Nostr Web Client

I understand what public relays are. I asked a clear question. Perhaps you’re struggling with reading my questions. Let me ask it again in another way… can an app with privacy measures at the user level without numerous steps be created on Nostr based on your opinion? It’s a simple yes or no question. If the answer is no, then I challenge someone to try to create one. nostr:npub17vscfmnmshfdw68llhduxtr4h0kkmyhzm4phzs40t3gqsmguz7lsak66ne is working on an app that would have some time of privacy measures in place.

Dikaios1517 10mo ago 💬 2

Not sure what next block is working on.

The short answer is no. Remember apps don't actually store the data or control who has access to read and write data. That is all handled by the relays.

The only way an app could be created with the type of privacy features you are asking for is if it does not use public relays, but allows you to only use a private relay that you have set up a whitelist of folks who are permitted to read from it and write to it, or a blacklist of folks you don't want to have access to read or write. But that is NOT going to be approachable for most people. #Flotilla allows this with their relay-based communities, for instance.

Reply to this note

Please Login to reply.

Discussion

Latrica 10mo ago 💬 1

Perhaps you want to check out what nostr:npub17vscfmnmshfdw68llhduxtr4h0kkmyhzm4phzs40t3gqsmguz7lsak66ne is doing. I challenge someone to create an app on Nostr with privacy measures without requiring 1000 steps.

Dikaios1517 10mo ago 💬 1

I took a look at what NextBlock's plans are for "eliminating" bots and trolls from this note:

nostr:nevent1qvzqqqqqqypzpuepsnh8hpwj6a50llwmcvk8twlddkfw9h2rw9p27hzsppk3c9alqyghwumn8ghj7mn0wd68ytnhd9hx2tcprpmhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef0qyfhwumn8ghj7cn0wd68ytn0dekxjmn99uqs7amnwvaz7tmp9ehx7uewd3hkcqghwaehxw309a3xjarrda5kuetj9eek7cmfv9kz7qg3waehxw309ucngvpwvcmh5tnfduhsz8mhwden5te0vfhhxarj9ekxjemgw3hxjmn8wdcx7un99e3k7mf0qyw8wumn8ghj7cn4vd4k2apwvdhhyctrd3jjuum0vd5kzmp0qyg8wumn8ghj7cfwdehhxtnvdakz7qgmwaehxw309a3ksun0de5kxmr99ej8gmmwdahzucm0d5hsqgqjmlp8vhynhf3hrcwpwfwadx2c2xh0lm5ypp22pagm734yf3t3lqad4wc2

This is not the privacy features you have been talking about. NextBlock will simply be hiding those interactions from you. So the bots and trolls will still be seeing what you post and able to comment on it from whatever app they are using, you just won't see it on NextBlock unless you have actively chosen to add them to your contacts.

That's easy. Any client can do that. Indeed, you can achieve something similar by just using Coracle.

Latrica 10mo ago 💬 1

Well it’s *some* type of privacy as I’ve stated. I still challenge someone to create an app on Nostr with privacy measures in place without 1000 steps. If it cant be done at all, good luck with onboarding millions of users.

Dikaios1517 10mo ago 💬 1

No, it's not privacy at all. All of your posts are still public and can be interacted with by anyone.

You just don't see any of those interactions unless you have added the person as a contact.

That is the OPPOSITE of privacy. Indeed, it could give people a false sense of privacy since they only ever see their friends interacting with their content, so they may assume only their friends are seeing it, and reveal more about themselves than they should, not realizing that absolutely anyone and everyone can see it.

Latrica 10mo ago 💬 2

So what’s a possible solution without requiring 1000 steps? What would you propose? Tell me in less than 5 steps. Ideally 3.

Dikaios1517 10mo ago 💬 3

Not possible.

The easiest option for running a relay where you can control who has access to read from it and write to it is relay.tools by nostr:npub10npj3gydmv40m70ehemmal6vsdyfl7tewgvz043g54p0x23y0s8qzztl5h , and it's still a bit involved to get it set up correctly.

Even then, if you don't want your notes to naturally propagate to other relays when users interact with them, you will need to have nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6 's new lockbox option enabled, which I highly doubt cloud fodder has implemented as an option for his relays, yet.

