nip05 badges are probably a mistake. One of the most common questions I get is “how do I get verified” and “please verify me”. Very rarely will nip05 badges mean anything close to verification. Maybe for rare cases like mine where my domain is the same as my username, but most of the time it just means “some random domain points to my pubkey”.
Thinking I should remove the badge altogether.
Besides, nip5 services do zero verification so the whole thing is pointless. Just more rent seeking.
Yeah, it’s way to Twitter-ish
I still think it would be useful for those who can verify via a site they own can.
My host doesn’t allow me to but I would if I could
or maybe add more badges.
change the perception of what a badge means - in video games they mean achievements, not verification
Please god, not more badges lolol 🙏. Toggle off badges loading on profiles would be good tho 🫡
Or probably have a limit on how many verifications a domain could give? I still think it’s a good idea, but unlimited verifications just makes it useless.
How will limiting them stop an impersonator?
It doesn’t stop impersonators, but the domain itself could be a verification, a self evident one, like a jack from cash.app is probably #[4]
Also it would remove the services giving out unlimited verifies. So the verification would mean so much more.
It helps a few for sure. Anyone in that position can probably go through the process. Just won’t help non techies.
They could own a domain and there could be services that makes it easier to get verified on your own domain. Getting a domain isn’t that hard for non techies?
It is
Then we should have a nostr based DNS 😂 much better than Twitter Blue
I think it was saylor who proposed bitcoin deposits for an orange badge and if you misbehave you lose it.
I kind like this idea. Just need to work out the technical details.
Maybe combine it with some other form of verification. And make the cost not trivial.
Pay $50 worth of sats and must be oked by 3 verified people. Or 10 unverified + payment. Just an idea ..
imo verification can’t be achieved. A better model is NIP-05 for early sharing identifiers, combined with web of trust via who follows whom. True verification is trusting a centralized service that has checked someone’s state issued ID.
Easily sharing*
Aggregated trustworthiness is something I am super curious about. Could anyone point me towards info on how this could be tackled? I found some theoretical papers but not that much on implementations.
There was a verified human initiative but they verified me as a cat… not sure if I can trust that.
🤣🤣🤣 they get to decide, not you
Yah but I could have been a long term scammer…
You could still very well be… 🤔 is this « look this is my face » act just part of the long con
Exactly. You never know, I could be the bad guy.
When there is in writing that we shouldn’t but at best learn?!
I’m afraid arguing she was dressed slutty to rape in the shower is weak excuse when not supposed to be in the shower, no?!
Guess the corrupt and stereotyping see that as a time to go rape and piling.
Building the traps.
Us non dev plebs are fucked… Assessing trustworthiness is a bitch. Offline, online. The only way I know how to deal with it is to pretend to be stupid and naive and see if ppl try to take advantage of it.
… problem is, I am often truly stupid and naive.
Anyone of prominence who cares about this should have their own domain one would think.
I do not disagree. We can make it easier for sure, but people need to learn to take domain names seriously 🤷♂️
I knew it!
More in the way of looking at interaction between users, diversity of network, frequency, duration of formed links (especially this last one). Easier said than done… would probably be easier to apply in a commercial context.
Trust is a link maintained over time. There must be ways of looking at this that could provide meaningful insight.
(I got attracted by the concept of decentralized academic accreditation. It would mostly rely on multiple streams of human feedback, assessing the trustworthiness of the human giving the feedback is key and rather problematic)
https://firstmonday.org/ojs/index.php/fm/article/view/3731/3132
This one was intriguing, on models for aggregated trustworthiness.
Yeah it seems better suited to centralized systems
Like a WoT solution ?
Who makes me lose it? 🤔 but I like the idea, essentially we can pay for other peoples verification as well , which sounds much more genuine
Something has to be done on the game theory side of things for Nostr. When people risk to lose something or not gain something they act differently. How to keep everyone on best behavior?
Sounds like a hierarchical kinda faggy let me know what you like in yer butt kinda thang.
No one tells me how to behave.
Misbehave meaning scams..
It's time everyone grows up then. Safety for the misinformed always leads to less freedom for the real people.
Really? Then what does all scams mean but social rapist?
That’s just proof of payment tho
Why are you attempting to nerf the only thing that can save you? Sus.
It does seem to add an extra layer.
NIP-05 services are friendly username services. They’re more like DNS than any sort of verification.
As it was explained to me it's an identifier not a verifier. An easily searchable human friendly searchable id.
I like it as a verifier tied to a domain you own. I never understood using a nip-05 to a domain you aren't affiliated with until it was explained to me as an identifier.
Last week #[2] used his "verification" to alert people from been scammed by a fake profile named Derek Ross too.
I did! It's an online identifier. Self verification, at best, but I've always hated calling it verification because the spec never mentions verification and only mentions an identity. Your Nostr address is like an email address.
