Maybe proof of work/vanity npubs could be a better solution to spam than PoW notes
PoW notes can really degrade performance/UX if we want it to be sufficiently high to compete with spammers
But a pow npub is just a one time delay, which is reasonable for a legit user
Then we expand WoT to trust follows and proof of work?
Maybe everyone should use the first few characters of their npub as their username 👀
I think nostr:npub1qqqqqqyz0la2jjl752yv8h7wgs3v098mh9nztd4nr6gynaef6uqqt0n47m was the first person to suggest this but i could be misremembering. I still think spammers would do the PoW as a way to exploit this wot expansion
For sure they will do it
But maybe it will slow them down just enough that muting and banning could make a difference?
And relay operators could more easily share ban lists?
Although maybe not, if a user mines an npub on a phone for 10 mins, a 4090 can probably do that same work in a few seconds :/
Could add a 'v' tag to a kind 0 event for npubs that specifically want to vouch for other npubs.
yes this was my exact line of thinking which made me abandon pow for most things
PoW makes most sense per-message to stop mass spamming, it makes less sense on pubkeys. But even per message is not a silver bullet because you can spin up many machines these days, i dunno
what do you think about Pow endorsements?
https://pippellia.com/pippellia/Social+Graph/Navigating+the+social+graph#PoW+endorsement
tldr;
- Alice pays 10$ to a miner
- Miner mines a note that reference Alice's npub
- Alice gets her checkmark so she can defend her audience from impersonators
I would have to trust the miner and I shouldn’t need to.
Nobody pays a fortune to aws to spam the Nostr...
May work, but that was possibly where Satoshi got his original idea for Bitcoin from. Based on previous work, use the idea of POW to eliminate spam email. It never caught on for spam email. Nor would it because the global warming people would calculate 20KJ to send an email was destroying the planet.
I like the zap to reply type nip needs this. All my notes would be like that and I am ok with reply guy paying 21 sats for each reply.
#nostr #bitcoinstr #zap
lfg⚡⚡
I'm ready 😅
I've written about it here:
https://pippellia.com/pippellia/Social+Graph/Navigating+the+social+graph#PoW+endorsement
I think it's a really effective approach because the work can be done by a specialized miner, for a small cost.
"Pay 10$ to get a golden checkmark to protect your audience from impersonators" I think it has reasonable product market fit (see X)
The problem is that it is not backward compatible for existing npubs.
One solution could be to use a NIP-32 tag signed with pow referring to the profile. This way, everyone can validate their own npub.
This also allows one to 'whitelist' someone else, for instance someone who has been invited to join Nostr, making onboarding easier and more pleasant.
And the pow level can also be updated (increased) over time, if needed (will be necessary).
this is what i've been saying for the last 6 months, based on my experience with proof of work shitcoins and building PoW consensus algorithms (since 2018)
vanity addresses are a fairly robust proof because currently anything from about 8 characters of required npub (and it could just as easily be hex, there is a rough 1:1 between them just that hex is 4 bits and npubs are 5 bits per character), takes weeks to generate
there currently isn't any significant tech to accelerate derivation of public keys, so the bitcoin secp256k1 BIP-340 X-only key derivation function is the current baseline for each bruteforce attempt to find such a key
but i think it's inevitable that soon there will be at least AVX/AVX2/AVX512 parallel derivation libraries, i remember a couple of years ago seeing some early work and a paper about this
it's a big calculation using modNscalar functions but this is something that can definitely be parallelized, and i'd expect modern processors could see the ~10 minutes for 5 (25 bits) npub vanity key mine pushed down to 1-2 minutes (my key has 5 vanity characters currently, took me 4 days with btcd/decred schnorr pubkey derivation library, but now with bitcoin core secp256k1 library only 10 minutes)
unlike the signatures, which is one of the things that we benefit from in relay and client implementations from the simpler Schnorr algorithm (it eliminates a division operation, which is the slowest) the pubkey derivation is identical between ecdsa and schnorr and the only actual difference is you leave out the first (left hand side MSB) out, be it 2 or 3 normally, it is not needed for either the signatures or for the ECDH shared secret computation
so, yeah, what i'm gonna say is that it is going to kick the can down the road another few years maybe, but ultimately there will be parallel key miners using AVX and if it really becomes valuable, someone will make FPGAs to increase the parallelism
you will see, once you understand all of that, why i'm saying that it's a dead end and eventually will be forgotten
to me you all look like proof of work shitcoiners talking about this stuff, circa 5 years ago, before it became obvious that the game theory causes consolidation of proof of work mining power and why we have the zero to one principle of money (and ultimately languages, in the internet era)
All true, but I think you overestimate how many Nostr-spammers have that skillset.
