Replying to Avatar Ostrich McAwesome

So basic introduction for anyone interested: I am a gray hat hacker and cybersecurity awareness activist who likes to stir up privacy-centered networks. I have probably met some of you before.

I actually came here looking for a challenge. I've been lurking around here in some form or another for about 4 months now, playing with different clients and tools, even running my own testnet (3 stirfry relays on a VLAN). Mostly I have been focused on the community and how people use different clients. I've been playing with some good open source tools and getting an understanding of how to interact with relays.

Personally I'm not all that into Bitcoin, but I do have a whole BTC in cold storage so I guess I've got that going for me. This whole lightning thing is new to me, I don't really ever spend Bitcoin, and my actual business makes me plenty of fiat.

So far I am impressed with the community. A little too wild-west in some areas since there's hardly any moderation tools, and the community isn't quite interested in the same things that I am, but I do see a lot of advocacy for privacy and digital freedom, and I like that.

But the whole system here is, regrettably, broken. The promises made about Nostr don't live up to reality. A network like this has the potential to become so much more, but there is a lot to lose if it is done wrong.

I intend to help expose these problems. Expect me here for a while. There are a lot of vectors for attack, and I plan to give them all visibility.

Nostr devs, please pay attention. With no centralized network development, all of you are responsible for fixing these issues.
Avatar
JeffG 1y ago

I would love to hear more about what you think the top 2-3 things are that are broken. I get that the network is not very mature when it comes to strong privacy or moderation but are there specific things you'd call out?

Reply to this note

Please Login to reply.

Discussion

Avatar
Ostrich McAwesome 1y ago

Top flaws?

1) Reckless NIP implementation. Too many features with deleterious side-effects.

2) Poor privacy controls. Way too easy to leak PII.

3) Poor key management. One big exploit could compromise large numbers of accounts.

Ad for moderation, I just worry about the commonality of extreme content that will scare away new users.

Avatar
Mike Dilger ☑️ 1y ago

Most people don't care about privacy. Edward Snowden and others have been trying to convince people that they should care. And events where good people suddenly become seen by society as bad people have worried a lot of us, so more people care now.... the excuse "I don't need privacy, I'm not doing anything wrong" doesn't apply to that last case. Whoever you vote for you will have enemies, and you should want protection from them.

I've already commented on IP address privacy - I don't think it should be handled in-protocol. I believe using the web stack puts both privacy and security at risk which is why the client I develop (gossip) runs on the desktop without a web stack. I've tried to include a lot of settings to allow people who care about privacy to maintain their privacy. You can disable rendering media inline automatically. You can disabling fetching of avatars, of media, of checking NIP-05, of fetching metadata. You can run in offline mode. You can include a ["client","gossip"] tag if you want, or can turn that off. You can include a user-agent string if you want, or turn that off. Oh, and your private key is stored encrypted under a password and zeroed (along with passwords) before memory is released.

I intend to give users more control over connecting to and authenticating to relays via whitelisting (slated for 0.10).

I intend to implement NIP-46 in both directions, which will help a lot with key management, especially as other nostr clients and services begin to support it.

As for moderation, gossip allows you to write a script to filter posts using any code you can dream up. We also just added code to not load posts from people you don't follow unless they are on relays you designate as 'spam safe'.

So I think we are on track, and these issues are all being addressed. But there is plenty of work to keep on doing.