How is that different than just using a read-restricted relay?
Discussion
Depends if you mean a read-restricted relay you run or one that you don't.
In both cases though, it's different because anyone with access to this read-restricted relay can copy the notes, and those notes are cryptographically linked to you, and depending on who you are you might not want that. (And in various other ways too.)
You might want the cryptographic link to be between you and your space, as opposed to between you and your notes.
Ah, I see. But I would have to give up the atomization of the notes to achieve that.
No you wouldn't have to give it up.
On Pubky you can have future plausible deniability, which can be quite empowering for some people. BUT if you don’t want future plausible deniability then you can just sign all your events with your private key nostr style (assuming someone builds out such a client). That's totally an option on the protocol. You have keys at your disposal for whatever you want, same as nostr, want a client that's fully atomic then just a matter of building it.
But it does feel pretty empowering to have that plausible deniability. You want to be able to say it wasn’t me if it actually wasn’t you (your account was hacked) and sometimes you want to be able to say it wasn’t me when it actually was you.
That degrades trust, tho.
Well on pubky you've got both options, atomic (signed notes) and non-atomic (signed space). So you pick the trade-off you want.
If you choose the atomic option on pubky then it'd be no different to nostr in terms of everything being a signed event, and the trust involved.
On nostr you only have the atomic option. Nostr one option, Pubky two options.
That said I’m not sure if there'd be enough demand for someone to code up a pubky client that serves users who want the atomic model. Could be I suppose. One way to differentiate.
Verification of events still happens, but through the location, not individual events.
It doesn’t degrade trust at all. And it increases safety and security. Only benefits.
And yes like Joe said, you can still verify individual events, but for the average person, that is a risk with no upside.
It's like an umbrella and a raincoat. You can have both, but if the umbrella is big enough then most people would probably ditch the raincoat.
you mean every time you receive a note you have to go on a server and ask if it's valid?
if you want that you can just have a relay that signs notes with random keys
anyone reading from that will know they are from you, but the signatures will not mean anything
thinking about it, no one is really going to run their own homeserver, so they will be essentially delegating full power over their identity to some vibecoded malicious provider
"but they just change their pkarr and retract everything"
then in this world nothing anyone ever says can be trusted to really come from them
> delegating full power over their identity to some vibecoded malicious provider
If the homeserver controlled your identity, homeserver migrations would not be possible. Homeserver migrations are possible even after a homeserver has “banned” you. So I think there is some gaps in your understanding
they control it temporarily
because they can publish stuff under my name
> Master keys are kept in cold storage, and access is delegated through revokable homeserver sessions, minimizing exposure and maximizing security.
https://medium.com/pubky/pubky-the-next-web-3287b35408f1
It’s like urbit and “master tickets”.
what I'm saying isn't that they have your key, but that they have your authorization to write stuff in your name by just having it on the server
So do nostr apps, no? Damus can do that right now if they wanted to
what? no, damus is open-source code running on your device, it's not under the control of anyone else
if nostr:nprofile1qqsr9cvzwc652r4m83d86ykplrnm9dg5gwdvzzn8ameanlvut35wy3gpzdmhxw309aex2mrp0yhx5c34x5hxxmmdqyxhwumn8ghj7mn0wvhxcmmvqyg8wumn8ghj7mn0wd68ytnvv9hxgpywa92 wanted to steal your key he would not be able to
Ok? If you enter your key somewhere, you’re giving them access to run everything. Pubky is infinitely more secure than that.
And if you use Nostr signers, Pubky is also much simpler.
So cool, copy what pubky is doing and put it on nostr. Problem solved.
good job pretending you're smart or that you understand what you're talking about
you tricked me for a while
Nice passive aggression faggot.
Course he could. He could push an update with a sophisticated backdoor, any nostr dev could. That update gets past app review, your app auto-updates, adeiu to your key. Just because there is a commit in github, doesn't mean that code is what's in the IPA. This is not F-droid.
That is the same with any software.
Exactly. Except F-droid (mostly).
what does f-droid do differently
F-Droid's servers download the source from Github or Gitlab and compile it on their own server. APK is signed with a unique F-Droid key for that app. Third party can then reproduce the build, the two APKs should be byte-for-byte identical. They have a system where they show the results of these independent rebuilds, or a user can just rebuild it themselves. Gets a bit tricky if the app includes non-deterministic elements that make it hard to rebuild the same each time.
thats pretty cool
that's quite a lot of steps involving multiple people, likely to get caught and lead to real world consequences even if after the fact, at least it would destroy nostr:nprofile1qqsr9cvzwc652r4m83d86ykplrnm9dg5gwdvzzn8ameanlvut35wy3gpzdmhxw309aex2mrp0yhx5c34x5hxxmmdqyxhwumn8ghj7mn0wvhxcmmvqyg8wumn8ghj7mn0wd68ytnvv9hxgpywa92's reputation forever
very different from one employee from the homeserver hosting provider being tricked into giving access to the account of an important person to some malicious entity
like we have seen happen many times in every big platform
worse even is that someone can say something then claim it wasn't them later
lots of broken incentives you're missing
That just reinforces my point that pasted-in nsec security is reliant on social pressures and not technical ones.
everything is like that
but of course the technology plays a big role in it, you're just larping
Lol. No. Some things can be prevented by technical means and not fingers crossed he’s a nice guy means.
you're trying to imply that publishing a confidential message unencrypted but with a preamble that says "do not read" is exactly the same as using signal because signal could technically ship a compromised apk to you and leak your message
everything is social pressure and trust at some level
you're pretending to ignore that the levels of trust required are distinct
It's not though. On Nostr I operate under the assumption that someone already has my nsec, we all should do that. Because it's entirely possible. I bet at least one person has my nsec right now, maybe a few people. I'd never know. Nostr really does rely on social pressure so why bother trying to be secret?
But if I started again on Nostr and did only Frost and bunker and White Noise and all that, in that case it'd be different. That's still a really bad experience, so I'll wait. But the tech matters, you have to admit.
All good points in this thread, but i’ll still take a key i control over some rando server managed by someone else.
If you have lots of money tied to a key i probably wouldn’t use it in mobile apps that are hard to verify… i would read the source code and compile from source and just use notedeck.
Anyone not reading the source code and compiling it themselves has to trust someone, even in the keyserver case. The server case is even harder for people because people have phones, not computers with servers.
We are already lightyears ahead in comparison to legacy social media platforms and protocols, at least users have the ability to choose their risk tolerance levels with different clients. On legacy they can read your DMs and make posts on your behalf if they wanted to.
True. It's not only risk tolerance it's friction tolerance too.
Though to be fair I should give frost/igloo/bunkers and all that another go, maybe the experience is less friction-y than before. Try living on Nostr for a few weeks bunker only, see how it goes.