Maybe don’t blame them with “exploiting relays/clients” when the problem is that you are following hashtags with no filtering. Let’s be fair here
PSA 🚨- Don’t use Freefrom!
Somehow I’m getting a *ton* of spam about “Freeform” in my main feed, from a ton of nothing accounts that I don’t follow and have no reposts or likes from anyone I follow. Also doesn’t seem to have any hashtags I’ve chosen to follow. So I can’t understand why they would make it to my main feed.
Any idea how they snuck in? Did they manage to trick some relays or something? I’m on nostr:npub18m76awca3y37hkvuneavuw6pjj4525fw90necxmadrvjg0sdy6qsngq955 and they seem to be targeting Damus users. But I should only be able to see this in global.
Horrible strategy, imo. If they are legit, they’ve made me think it’s fucking spam trying to steal people’s nsec. Scammy advertising is a huge red flag 🚩
If they’re dumb enough to do that shit, don’t dare paste anything sensitive into that app until you know more about it.
Discussion
I said this in my post, but this has nothing to do with hashtags. They didn’t even tag anything.
Hashtags don’t need to be included in the post. The t tag used for filtering for hashtags is used, not the content that you actually see
And did you really just say “don’t blame the scammers”?
No…? I said don’t blame them for the wrong thing?
lol, it sounded that way. And I wasn’t blaming clients either, I was literally just pointing it out and asking what may have led it to end up in my feed. Found out very quickly from some helpful people that there is just a way to hide hashtags on nostr:npub18m76awca3y37hkvuneavuw6pjj4525fw90necxmadrvjg0sdy6qsngq955
Yeah, just saying it’s more that you are following hashtags (which have no filtering) + they are adding hidden ones.
The system allows for it. An effective system makes spam difficult to produce or irrelevant to be seen even when accelerated and amplified by technology.
Yes, don't blame the spammers or the scammers - because it will happen anyway in ways we can't control or predict by individuals with the power to do so. These attacks are the tip of the iceberg and are good baby problems to solve when we are looking to the future in building a permissionless system.
Correct. What can be done will be done, that’s why I worried for a moment that they “snuck through” somehow, but it was just invisible tags.
nostr:npub18m76awca3y37hkvuneavuw6pjj4525fw90necxmadrvjg0sdy6qsngq955 also does not do validation of filters yet, so relays can return any notes they want and inject it into your feed, along with inserting fake notes.
NostrDB will fix this.