You're on the right track. It need not be custodial for a hosted solution to enable a good experience. Read-only personal proxy could go very far in aggregating and filtering data from relays thereby significantly reducing bandwidth requirements for a client.
Some people already are working on this type of personal proxy.
With subkey delegation and revocation added to the Nostr spec it could be even more powerful without risking the user's main private key.
I'm beginning to see free read-only from paid relays isn't working. The paid relays are struggling now under read-only load to such a degree that is paid users can't use them. But if relays require private keys to read then a non-custodial personal proxy server would not work until subkey delegation becomes a real thing.
Nostr needs work.
The proxy could pass the challenge and response to and from the client through some protocol extension (client/user would still have to trust proxy not to abuse the authenticated session).
I'd rather like to see an anonymous solution, though, like some kind of usage tokens based on blind signatures.
Yeah but you’ll need a at home proxy. I would make a parallel with running a lightning node. If you know how to do this, then that’s good you can have your own proxy.
But for most people in developing country that doesn’t work.
Home proxy could be hosted in the cloud for ordinary users.
#[2]
Read-only access for non-paying users is too resource heavy. So locking it down where connection requires authenticating the npub with challenge in order to read would guarantee quality of service.
#[3]
But requiring the private key for reading from paid relays would break the simplest personal proxy server. These are desired as a way to substantially reduce the amount of data a mobile client needs to download by having your proxy sync from relays and filter on your behalf.
We could have the benefit of both pay-to-read and personal proxies after key delegation and revocation becomes a Nostr standard. We want this anyway to make it easier to keep our master private keys better protected, maybe even offline most of the time.