In winter 2022 it was a good commentary on the culture, like “everyone is everyone” here. In recent weeks tho with other apps doing it for fiscal reasons v the humanity that everyone is everyone - indeed the purpose of NIP05 gets lost in the shuffle. Fine to do away with. Be unverifiable as your brother from another mother says :)
When I first joined, I thought it would serve the purpose of avoiding sharing long npubs (scary to many people) so not really verifying anything, more helping searching and sharing identities.
Side note on NIP-58 badges, which I thought were kind of useless. Some people are starting to use them to manage communities, as one can quickly follow all the people having a badge.
Would be nice to have a way of seeing people badges in damus at some point, mostly with the intent of a one click follow all option.
Nip-05 providers made sense in the beginning when it was the cool new thing and everyone wanted to try it. But get your point now. I could see every client maintaining a list of "rubber-stamp verifiers" and simply not displaying the identifier for them. Could be a bit like Whac-A-Mole though...
Just think it would be a bummer to not let people tie their identity to a domain they own...
Anobody propose other ways to prove authenticity of npub?
What does damus currently display? Seems wild to have display name, username, npub, nip05, lightning address, a thousand badges waiting to load. Bit of a mess, really. Imo imo 🙏
To me it would be useful, for example, for bots or services operated by an organisation.
Would it be nice to have an alternative before removing?
I’m only thinking about removing the badge to reduce confusion. Not removing nip05
Understood. That’s indeed what I interpreted. But then as a user, what’s my alternative to get a « verified » badge? Especially if I paid a fee sats to get nip-05 « verified » (I am not speaking for myself 😅). People tend to want to reproduce what they know from other platforms and what the majority of the pack also has. I don’t really have an opinion, nor an attachment to the badge, I just wonder how users might react.
How about Damus Not a Bot verification? Find a way to verify who isn’t a bot, give user a badge in completion. You could make it one time and expensive payment, for example 20-50k sats or tier payment system with different color badges (dev support purple badge). This way we would have some new type of verification and you would get extra income.
I agree
you can't remove something that people have paid to have. many NIP were paid 🤷♀️
Some sort of verification is definitely needed. 95% of people have hosted nip05 by someone else as you sayin, that's like 0 verification cause host can quickly remove your badge and give the badge to fake account. I'm ok if domain is different than your username as far as you have access to change it by yourself, but access is hard to verify.
What is/was the difference between the purple check, gray check, and head icons?
Maybe you could add a blue check combined with a $8 membership? Just kidding 😀
I’m glad we finally came to the same conclusion
But in many cases it’s not some random domain—although it certainly can be. It’s a handful of recognizable domains and also sort of a group signifier. Not saying it’s the end all be all of nostr verification, but just some thoughts.
Besides that issue, it would of been better to have the accounts in DNS and not need to point to a server at all. But yeah…
This has been discussed multiple times. Web clients would not be able to verify in that case.
The ultimate question is how to verify simply for the masses. I’m not against paying some sats to do so but not sure of the overall mechanism…
Yeah, that might be the sanest route.
It’s really not verifying anything in the sense of how most people think of that term
Perhaps we'll have a single domain (nostr.org) that handles user lists so that duplicate users are impossible
A single domain would cause centralization. I’m not for removing checkmarks unless there’s something else to replace it. Many of us who self-host them use them to link back to our domains. For example, I use mine to help promote the #Nodestrich community. They are part of our online identity here and we’ve put energy into building our individual brands.
Hard Agree. Verify yourself through proof of work.
You should remove it. Or at least probably change the name nip05 if you target the average user. But can’t lie, it gives you the feeling ‘oh I’m doing something cool’.
It's not verification. It's an online identifier. Read the spec 😁 Damus and every client that calls it verified or mentions verification is wrong. Your Nostr address is akin to an email address. That's it.
You should keep it NIP, change the field to Nostr address, and remove the word verify throughout the client 🤙🏻
I’m on board with that. We are making things too technical by talking in NIPs. Users aren’t scouring GitHub to figure out what’s going on. They just want stuff that works without reading all the documentation.
Exactly!
I've been asking clients to adopt this for a while now. Two clients call NIP-05 a Nostr address now. Snort and Current.
Me searching nostrplebs.com looking for the word verify. Wtf is wrong with me…
So it’s really there to share our npub without scaring people with the format, and improving searchability? maybe I am not that stupid after all.
Yes. That's why I've been calling it a human readable format for your public key for 5 months now. We don't call it verification because the spec never once mentions it. I only mention a verified checkmark because clients mention that and because of that, people search for it. 😉
你自己不喜欢也没必要删除吧?之前不喜欢 #Likes 点赞,直接开发个 #OnlyZaps 而这次不喜欢 #NIP58 徽章,又想要怎么办?其实可以宽容大度一些,你不喜欢,不代表别人也不喜欢。
lightning:cndx@btcdv.com 🐇ᥬ[🐕]᭄🌿
You actually have the power to make NIP-05 mean something… Just start treating the relays that are listed in NIP-05 as mandatory. That would serve a variety of purposes…
1) The user can make sure the relays they pay for never accidentally get dropped from use if they get them listed in the NIP-05 relay list.
