We should stop pairing NIP-5 with the word "verification". For newcomers it risks being a shitcoin game.
Use NIP-5 for its real functions and embrace WoT for actual contacts check.
Discussion
Agreed.
PoW keys are a step in the right direction, but even better are what I call PoW endorsements.
https://pippellia.com/pippellia/Social+Graph/Navigating+the+social+graph#PoW+endorsement
PoW is a powerful tool, but I don't like mixing money in the verification process, it becomes an upward game where the economically strongest wins. The social graph should be enough, and it's harder to hack.
It's difficult to game it tough. An attacker can pay a miner 10$ to get his PoW checkmark, however, unless he's followed or interact with many other real an trusted people, he'll lose that initial weight in algos like Trustrank.
Creating an identity on nostr is basically free. So imagine an attacker creates a whole new network of nibs following each other, exactly replicating the structure of the real network of npubs, same structure.
The two graphs are isomorfic, so any graph analysis will yield the same result. Hence, if you don't have a pov (e.g brand new npubs that don't follow anyone) you can't distinguish between the two, hence my focus on PoW for this case.
Actually, this could be a problem for brand new npubs starting with zero known contacts, but it seems a quite rare case. I think the normality is to be onboarded at least by a friend, or discovering a new app/platform, where I interacted with legittimate users. I would not overcomplicate things. Btw, IRL connections win.
This is the most difficult part.
A brand new npub doesn't have a wot network from his pov, but that's not a big deal - onboarding client should ask them about their content preferences/hashtags and even if user doesn't choose to follow someone and get his wot seeded, client could use some popular accounts from the topics user has chosen to serve as temporary wot sources.
The bigger problem is that relays can't distinguish a brand new npub from spam. I.e. if someone big tweets about nostr and a wave of new people comes in short time, it's indistinguishable from a spam attack from a botnet. And pow doesn't help much - you'd need something like 100 seconds of mobile cpu to produce pow equivalent to 1 sat - and I bet reply-scammers earn way more than 1 sat per event they post.
I keep getting back to this issue in my head from time to time, and still can't find a good general solution, only whack-a-mole. Users can be protected from spam by wot, but public relays designed to onboard new users can't. Unless we attach some extra signal to new users (pow? 1 sat? some version of your pow endorsement?) while keeping the friction low.
Any ideas how "pow endorsement" could be practically applied to onboarding users at scale with low friction?
because the values are computed from your position on the graph the fact they have weak links to the rest of the network will still diminish their ranks
Indeed. The problem arises only when a malicious client exclusively uses it's own malicious relays where the fake social network is totally detached.
ofc, but that's why I said "if u don't have a pov", meaning u are a new users that doesn't follow anyone.
that is probably a bad place to start, but also pretty uncommon, almost everyone knows someone who says "i'm on nostr" and they first follow them even if there is no onboarding procedure
It's also useful for proving affiliation with a project or community.
And it makes for nicer URLs.
Actually, you can have more NIP-5.
agree
I am worried that, at this point no one would buy US debt in USD. a major makeup of Treasury might b3 needed if you decide to measure debt in BTC.
Yes. NIP-05 is for identification. i.e. this address maps to this public key. “You can find me at this address”. That’s all. Doesn’t have anything to do with anything else.
What are NIP-5 real functions?
Share a contact, search a contact.
Think of it as a shortcut to a nprofile (npubs + relays hints).
Thanks a lot. Need to ask about relay hints. In this context what would that be?
Tell people where you write your notes and where you would like to read replies. Aka Outbox (originally called "gossip") model.
https://mikedilger.com/gossip-model/
This is the foundation of Nostr decentralised structure.
What's the best way to implement WoT?
It'a client job, leveraging the social graph and maybe other metrics. Coracle.social was probably the first to introduce the WoT concept, and it has a great implementation. Read a summary here:
agree
As a newcomer I found it confusing. Though maybe the concept of verification could be emulated with a competing set of verifiers that the client chooses to adhere to 🤔
I still like the idea of badges for those who have earned them through tasks at live events
Or badges for people who zap others a lot and participate in the economy
I think we should look to the boyscouts to see what they do- I’ve never been a part of that cult (😂 /s), but they probably have some good ideas
Nice idea, but the problem here is the "value" of the badges. It is necessary bounded to whom create them, they are just a passthrough, so we are falling back to the Web of Trust.
If you make them assigned to tasks it’s a protocol
Like being an only-zaps person makes you cooler idc
There should be a special only-zaps relay
The whole concept of "verification" is bound to centralized structures, it should be buried. Self-verification is a state of mind. Instead, verifying someone/something else is a matter of active experience and interactions, which minimize the trust factor. Of course technology helps, but also WoT needs to be verified and not blindly trusted. "Proof of work" means taking responsibility for everything we care about, exactly like we do (should do) in real life.
There is no way I can fathom doing it without trusted parties, sure. I guess I haven't truly embreced the philosophy already but hypothetically, community bound verifications, though trust reliant could be put in place if desired
I understand, it is not easy. The good news is that these trusted parties can be collaborative and self-monitored: peer reviewed algo within peer reviewed platforms. But we must always keep an open eye on our verification attitude.
> The whole concept of "verification" is bound to centralized structures, it should be buried.
It doesn't have to be. There can be multiple verifiers and a single pubkey can be verified by many of them. If among the verifiers that verify me there is at least one which is included in your trusted list, your client should show me as verified.
This would be a level of decentralization similar to that of relays (in the inbox model).
The issue with NIP-05, if it were a verification system (it's not), would be that an account can only be "verified" by one "verifier". So an account would have to pick just one and you'd be forced to "trust" any widely used one (if you want to rely on verification at all), leading to centralization.
I agree, NIP-5 has nothing to do with verification.
I think a (decentralized) verification system on Nostr is possible, but it would have nothing whatsoever to do with NIP-5.