Can anyone enlighten me on how we’re going to identify and „block“ scammers and imposters here on Nostr? It’s hard enough on a centralized platform like Twitter, but how am I going to prove who I am here?
Reputation system?
#[0] #[1] #[2] #[3]
Discussion
Use a nip-05 identification using your own well-known domain!
I’m rather techie and wasn’t able to do it. How will non technical people manage?
Well, it is not so complicated. A good tutorial should do it. You only need to create this json-file and then upload it to your server.
For non-technical people there could be helper apps. The needed json-file could be create by an app so you only need to check it and upload it to your server. Maybe I should program it, can't be that complicated...
In the meantime: Let me help you, shall I create a json file for you? You then just need to upload it to your webserver.
Now that I am thinking about it, yes there are caveats. In some cases you need to configure your webserver accordingly and need to know which webserver you are running on your domain, usually apache, sometimes nginx, seldom something else.
What about adding a NIP-5 file generator feature in the Damus Profile settings?
Could simultaneously help to illustrate the purpose of NIP-5, using a server as a credential, and make it more user friendly.
This should be a webapp, putting it into an iOS app does not make any sense. I would not expect that most people, that run a domain, use iOS to uploadfiles. 😉
You know the technicalities, from a user perspective I just argue I would like to generate critical data from within the client I already have established a certain trust with. Just my 2 sats.
My problem was the .htaccess entry. I did what the tutorial said, but it didn’t work.
Non-techies don’t even get so far.
The current best solution is (1) you posting your pubkey elsewhere, like your twitter so other can verify, and (2) a NIP05 identifier. But there’s problems with both. Posting elsewhere requires users to be able to access “elsewhere” to confirm. NIP05 becomes kind of useless when anyone can go onto a NIP05 service and create a NIP05 with that domain (I can go on alby and get anita1@getalby.com and impersonate you). Best scenario is being able to use your own personal domain as your NIP05 identifier since people will know it’s your domain so only you can choose who gets an identifier there. But that’s also a taxing process for non tech savvy people and not scalable imo.
Thanks, that are exactly the reasons why I’m asking!
Good question 🤷♂️
Self hosted NIP-05 + reputation / network.
A very simple proof of who you are is the fact that people who I trust follow you. The nostr web of follows is basically the PGP web of trust. But with a much better UI.
you can use nostrplebs from #[6] he is one of the core devs. https://nostrplebs.com
We ignore & report them. An individual can stop an npub from seeing their events but anyone should be able to ignore anyone else's events.
Unless I follow you or you reply to an event that I care about, I'm unlikely to see your events anyway.
It's currently already harder to scam people in Nostr. The biggest risk is following someone who hasn't demonstrated PoW.
Isn’t the purple tick a form of verification Brisket?
Yeah - sort of. It shows that the npub is registered with that username on a specific web server.
I could easily register mudge@nostr.com.au and get a tick. The registration tick isn't super useful unless you know the person is registered with the domain. I couldn't link mudge@nostrplebs.com to another npub though.
Ahhh got ya. 👍🏻
reputation system is inevitable in the mid to longterm