Nostr Web Client

A key is not an account. Doesn't it just stop there?

Fingers crossed yes. But when politicians, lawyers, etc are involved… Who knows? I think that public relay operators like nostr:npub1nlk894teh248w2heuu0x8z6jjg2hyxkwdc8cxgrjtm9lnamlskcsghjm9c will test the waters first. But I really wonder what's everyone plab will be (if any).

Is it the domain name that you tie to your person (i.e. the legal identity you choose to use) that is the legal attack vector?

If we use #pubky servers or similar for hosting our Community and Personal content, what attacks are we talking about then?

Anthony Accioly 5mo ago 💬 2

In terms of what would hold up in court, I really can't say. I don’t want to sound too relaxed, nor do I want to paint too much of a dystopian picture… so I’ll focus more on the technical feasibility of deanonymising someone.

Yes, DNS is a major one that projects like pkarr, Onion Services, etc., try to address (pkarr is still pretty new, and Tor is no silver bullet). But for personal users, there are a gazillion other layers that can expose them, from software running on their mobile or desktop (starting with keyboard apps, AI tools users have "authorised" to learn from their behaviour, to shady background daemons like Meta was using to the OSes themselves …), them there's your ISP if you're self-hosting, CAs if you are using HTTPS, CDNs, the VPS or Cloud provider provider you're renting hardware from all owning bits and pieces of personal information and metadata that can be pierced together to paint a picture. Then there are all sorts of fingerprinting techniques… and about a gazillion other possible deanonymisation vectors.

Again, I can’t say what would hold up in court, but I’d work with the assumption that, for the vast majority of people exposed to Nostr, the authorities can figure out who’s behind an npub or operating a relay fairly easily.

JEC2K 5mo ago

#GM Fren 🌞 have an amazing day today https://youtu.be/wqCz3-v3PHA

Mike Dilger ☑️ 5mo ago

What I decided to do with chorus is that the inbox events are visible only to the people that the relay serves, which in my case is only 3 people, and the event's author.... until I actively approve them for public view. This prevents illegal content from being disseminated from my relay (even if it might arrive and get stored). The downside is that some people watching the conversation don't see the conversation in real time (if they however follow the stranger, they will see it from the stranger's relay). Sometimes I may go many days without moderating events on the relay, I've been pretty lax about it.

This is an interesting solution. Thanks for sharing! Haven could sort of do the same for the Inbox relay, for example, provide an optional admin interface where folks could release or deny events they’re tagged in (all behind a flag; by default, it would simply auto-release all events). Then it’s up to each relay operator to "validate" the npubs however they see fit. If they really want to go out of their way to procure people’s documents, face scans, or whatever, that’s totally up to them and outside Haven’s scope.

I'm getting so many requests and ideas that require an admin page… Haven really, really needs a frontend person, or you folks will soon have to deal with my HTMX-powered "lazy backend" UI 🤣.

I'm building npub-validation into Zapchat.

If we find a way to do this with events, you don't need the admin panel. For that part at least.

Silberengel 5mo ago

nostr:npub1qdjn8j4gwgmkj3k5un775nq6q3q7mguv5tvajstmkdsqdja2havq03fqm7 nostr:npub1wqfzz2p880wq0tumuae9lfwyhs8uz35xd0kr34zrvrwyh3kvrzuskcqsyn This isn't a dumb idea. A waiting room.

I guess I'm not understanding, that along with implementing something like this.

MichaelJ 5mo ago

I think it makes sense. If you're not already trusted by the relay, you and your messages sit in the waiting room until they're reviewed by the relay owner/curator.

I would even say that we need two layers here. One to release all events signed by a certain npub you t4ust and other to review events signed by anims one by one. Blog comment moderation style.

Silberengel 5mo ago

Whitelist = auto-approved

Blacklist = auto-disapproved

Graylist = waiting room

nostr:nevent1qvzqqqqqqypzp22rfmsktmgpk2rtan7zwu00zuzax5maq5dnsu5g3xxvqr2u3pd7qyt8wumn8ghj7mnfv4kzumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qpqtayhwf9x2jrq260tpqd26d07m2mr0v6vjj3ykuqj2vf248k8p0gqsfpp5r

What do you guys think about using Badges like this for relay access?

