Subnostr

Dreaming about a convincing nostr onboarding:

- Ask my mom to use/download a web/desktop client and register.

- Find her by username, asking to confirm the npub.

- Send each other a few DMs.

- Kindly request all you to welcome her with some zaps.

- Show her that she now has 5k sats in her wallet!

- Ask her to download a mobile client, press "share login by qrcode" on the desktop, scan the QR code with the app, done.

- Point out that the 5k sats are shown in the app too.

- Watch her take a walk and buy a coffee from the app.

- Read her note where she thanks all you showing a pic of an espresso.

- Receive a reply to my first DM saying "You are right, nostr is great!".

Reply to this note

Please Login to reply.

Discussion

Derek Ross 2y ago

🥹 it's beautiful.

We'll get there soon.

daniele 2y ago

We are all building it, step by step.

Gigi 2y ago

Us, our kids, our moms. The three target demographics of #nostr onboarding.

daniele 2y ago

This.

MAstr 2y ago

Hey nostr:npub1dergggklka99wwrs92yz8wdjs952h2ux2ha2ed598ngwu9w7a6fsh9xzpc

do you really think NOSTR is ready for kids now?

I have some doubts.

I think it is possible to teach them how to deal with the freedome. But i'm not sure if all is pumping up at NOSTR our kids are in a safe hafen.

In this specific scenario i would be open to accept some sort of content filters.

Maybe we should talk about a Kids Client?

Do we find somebody to develope?

What you think?

Mateusz

Slimer 2y ago

- Tell her not to go to global

Niel Liesmons 2y ago

What do you mean with " asking to confirm the npub"?

daniele 2y ago

Searching by names can show duplicates, of course. So a good habit could be to show newcomers how to check the npub; because this is quite long, we can use and usually trust its "fingerprint", for example, the common four starting and ending chars: npubXXXX...ZZZZ.

Me: Mom, which username did you choose?

Mom: Maria, I used a purple cat as an avatar!

Me: Ehm... a lot of Purple-Cat-Marias around, check in your profile, it is npubXXXX...ZZZZ?

Mom: Yes!

Maybe the "fingerprint" idea could be standardized in a NIP and pushed as best practice.

Niel Liesmons 2y ago

Aha cool, I see! Thanks for the lively explanation ;)

Standardizing the npubXXXX...ZZZZ with 4 chars each is a great idea. Most clients abbreviate in different ways and let the npub take up a looot of space.

Is "fingerprint" the term for abbreviating like that?

daniele 2y ago

The fingerprint is usually a string create with an hash function that guarantees the correctness of the information. Using the first/last 4 chars does *not* do this, of course, because the inner part could differ; in fact it is possible to brute force-forge a npub with the same 4+4 chars. Because of that, I used the word "fingerprint" in quotes.

So it is only probabilistic, but it is also unlikely that someone would spoof my mom account ;)

Adding a real fingerprint is possible, but we need a trade-off between robustness and ease of use, I don't know if it is worth it.

Niel Liesmons 2y ago

Seems like a decent trade off indeed!

Also, in the story you wrote: how is your mother holding her nsec? I see an option where she trusts you to hold the encrypted nsec (in a more newbie-friendly nsecbunker) and all she has to do to is remember an email and a password.

daniele 2y ago

Good point. We know that currently the nsec management is critical, because it's the single point of failure of a nostr sovereign digital identity. I hid it in the "register" step, we will see different approaches.

I think that a good and cheap one is converting the nsec to something that the user can easily write down and doesn't seem data garbage (psychology matters), so he is encouraged to do so with care. A BIP39 seed phrase seems a decent solution. Snort already proposes it.

Maybe clients could offer the option to add an additional passphrase too, so the seed can be shared with a semi-trusted party (ex. a family member) for backup.

The nsec can be encrypted locally and the app requires just a password/pin/fingerprint to unlock. Gossip and Lume already do this (the problem is more sensible in the desktop env because apps are not sandboxed). This solution is robust, user friendly and discourages copy/pasting of the nsec (with a well done procedure of key generation and backup I would not neither let the user to retrieve it from the app!).

James 2y ago

an excellent standard of onboarding to aim for !