Reminder: many nostr clients do not validate event signatures. Choose your relays carefully.
Good morning.
Discussion
I'm so confused.
Do you you have some simple tips/guidelines? I haven't been able to follow anyone for weeks (and guessing it has to do with the relays)
What client are you using?
Possible to elaborate on this for non-tech people?
Sure. A nostr event is structured like this:
{"pubkey":"3d842afecd5e293f28b6627933704a3fb8ce153aa91d790ab11f6a752d44a42d","content":"Reminder: many nostr clients do not validate event signatures. Choose your relays carefully.\n\nGood morning.","id":"4507934f647958e934f3b67fff32c7b5a4b9e5f42042cf98f2f10ba0159db6bb","created_at":1695042973,"sig":"7cc63f85f2b7956280a7124aca7add92741c9f26b78843a082a2c65c79aa4510e7fb097f5c3d3c1f97e4a445e2673c5b955f19ab02d5630b4d1189cfdf4d4652","kind":1,"tags":[]}
The “sig” field is used to validate that my private key signed the note. Most (all?) relays validate these signatures as the event comes in before storing it. Most clients do NOT validate the signature when receiving events from relays. The risk of not validating is that a relay could alter a users notes without detection.
Thank you for that… 🙏
Would verifying the sig slow down the process of loading feeds?
I recall Nostr being super slow, and now it has sped up… but is this the reason?
Or is this purely a security feature to prevent anything/anyone to potentially alter a note?
Correct, it’s a performance trade off. Some clients like Nostur (made by nostr:npub1n0sturny6w9zn2wwexju3m6asu7zh7jnv2jt2kx6tlmfhs7thq0qnflahe) have a toggle to turn validation on and off.
Perhaps some performance trade-offs sacrificed by these clients who verify can be mitigated by implementing a smoother scrolling UX like primal vs damus… but at the end of the day, the notes don’t load fast as is, we would all need to adopt paid relays right off the bat, just to handle the volume of data.
Yeah and it’s actually very funny haha. Not verifying means a faster experience tbh
For sure, and it’s going to be a necessary tradeoff in many clients, particularly mobile ones. I do think they should still validate SOME events (like profile updates) though.
I do think it’s important to point out that lots of our security/trustlessness is actually smoke and mirrors (for now).
I think I might turn it on by default again in Nostur, I had it disabled because I assumed it would be a big performance hit, but after your post I decided to do an actual measurement and it doesn’t seem that bad actually. I will do some more testing to be sure.
What if anything has to be done. In the. Relays
Very cool! For what it’s worth, I totally understand not having it on by default and think having the option is great. I think Nostur is one of the few mobile clients that even has the option.
Perhaps there could be an option to validate some randomly sampled events across a given relay set to keep them honest without necessarily needing to validate every event.
I think profile updates are perhaps the most important to validate as it would be trivial for relay operators to steal money by replacing zap addresses.
Yields! Do all relays validate event signatures?
*Yikes! Damn autocorrect
I can’t speak for every relay implementation on the planet, but every one that I know of does validate.
Thanks. That’s what I thought. But it is possible for a rogue relay to send out invalid events, so clients need to validate.
Indeed, you got it! I think as clients optimize you’ll see more of them add validation. They all wanted to include it from the beginning but ran in to performance issues.
The most important thing to validate is profile updates since those include LN payment addresses.
nostr:note1yvnw45cd7frkkx7ca4mnwqqjvranne045vgynf7w986n2jnkp45qwan0ts
nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z which events does #amethyst validate?
All of them. Even push notifications are individually verified.
Probably some clients don't even verify that events match the filter...