Silberengel 5mo ago

I prefer NIP-05, but that also works.

I can't do invites with NIP-05

yes you can. you can create a nip05 on someone's behalf, they dont need to have it in their kind0

Of course, but then I need an API so that people who already have a nip-05 can create (pending) nip-05s from within my apps.

Or if need an event for a Nip-05 invite or sth. But then the relay had to look at events as well and then the Badge solution wins.

Members need to able to invite others by directly handing them out write access. But only one level deep.

With nip-05 that gets complex fast

any source of access can be part of the Web Of Access (WOA). i am unsure about badges, i couldn't figure out from reading the spec if they were revokeable, but i assume you thought of this..

Deleting from the community relay = revoking already.

Good point tho, I didn't make that clear.

Second way of revoking is removing the badge from the profile label (or badge awarding event) of that profile.

How do we handle waiting room though? Since signed event dates can't be changed, if a user publishes one day then a few days or even hours later the note will get burried by any client that shows chronological right? So if it takes an operator days to respond, any social even its basically unseen. I say this as it just seems like either get on the whitelist or don't bother posting to said relay unless the operator responds quickly.

I could see this being more useful for content that doesn't require timing.

Your relay could just keep track of the waiting list IDs and the time they were first known to the relay. You need to keep a list, right?

I suppose, but I'd also assume that clients use the note time to display notes not relying on the relay to return notes in any known ordering. So clients displaying chronological notes would burry old notes.

Oh, yes, but that's the problem of the person who didn't get themselves whitelisted.

Right but then why bother with the grey-list then? Just whitelist or don't share the notes I guess. No one is going to check if their notes are propagating on relays, they just hit send and hope they get reach, but sitting in a greylist you'd just sit there wondering why your note never got reach. Grey-list meaning it requires manual human intervention, otherwise it's still just a whitelist/blacklist with spam-filters. How many relay operators will be minute-level attentive for social feeds? We both know that nostr is highly time based right now. There are all kinds of dates and times that are optimal to get even just your closer friends to see your notes.

We're moving away from that strict chronology. And it's worth waiting, to appear under an article in a magazine.

Think of this from the relay operator’s perspective as well. You care less about immediately releasing someone else's content and more about filtering out bots and weird stuff, but there may be new people writing interesting content worth spreading around.

If they do it often enough, you’ll eventually whitelist their npub. But if there’s no grey middle ground, you’re forced to choose between allowing by default (and risking the spread of awful content) or blacklisting by default (and creating a bubble).

Another way to look at it is the GitHub-like PR model: send enough helpful PRs and you may eventually gain write privileges my repo. IMO, this is a fair middle ground for moderation.

I agree with you that this should be mentioned somewhere to make users aware that their notes might remain in limbo for a while...Maybe via NIP-11.

As for making sure operators don’t simply forget about notes, maybe daily reminder emails? That’s what Mastodon offers.

ChipTuner 5mo ago 💬 2

I think it's going to take me a bit to get comfortable with the usefulness if this proposition. I agree with the argument, but still not sure it works in the benefit of the user any more than simply begging for the operator to whitelist them, to which the operator would look at their past notes stored on another relay perhaps and choose to authorized them.

Not to mention were simply discussing non-paid public relays I suppose. This also only works if the number of notes to review is low enough to interact. I think were just discussing a human high-level filter.

I guess my final thought is, does my opinion matter here? This sounds like a relay feature/implementation detail. The relay should allow for this to be enabled/disabled and offer an admin interface for implementing this.

My whole software dev MO is optional features. Build it, but let me turn it off/on.

> As for making sure operators don’t simply forget about notes, maybe daily reminder emails? That’s what Mastodon offers.

Also who am I to say what the operator _should_ do. What I do know is what I would do, and that's check it whenever I have a few seconds of "free" time. It would probably never happen, so that's my bias!

On my side, I was thinking more about personal or small community relays. But honestly, even at scale, it’s either a big team of human reviewers or a mix of that and algorithms à la big tech social mefis (and given the current state of things, I’d much prefer to go back to the army of mods).