The next easiest option would probably be nostr:npub1syjmjy0dp62dhccq3g97fr87tngvpvzey08llyt6ul58m2zqpzps9wf6wl 's Nostr Relay Tray, but you still need to have the know-how to expose the port that is running on and set up a reverse-proxy to make it accessible through a domain that you own.

Dikaios1517 10mo ago 💬 1

So, it's not that privacy enhancing tools don't exist, or that better ones aren't being worked on. There's just nothing "easy" about them, and it is going to be a while before we see them in any kind of user-friendly form, just like it took a while for Nostr's public interactions to be accessible in a user-friendly way. Arguably, that still has its struggles.

If you want something that "just works" and has the features you are asking for, they are really easy to provide from a centralized platform. But, your trade-off is they own all your data, and while you might have some privacy from other users you want to prevent from seeing your posts, you have ZERO privacy from the platform owner and any advertisers or other entities that they are selling your data to.

Latrica 10mo ago 💬 1

So there is an option? I asked that question already. But you said no.

Dikaios1517 10mo ago 💬 1

I have given you several that are all more involved than you want to deal with. So effectively, there are no options available for you unless you want to put in some work.

Latrica 10mo ago

Got it. Thanks for sharing.

Latrica 10mo ago 💬 1

Not possible? Anything is possible. nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6 is it possible to create an app with full privacy on Nostr without requiring 1000 steps? Ideally I want 3 steps.

fiatjaf 10mo ago 💬 2

It's not possible, not even with 1000 steps.

Latrica 10mo ago

Thank you for replying. How will Nostr ever scale to more users? Privacy is important to people who also want decentralization.

fiatjaf 10mo ago 💬 1

There is no perfect privacy on the internet. Better use in-person communication.

Nostr, specifically, was designed to allow public communication, so trying to fit privacy in it feels somewhat wrong.

Still, Nostr can do a reasonable enough job at privacy, we just need more and better software but we're lacking developers (and users to justify development) at this point.

What do you mean by privacy, though?

Latrica 10mo ago 💬 1

Thanks. I know there’s no 100% privacy on the internet. The internet was created by the US government. You’ll never be able to fully “hide” in the house they built. I always advocate for in-person communication for the most private things. Anything sent over a “wave” is never 100% secure. But I still do things in an online world while understanding the risks and issues. I’ve said a similar comment about in-person communication in the past. I get it.

With that said, I’m simply sharing what others might want and expect in a digital world. I don’t mind public communication. At the same time, online harassment and bullying is real. Stalking too. Throw in spam and bots and people might not like it.

Full Privacy = A random stalker can’t see a user’s posts. A random stalker cannot comment on a user’s post. A random stalker can’t follow a user.

This is the type of privacy available on other social media platforms. This is what others would expect. This is what they’re used to.

With better software and developers, is the above “full privacy” option possible on Nostr? It can be a paid option. A premier service, which can also create a monetization/revenue model. People will pay for premier service (in this case privacy) if the service AND experience is top notch.

fiatjaf 10mo ago 💬 1

I think you're talking about many different things and putting them all under the same broad term "privacy".

We can offer reasonable protection against stalkers and harassment, that has been one of my biggest worries for a while. The solution goes through flexible and dynamic relay selection. I've been trying to raise this with other developers and users. Clients need to deal much better with custom relays, relay feeds, browsing relays and picking and sharing relays and relay sets for different use cases. https://jumble.social/ is going in the right direction. https://github.com/mikedilger/gossip has many of the necessary tools already. Apparently https://coracle.social, https://nosotros.app and https://damus.io/notedeck/ are also making some moves, but I don't know for sure if any of these share the same vision.

Latrica 10mo ago 💬 1

The broad term “privacy” is what others expect. Ask users what privacy means to them if you complete user research. I’ve done the research.

Let me try again in another way…

Let’s assume I want to create my own client. And let’s assume others don’t share the same vision. And let’s assume I have my own developers. And let’s assume I have enough users who want this feature. I want to know if the following 3 things are possible on Nostr.

*A random stalker can’t see a user’s posts, images, videos, etc.* Is this possible on Nostr if I had the right software, relays, and developers. Yes or no?

