I don't remember how many times they said it would be opened.

HyperTangled 1y ago

Freefrom? Thats not on f droid so i dont trust