My take is: give operators the tools and let them decide.

Want to whitelist everyone by default? Fine.

Want to blacklist everybody but yourself by default? Also fine.

Want a moderation queue? Here you go.

Want to be notified about new items to review? No problem, just let me know the level of granularity you want for notifications.

This is what we can do on the relay development side without imposing our own views.

Hard to disagree with that proposition.

Just hard to implement and put code and hours where my mouth is 🤣. But we'll get there :)

one commit at a time. :)

Active human mods are underrated. The Internet was much freeer, back when there were lots of communities with real mods.

with a mix of real mods and lightning captcha.. i think we can go very far. 🙏

Mike Dilger ☑️ 5mo ago

I just want to see replies from strangers, without letting them use the relay to send material that would get me in trouble. Maybe I never 'release' their notes. How bad would it be? All of their followers will still see their reply (posted to their outbox as well as my inbox). Only my followers would not see it. Unless of course I wanted to reply to it, in which case I would release it and reply.

Mike Dilger ☑️ 5mo ago 💬 1

You are right it is a problem. I've always felt bad about this aspect, that I was breaking other people's experience. But I can't think of another way to be sure that I'm not going to get in trouble.

We need more thinking on this area.

cloud fodder 5mo ago 💬 1

since nostr clients have largely ignored relays, autopiloted their users into them, collected a majority of zaps and monetary support, and been so public facing while not caring about any of this stuff in a cavalier way..

guess what, clients are more likely to get fucked than relays. so it's hilarious actually, that nostr's knee jerk reaction was "what will relays do?!!!". The same shit we always do pinkey.

they may try to pawn it off on relays, their attitude suggests this, but any attempts to mess with nostr is just gonna go straight to the play store and put the hammer down there first.. NOT some json backend thing the client doesnt even show.

Agreed... Client devs, especially mobile client devs, may be low-hanging fruit. And I guess that “My client just provides a WebSocket between the client and the relay” will work about as well as the old “Demonoid is just an indexer and search engine” excuse.

Still, as someone almost strictly on the relay side of things, I don’t think pushing all responsibility to clients with a "I’m just running some JSON backend thing" stance is going to hold up either. At a bare minimum, relay software should offer proper tools to manage Kind 0, Kind 1, and NIP-23 content. And folks running additional things like Blossom, NIP-96, etc., need solid ways to moderate media.

At the moment, Haven has neither. Well... the moderation tools are basically the file system and a database client 😅. I haven’t played with relay.tools myself, but given the scale of some relays running on it, I assume you already have some moderation tooling in place. I think that both client and relay software devs have to work with operators (and you and I are both people playing both roles at the moment).

we have spent far more time focused on this stuff than clients have. so I'm just pointing out, the irony of not a single client user asked any questions. just relays. 😅

Lol, got it. To be honest, I don’t have much access to client devs (and for the most part, I don’t even know where they hang out to begin with). I started this thread mostly with relays in mind, since the “Other things” folks seem to know what they’re doing. I really can’t say what they’re discussing at the moment—but I do wonder if there’s a plan.

nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn, nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr, nostr:npub107jk7htfv243u0x5ynn43scq9wrxtaasmrwwa8lfu2ydwag6cx2quqncxg, nostr:npub1cesrkrcuelkxyhvupzm48e8hwn4005w0ya5jyvf9kh75mfegqx0q4kt37c, nostr:npub1syjmjy0dp62dhccq3g97fr87tngvpvzey08llyt6ul58m2zqpzps9wf6wl, nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z, you’re some of the cool client devs I’ve had the chance to interact with. Some of you even reply to me occasionally 🤣.

Are you planning any changes to your respective clients in terms of moderation and compliance with the whole age verification thing?

hzrd149 5mo ago

> Are you planning any changes to your respective clients in terms of moderation and compliance with the whole age verification thing?

I thought about adding it as a joke... because there is no way I could verify a users age

That said I agree we really need more moderation tools for relays and blossom servers. I'm just not good at building backend applications 😞