Nostr Web Client

Got a #nostr noob question: reading info about relays and i see that the nodes can “choose” to store notes. 👀 Not sure what that means. How exactly are those “choices” made? Are they done programmatically or by human intervention? Also, how is scalability handled as the storage data on relays as the storage load grows? It seems that once daily notes scale to the millions, the single relay node storage capacity will run out very fast. Is mitigation for this already planned in? #dev #relay #notes

Big Barry Bitcoin 11mo ago

A lot of your questions are actually unknown. Some might consider that scary but I think it is exciting. I can't answer with what WILL happen, only what COULD happen.

Relays follow a protocol, so the software used by a particular operator could be a popular one, or one they made themselves.

This means that some relays accept everything unconditionally, some can be configured to block based on arbitrary conditions, they could block by IP, they could block by your npub, they could block by hashtags or using AI to filter content. Some relays will only host content from specific users and ignore the rest of the data sent its way.

Not only that, but at some point, a conversion was had about how relays can cover costs, so the protocol was grown to include a way for relays to declare a payment method and they can choose to only store content from npubs that have paid.

They can also limit read access, you need to sign a challenge to prove your identity (basically log in) and then they will let you connect and get notes.

I think you should look for podcasts about nostr to hear interesting discussions around this. nostr:nprofile1qqsx2wyjt6lmvc05rrvv05r5hm3w3t7h0pcpmkyswrpd4ymd2u09tscpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtc7dx3ah is a great podcast app for it.

We already have relays that store profiles and follow lists only (they don't store content).

Relays don't store media, just notes. There are some interesting innovations happening with "blossom servers" to handle media. Right now, nostr.build is the main host for all media and they provide a paid subscription to help with running costs. Primal have their own media servers for their users too.

There is discussion about relays focusing on supporting certain communities. There could be a football relay which relays only football related content.

Some relays focus on finding and blocking spam.

None of the nostr clients are alike, but as the demand grows, so will the network and so too will everything evolve. As data gets organized across relays non-uniformly, clients will adapt.

Right now, hobbyists run relays, some have already turned them into businesses, but eventually we will see, will many small servers work well or do we need to have a few big reliable relays?

Even if we need a few big relays for the majority of people, there are so many possibilities in between. We just don't know how it's gonna go.

Just a note about scaling. If we do get community specific relays, that could mean that load is distributed across many relays and relays may never need to be as big as Twitter or Facebook's servers.

Reply to this note

Please Login to reply.

Discussion

sister_sam 11mo ago

Seems like it is more of a PITA for clients to have to adapt to all kinds of different expectations and capabilities among relays. Or is it as simple as getting what you can from relays available to user and what can be got is uniform enough but not necessarily as complete or consistent among different relays? But then don't you have client work to do to de-duplicate and get the most complete data across the relays about a note as possible?

Doesn't sound that bad if that is the extent of it.

sister_sam 11mo ago

But what of possibility of nefarious relays (or clients for that matter) modifying content? How is that protected against?

Big Barry Bitcoin 11mo ago

For relays, all messages are signed by your nsec. If your note I'd modified in any way, the signature will not match and a digital signature is not like a physical one that can be forged,: it is impossible to tweak or remake a signature to match.

For clients, they are responsible for validating signatures and dismissing/ignoring invalid junk. They usually also look after your nsec. This is where things get technical, but we can probably rely on social protections.

Clients should be open source. There shouldn't really be anything to hide, and technical experts will audit the code and raise the alarm if it does anything bad with your nsec; like if it leaks it or makes changes to your notes that you don't expect before signing.

There was a client in the past, I think it was by thndr, and they went the route of letting you create a username and password. Behind the scenes they would create and look after your nsec for you so you don't need to worry about it. This was critisized heavily because I think the client was not open source, the servers looked after your nsec so it definitely wasn't private and your secret, and so they could TECHNICALLY request deletions and create new posts on your behalf while you are not paying attention. Ultimately you had to put your trust in them the same way you put your trust in Twitter not to ban you or remove your posts.

On the other side of the spectrum, we have remote signing apps and even devices that some clients support. You can imagine someone as important as the POTUS who writes infrequent but important messages would carry around a dongle that only unlocks with their fingerprint and would need to use that to sign each message they write or approve.

I actually use Amethyst for my main client, but Amethyst doesn't know my nsec. Another program called Amber has it, and when I send a note, it will ask Amber to sign it, Amber will show me the request in a pop-up and I can inspect it to see what it is signing before I approve it. If Amethyst wanted to do anything behind the scenes without me prompting, it would need to ask Amber and I would see a popup, so I know that Amethyst cannot misbehave as long as Amber is secure and not colluding with Amethyst. I actually auto allow things like likes and zaps to reduce the number of taps I need to make for such small things and zaps mean nothing unless I open my wallet and press send the way I have it set up.

When I go on my laptop, some clients allow me to log in by connecting to my Amber client. The website does not get my nsec. When I post a message, Amber let's me vet it and if the website tries anything else, I see a popup on my phone and I can reject the action if I don't like it.

Basically, this stuff has been thought of and there are solutions. The more you are worried about malicious clients and your privacy, the more work you need to put in yourself to understand it all and take control. The devs put in even harder work, they wanted protections and they built it and they now support and maintain those solutions. You just need to shop around, find the right solution for you, use nostr and ask around to see if it is legit and then use it.

Big Barry Bitcoin 11mo ago

I'm not totally sure, nostr is a protocol and so every new feature has to go through a public process where people can review it, criticize it and help to improve it.

If something will compete or conflict with other existing features, then it will be caught before clients and relays begin to include those features.

Relays don't need to implement all features and clients don't need to support all features. The protocol ensures that relays and clients who follow it will always know what is supported when they communicate so that things run as smoothly as possible.

Users will pick the clients that work best for them. When new core features come out, some clients will be fast to adopt them and they will be for the power users who are willing to test new features and deal with the bugs, then more polished clients will start to adopt them ONLY IF IT IS USEFUL... For example, an Instagram-like client like #olas might not ever need to support custom fonts in messages.

It is chaotic. Life is chaotic. Embrace the chaos and we'll build great things together.

Mizan Ashé™ ※ 💎🤫💎 11mo ago

Thx. Very helpful and confirms a lot of my guesses. Cheers Ser!