Replying to Avatar Vitor Pamplona

Nostr's main goal for 2025:

Figure out if we prefer single pubkey in all of our apps and thus a single main follow list, single notification feed for everything, single key to send DMs OR if we prefer owning multiple pubkeys, one for each app, so that follows, notifications, profile info can all be separate per app.

There are pros and cons in each. And any solution between those two gets really complicated.

For instance,

- If we use multiple keys, one per app, our DMs will also be on a "per-app" basis and senders for the DM wouldn't know which app you are still using to send you a DM. We would need to declare which key everybody should use for DMs with us.

- If we use just one key, we need to move away from our main follow list event so that each app can have their own follows and all sub-root event kinds (zaps, boosts, reactions, replies, reports, edits, etc) MUST also include the event kind of the root event so that each app can have their own notifications. Since it's impossible to require full compliance from ALL clients, it's likely that some notifications won't show up where they should.

- If we use multiple keys, friends of one app might not be readily available when @-tagging on a separate app. We can try to link all the keys so that Clients can always check information in the other keys to bring up to you, maybe as a fall back mode. But wouldn't that in the long term just create the same one-key for everything system?

Who knows...
Avatar
Justin (shocknet) 1y ago

Key based identity is inherently single key, just need to not be retarded with access control

auth.shock.network

Reply to this note

Please Login to reply.

Discussion

Avatar
Vitor Pamplona 1y ago

You should do a Signer app. There is no need to self-host a signer. :)

Avatar
Justin (shocknet) 1y ago

Signer apps miss the point entirely, its team members and external services need an access controller... Large companies and brands can't bring their value to nostr otherwise

Avatar
Vitor Pamplona 1y ago

Ohhh ok, yeah that makes sense for companies but not really for regular users.

Avatar
Justin (shocknet) 1y ago

Dual use, regular users just want email/passkey auth and it can do that too

Avatar
Vitor Pamplona 1y ago

Not really. In 2 years and 200K installs no one has ever asked me for user+password logins.

Avatar
Justin (shocknet) 1y ago

Bias selection, How many didn't use it at all? or simply lose their keys eventually? not return? not use nostr cross-device?

Nostr is still irrelevant, the status quo is nothing to celebrate

Avatar
Vitor Pamplona 1y ago

How many users do you have?

Avatar
Keneci Network 1y ago

Single key is always better

Avatar
Justin (shocknet) 1y ago

What's a user? A unique key? An "install"? Visitor? Payment?

The only correct answer is not enough.

The only KPI is revenue

Avatar
Vitor Pamplona 1y ago

Sure... But I am trying to understand what is making you think that users want email+password sign up. It would be nice if you have users (not companies) that are using the service with user and password to make your point.

Otherwise, it's just wishful thinking.

If I was you, I would focus entirely on corporate accounts. Those are the only people that must keep their nsecs online.

Avatar
Justin (shocknet) 1y ago

I'm focused on people that have no idea what nostr is and/or don't care, that's the 99.9% of people/companies on the internet not using it.

They don't necessarily want email/passkeys, but they expect it. They can't benefit from Nostr until they're met where they are.

Avatar
Vitor Pamplona 1y ago

The expectation makes sense and I think the product for companies also makes sense. I think it makes way less sense for single users.

But I look forward to seeing how well your thesis does with real users.