true, zaps are not proofs of payment
Discussion
It is still more than enough to trigger an audit.
Do you really want that level of bullshit due to carelessness and bad protocol design?
How is it bad? Use private zaps if you want to not reveal the source of payment to the world
*** Takes one big breath in ***
Here we go....
The nostr protcol is revolutionary in its ability to almost resist censorship completely. As well as having the ability to be able to transfer a valuable currency instantly via zaps. This is not an inherent design flaw in the sense of what it is doing, but how it is doing it.
When zaps are made, depending on the application features. Normally the amount of bitcoin zapped will show up. This is a serious potential security threat and not a good feature.
You can also as you pointed out, figure out a way to get anonymous zaps (already doing that myself). However most nostr users either arent skilled enough to figure it out on their own, and/or are too vain to not want to win a public popularity contest. By showing off zap amounts earned in a single post.
When you analyze this from a behavioral science viewpoint it makes logical sense. Whenever a primate sees another primate doing something that the rest of the group is doing. Then instinctively they will start to feel the desire to join in. So that way they are actively participating in the social group and its native customs. While not feeling left out. A double edged sword depending on what monkeys are seeing and doing at the time.
Now while you may be asking yourself so fucking what? Monkey see, monkey do, more zaps for me, and more zaps for you right?
Let us think about this from an airplane altitude view. By asking several privacy and security focused questions for a comparative analysis of this dire situation.
Would you publicly post your private bank account balance on the internet?
Would a private individually owned small business post their bank account balance on the internet?
If a person is very popular on Nostr and they continue to stack sats at an exponential rate. Should a criminal follow them and pay attention closely. Would it be easy for them to calculate a bare minimum bitcoin balance that they earn in any given week?
If like most bitcoiners they publically admit that they are never fucking selling. Could a determined enough criminal go through their entire post history. In order to calculate a rough estimate of their current bitcoin life savings earned through nostr posts?
If a criminal were able to acquire that knowledge through a very basic investigation. Would that person now have enough financial motivation to target that person online? So that they can actively work to compromise their devices to gain access and transfer their funds.
If that person who is targeted for theft is smart and publically advocates for cold storage. If they post personal information about their location. Could a skilled enough investigator deduce their exact location through local landmarks, or simply an IP address? Making them a physical target endangering their lives, or loved ones when their bitcoin hodl life savings is finally big enough to be worth stealing.
Could a licensed tax auditor also deduce these possibilities simply from their accountant training. Then use it against you in a tax audit to legally steal bitcoin from your hodl life savings in the name of the law?
If these questions and answers are alarming you. Good. They should. Because people are greedy fucks and there are many batshit crazy people here on the internet. So this is probably already happening on Nostr and no one knows it yet.
Either that, or I just gave someone some very terrible ideas and fuck you very much for exploiting them. Lol
Now that we know this is a big risk. Let us ask ourselves a protocol design standpoint. How do we acquire the same behavioral science powered satisfaction for public accumulating of zaps. Without exposing any nostr users to any potential dangers from this big privacy and security design flaw in the protocol?
While each developer can tackle this problem with solutions in their own unique way. As a community we should make privacy and security a vital focus in protocol implementation via a new NIP.
Which is to allow the user to use the zap system as it exists now. With the slight modification of allowing the user to assign their own unique symbols to reflect amounts zapped to them. Without any specific numerical values publically available for everyone to study.
Even a simple color coding, or bar graph system that lets followers know based on overal zap averages for the entire nostr network. How any given zapped post is doing to indicate its overall zap popularity on the nostr network.
This would satisfy the apelike groupthink mentality that we are all hardwired to do here. Without giving anyone enough financial information to make them a hard target.
I believe this is a good starting point for a public discussion on how to address this problem. Security and privacy first as a universal right by protocol design for all Nostr community members. To ensure that we maintain true censorship resistance.
For you may have freedom of speech right here, right now, but not from your jail cell, or the afterlife later.
As a community lets not fuck around and find out to see if one of us gets audited, or robbed. Then get imprisoned for tax evasion and/or killed for a bitcoin hodl life savings. Only after just a few short years of being a popular person to zap here on #Nostr.
Thank you for your time and consideration.
Take care, stay amazing, and have a wonderful evening.
GN