People with that skillset have much more profitable things to do with their time.
Threat modelling needs to be step 1.
While I do agree with you about people having much more profitable things to do with their skill set…
It only takes one obsessed, very powerful person and one black hat on their payroll (which they have, in abundance)
the replyguy kinda ends the discussion as far as i'm concerned
causing trouble is cheap on nostr right now, that is a threat that needs to be considered seriously since there is not so much risk of a profitable scam attack at this point
we have to raise the price above thet most determined seeker of lulz
Thats why I think there should be a minimum of PoW on every single note, some energy required to post whatever, doesn’t matter if you are a legitimate user or spammer.
just pressure clients to implement NIP-13.
i wish i didn't hear this so often from people
if it's worth money, it won't be within reach of regular users
if it's not worth money, nobody is going to spam
Is reply guy is making money? The cost is so cheap today that even the amount of money lost is peanuts to the average spammer.
I’m advocating for raising the cost floor, not keep it free/cheap as it is today. Not advocating for eliminating spam forever.
I think all here can spend a couple days or weeks (slowly) mining a profile event with some PoW. Whether spammers can do it faster does not matter, they will have to pay the cost for every pubkey which raises their cost floor. They will need to spend in expensive equipment and spend energy to do it every single time they need a new pubkey.
What we have today is zero or near-zero cost.
Also if you don’t want to hear other people’s opinions try getting off the internet ffs and cut the 💩
artificial measures won't make any difference, and i'm sure as hell not wasting CPU time hashing stupid json notes for no effect
i'd rather just directly spend on resources that actually cost money anyway, that would be abused by spammers and scammers if they were free
in the end, you have to pay for PoW, same as with bitcoin, the whole point is that it's profitable, or nobody will do it
we have bitcoin, it uses PoW, that means nothing about any other application of it, and it solves the money problem so we can just cut to the chase and set a price floor for scammers right there in the app
if nobody cares, it's not needing protection, if it's interesting, then you need to charge for it
doesn't mean you can't give other ways to get new users on without first onboarding them to LN wallets, that can come later, referrals, attestations, all kinds of things could fix the onboarding problem
none of this has anything involved that needs PoW
please, just stahp with the PoW
you sound like shitcoiners 5 years ago before nicehash destroyed the PoW mining market and caused it to consolidate and eventually most of them are now gone, except for a very small few like chia, monero, litecoin, there just is no way to have more than a few of them in the world and only one will be really valuable
and if it already exists, you are just setting yourself up to watch it fall down just like all the shitcoins did
i can't believe you have this fascination about PoW and yet you have clearly done zero research on its history and the very few use cases it has actually long term worked for
enjoy your spam
I think its better to have PoW on your profile than on pubkeys. You can re-mine your profile to a higher difficulty if needed but your vanity pub would be stuck.
And it doesn’t need clients to mine every single event all the time, hopefully just once in a long time.
We have paid relays here, I have no problem to pay for each note a couple of sats
Why would PoW notes degrade performance? The compute to verify a signature alone is far higher then verifying the PoW portion.
Or do you mean on the creation side? If so, determined spammers will eventually do that too raising the stakes of the cat and mouse game.
We will only get so far with simple reactionary filters to low effort spammers.
Anyone talking about "degrading performance" sounds glowie to me.
I prioritize censorship resistance over where my loading speeds are at in the modern-day range of loading speeds.
People lived with dial-up once.
Well, I'm so glad I bought vanitynpub.com awhile back 🤣
Total newb here but could the pow on notes be ‘mined’ during an idle time or overnight so in the morning you’ve got x notes ready to go?