*A random stalker cannot comment on a user’s post.* Is this possible on Nostr if I had the right software, relays, and developers. Yes or no?

*A random stalker can’t follow a user.*

Is this possible on Nostr if I had the right software, relays, and developers. Yes or no?

fiatjaf 10mo ago 💬 1

1) Yes, if the user posts on a restricted relay like https://lockbox.fiatjaf.com/ then the stalker won't be able to see. For this to work perfectly we just need a bigger move in the ecosystem to outbox model and that the remaining popular relays (nos.lol) adopt NIP-70.

2) Anyone can comment about anything they see, the question is who is going to see the comments. If a user specifies inbox relays that are unaccessible by the stalker and then only reads from such relays then the stalker will only be left to comment on other relays that no one -- or at least no the target user anyway -- won't read.

3) To "follow" just mean to read someone's posts, so this is the same as 1.

Latrica 10mo ago

Thank you for answering my questions and elaborating. So privacy to a degree can be achieved. (Even though you told me it’s not possible 🤔). I knew there was some type of measures that could be implemented. 🫂

Are there any wishlist things you would like to see accomplished regarding privacy? What bigger moves would you like to see in the ecosystem? It can be about anything including privacy. And how could they possibly be accomplished or implemented? Basically, tell me your wishlist things and the potential solutions.

spade 10mo ago

theoretically speaking..

implement a default encryption on all a users posts/comments/events, distribute decryption keys to any user the same way you'd accept a follow request on a centralized platform.

i'm not well versed in this area, but maybe something like what nostr:npub1zuuajd7u3sx8xu92yav9jwxpr839cs0kc3q6t56vd5u9q033xmhsk6c2uc is implementing in #whitenoise for encrypted group chats.

cloud fodder 10mo ago 💬 2

wish i could see what this reply was in reference to but since im tagged i will chime in that it sounds like you dont want messages to 'leak or be tied to your main nostr identity'.. so, use or build tools that take advantage of AUTH, multiple keys+single session, a relay you are in control of, and nip70 sprinkled on top.

relay.tools can set these types of settings, but its mostly proof of concept for anyone wanting to head down this path (thats what the "turn on anon posting button is for).

Dikaios1517 10mo ago

She's wanting privacy on Nostr, defined as random stalkers not being able to see her posts, comment on them, or follow her.

cloud fodder 10mo ago 💬 3

ah, in theory, thats pretty much what lockbox does. its very lonely in there tho 😂

Dikaios1517 10mo ago

Great. Now make it 3 easy steps.

cloud fodder 10mo ago

the three step tutorial:

go to https://jumble.social , add wss://lockbox.fiatjaf.com to its own relay list , never use any other client or relay list.

ez! 😁

Cody 10mo ago

🥶

Latrica 10mo ago 💬 1

If privacy isn’t addressed, Nostr won’t scale. Also, if Nostr is the purple pill that links people to Bitcoin, good luck with that strategy. The retention is dismal.

Dikaios1517 10mo ago 💬 1

You keep throwing around the word privacy. Can we dial in on what you mean by that?

Do you mean that you can block certain people from being able to see your content, or do you mean that you can hide what certain people are saying in response to your content?

If the latter, that is what NextBlock is going to be doing, and what can be achieved in a bit different way with Coracle as well, by hiding any comments that didn't come from people within your web-of-trust.

If the former, that simply cannot be achieved on Nostr unless you are running your own private relay where you control who can read from it and write to it.

Latrica 10mo ago 💬 1

Full Privacy = A random stalker can’t see a user’s posts. A random stalker cannot comment on a user’s post. A random stalker can’t follow a user.

This is currently an experience available on all popular social media platforms. This is an experience that some users are used to having. This is an experience that some users prefer for many reasons.

Dikaios1517 10mo ago

And it is absolutely still possible with NextBlock. A random stalker will still be able to see your posts, comment on your posts, and follow your profile to see your future posts in their feed.

On NextBlock, you just won't see any of their posts or comments.

If you want a private community where only the people you want to see your content can see it, then you need to control the relay where your content is accessible. There is no other way on Nostr.