Subnostr

Tip for nostr apps:

Nostr has a super power, generating an "account" is as simple as generating a private key.

The first time user experience can therefore be **fully automated**!

This is a MASSIVE UX win, we take the initials user journey from 5 clicks for username, password, email etc, and we reduce it to 0 (!!!!) clicks.

User lands on the website, and EVERYTHING JUST WORKS. Initially with a "guest account", but later the user can either add metadata to this new key, log in with an existing nsec or nsecbunker, or add a new nsecbunker setup with another provider.

We can therefore delay the nuances and complexities of account generation to an arbitrary point later in the user journey.

Reply to this note

Please Login to reply.

Discussion

Andreas Griffin 1y ago

Spam mitigation still unsolved....

Andreas Griffin 1y ago

Maybe PoW (e.g. difficulty based on the account creations in the last minutes) can be a temporary mitigation until everyone has nuts/sats?

Max 1y ago

This might not even be a problem that needs to be solved client side.

Relays already have their own spam protection mechanisms.

daniele 1y ago

Spam has a broad definition. Relays could handle obvious spam attacks (e.g. bots sending the same link as a reply to each thread), but in the end it is the user, hence the client, who should choose what to filter.

But the possibility of automating the creation of new profiles exists anyway, so I agree this is not an argument against simplifying onboarding.

Max 1y ago

nostr:nprofile1qqsr7acdvhf6we9fch94qwhpy0nza36e3tgrtkpku25ppuu80f69kfqpzdmhxw309akx7cmpd35x7um58g6rsd3eqyxhwumn8ghj7mn0wvhxcmmvqyg8wumn8ghj7mn0wd68ytnhd9hx2px56dk I was quite frustrated with having to setup a dummy nsecbunker account, when I just quickly wanted to have a throwaway account for this specific nest.

Max 1y ago

Iris did this almost perfect, the user only had to type in a username and be done with it.

Shoutout to nostr:nprofile1qqsy2ga7trfetvd3j65m3jptqw9k39wtq2mg85xz2w542p5dhg06e5qpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszxrhwden5te0dehhxarj9enx6apwwa5h5tnzd9az7qgwwaehxw309ahx7uewd3hkctczcs834

It could be even better with simply ignoring the user name at first, or potentially adding a randomly generated nym by default in the kind 0.

unknown 1y ago

Yeah, spammers can post spam each time with a different account with no effort

Max 1y ago

So what?

That has always been a case, spammers will likely use custom scripts that optimize the attack.

unknown 1y ago

Nostr is basically an open notepad file that anyone can write to. There was a big spam attack today, sometimes even CP is spammed like crazy on Global.

"So what?" you say? That is not an appropriate answer to this problem. Relay admins have no tools or power to stop spam. Nothing is being done either to give admins control over their instances and the ability to fight back because they have your attitude of "that has always been a case"

Max 1y ago

All good points.

My point is that we shouldn't have to degrade the onboarding UX of a single client to fight the global spam problem.

These are two separate problems and should be addressed with dedicated tools, a solution is more usable, robust and automated relay management tools.

daniele 1y ago

Auto-creating an account is a powerful possibility, but it is also *unexpected*. We need to take into account two things: the user is used to register, and this is foremost a psychological act that exposes their intention to join a system, so we cannot simply bypass/impose this step; it could be confusing or irritating.

Second, the management and backup of the private key need to be explained asap to avoid lost or duplicated accounts.

I think the solution is minimal and frictionless registration, with a simple but solid explanation of Nostr's innovation, combined with a persistent warning that is only hidden when the user has secured the account.

HoloKat 1y ago

Low friction in, low friction out. While yes, this is a cool feature, sometimes you want that added friction to personalize your experience and add some skin in the game. It’s a psychological trick to have some vested time in the app but it could reduce churn. Sometimes that customization is also necessary for a relevant experience.

Max 1y ago

Great point, though that personalization could come early on in the UX journey still, it's just that the first screen is instantly useful, instead of yet another account creation flow.

HoloKat 1y ago

I’ve seen people confused with the whole key generation step, they look for a field for email and password and wonder where it is 😂

Bitcoin Wizard 🧙🏻‍♂️ 1y ago

If you look at the time it takes to create a simple account on ordinary sites today, I can only agree wholeheartedly: Complete address, email address (double verified of course), phone number (verified) and solve the seven catchas as long as the page doesn't break in any of the steps.

If you try this with a VPN, you can hang yourself right away.