2) Organizations/companies that use NIP-05 to validate that the person is part of their organization can mandate their relays be used so they can monitor what's said using their official accounts. (If you don't like that - don't get verified with them - or temporarily switch or disable your NIP-05).
When you think about it the NIP-05 relays can't be changed by the user (unless the user controls the domain). So it was written to give the domain owner, not the user, control over that particular relay list (whether it was intentional or not). That's actually it's advantage over NIP-65.
NIP05 is for branding and vanity just like domain names.
Good branding makes it easier for others to find you.
What does jb55 even mean?
What about linking it somehow with a pgp signature?
are we gonna do what bluesky is doing ; domain usernames?
that's what they are. nostr addresses are exactly this.
Would be interesting if clients provided an indication as to the number of pubkeys a domain is mapping in that nostr.json file.
To me, If it's thousands, it carries far less weight then one only serving for say, a dozen or so.
Right now I just consider well known ones (nostrplebs, nostrverified, iris.to, nostrcheck, etc) as being a pretty much free for all pay to play.
Anyone that's able to pay for relays, support developers and such should be able to spend about $10/year on their own domain and setup their own managed nip05. It's not rocket science. It's more work to setup a VPS, or a typical Site ground website or woocommerce or Shopify store.
it's unrealistic to think that if nostr gets as big as we hope, that we're going to have millions or even billions of individual domain names being registered. could you image? LMAO! people haven't done this for the 40 years that email has been around. they're not going to do it for a nostr address if they didn't do it for an email address.
Spending $5 a year to get yourself “verified” is a big ask? Then why are you charging them 20,000 sats for the same thing! 😆
1) i'm not. it's a one time fee.
2) the overwhelming majority of people will NEVER buy a domain name to host their email address or their nostr address. they just want to click a button and pay for a service that gives them what they want.
If you make it the only way not to get impersonated on Nostr, they will. Your reputation means more than $5 a year.
You can't impersonate me. Only one derekross@nostrplebs.com will ever exist. Ever. Now, some clients don't check the validity of the Nostr address by calling the JSON to verify the ID matches the public key. However, they show an invalid indicator.
What is stopping someone from registering derekross.com and pointing your npub to derekross@derekross.com
Someone could, but that's not the Nostr address that I've been using. My identity is derekross@nostrplebs.com. if you get a new email address, you email everyone and tell them hey this is my new email address. The same goes for your Nostr address. You'd post and say hey this is my new Nostr address. If it's not from the same npub that you've been following them you'd be suspicious. This would be harder for new users that were looking for the correct Derek Ross to follow, but a little bit of work helps to alleviate pain points.
Wouldn’t it be better not to have something like “I’m verified” and for everyone to be free to decide whether to do it or not? The idea in #nostr of your being able to communicate anon but that there is something that guarantees others that you are human writing and not a bot is wonderful.
But it wouldn’t be better to be able to identify the bots and force them in some way to verify themselves as bots. This way, the rest of us will be able to know who we interact with.
Crazy idea.
Just limit it to your own domain. If someone is willing to do the work to pay for a domain name so he won’t get impersonated, I don’t think he should get penalized.
It could have some meaning for organizations, public figures, influencers and celebrities
How about you make it so that it points to something that has to be verified by signing with your private key?
can you just remove the symbol and keep the link? then maybe it can still be used for authentication without people treating it as a status symbol.
That’s the plan
sick 🤙
Make it an @ sign and truncate the name!
This makes more sense tbh. It makes more sense to connect it to what it really is, rather than a structure analogous to something in trad SM
I wish I could find it, some designer 4 months ago made a really great graphic explanation of how this would work.
it’s not ideal tho, iOS and many other digital environments see a @ sign in the middle of words and assume email address, which is a known complaint about mastodon so it’s been avoided here, some nip 05 providers even offer email forwarding 😅
maybe we need to take a hint from bluesky and change to a period so you would be @bob.nostrplebs.com instead of @carol@nostrplebs.com I’m not sure the double @ sign here is technically doing anything
Double @ is confusing for sure.
Maybe something like @Name::site.com
added you to the club 💤
Bens better watch out
Reading this, there are some great comments on NIP badges use cases, such as verify owning a domain and other badges, like NIP-58 as community badges.
I like the concept of verifying domain ownership and affiliation to a domain owned verified account.
Similar to uses by agencies or individuals associated with an organisation.
Hope you will hold-off and let it rather play out. This is a new space in identity with how it’s separated in #nostr.
NIP05 has utility, it already helped form tribes and connections for new users. It helped launch nostrplebs and thus nests.
Saylor just made all microstrategy email addresses Lightning ⚡️.
We don’t know where this is going but this is a good solution with limitations today. Other areas might integrate later on and NIP05s role could change so please, keep it around.
Let’s see how things evolve a bit.
