Nostr seems like a terrible place to do this because even if you encrypt the content it’s still possible to analyze metadata and it’s available to literally everyone (not just relay service providers or servers) . Better to either do it off Nostr or have a key exchange protocol that creates child keys off of the npubs so there’s at least an alias but once again it’s a giant panopticon if those are ever compromised.
Discussion
The way to solve the metadata analysis problem is to flood the network with noise. Every time you DM, create a whole bunch of automated junk DMs at the same time. Like an anonymity set.
That is one approach but you could also just not use Nostr and use an onion routed network of Lightning node.
You get spam prevention (sats payments) and you never leak metadata in the first place. You also don’t impose undue cost on relay runners that would have to host all the junk data
Have you heard of gift wrap proposal?
It’s a start. hodlbod
If you can select dedicated/trusted relays, you can partially sidestep this. See below for my post on the topic:
https://habla.news/u/hodlbod@coracle.social/1700155417145
The fact is, no has built groups "right". So until they do, I will build them wrong and happily adopt the better standard when it arrives.
It’s an improvement but ideally you don’t have to trust anyone and you can just use your Lightning node and onion encryption to totally obfuscate both the source and the content of messages. I can’t say too much but I know people working on stuff like this.
I think it’s better than using Nostr for this. Nostr is good for public facing profiles. Use the right tools for the right job.
Communication over lightning has always seemed odd to me. But even granting that, different solutions have different trade offs. I'm hoping to onboard non technical people who will have an uncle Jim setup in the best case, so an incremental improvement over centralized options is good enough for me.
A friend is trying to build a groups product on matrix and has hit major scaling issues. If nothing else, nostr is at least scalable.
I think Lightning is ingredient that promotes spam resistance and incentives just like Nostr could be an ingredient in some capacity.
Ultimately the ideal topology is onion routing or another solution that conceals the content source and destination of all messaging. That is the holy grail.
Yes, I think I agree. It will be interesting to see what form that takes. I can imagine lots of permutations related to transport, storage, note wrapping, etc. It would be awesome to come up with a transport-based solution that would be orthogonal to the data format, to get nostr-over-whatever.
You mistyped PoW there.
LN promotes spam resistance only for the sender and receiver, cause only they can tell if a payment (zap) is real or not. Any 3rd party cannot tell the difference between a payment and a self-payment.
Outside of direct connections, distingushing spam from non-spam becomes exponentially harder, the further you go down the social graph.
Problem is, there will always be good content voiced through anons. Any platform with a spam filter that ignores this is self-limiting.
A good way for anons to cut through the bot noise is with PoW.
Zaps are not cybil resistant so we agree there. It really doesn’t even matter who gets the funds you just need to make sure an anon sender has some cost to send or stake a message as non spam at least when onboarding
In a group context I see no problem with somebody being the Uncle Jim ensuring there’s no foul play on behalf of the group. Once funds are received sign an attestation. I don’t see that as exponentially difficult.
That's one hop away (you trust Uncle Jim).
But if one of Uncle Jim's friends (2nd hop) signs the attestation? What if its 3 hops away?
It gets real tricky real fast.
Not really. You either have Uncle Jim custody the group chat, have a DM. Or go on Nostr or something else if you want a public facing permissionless system where anything goes.