Nostr Web Client

I don't personally believe I owe an explanation, as can be seen I paid out some ~400k sats.

But I will echo the point that NOSTR is not consistent. Even in the screenshot you provided of the tool, I know I paid out people that don't show up as paid.

nostr:npub17nd4yu9anyd3004pumgrtazaacujjxwzj36thtqsxskjy0r5urgqf6950x was paid I'm sure, nostr:npub1wmr34t36fy03m8hvgl96zl3znndyzyaqhwmwdtshwmtkg03fetaqhjg240 surely was paid.

The problem I encountered is I lost track of who was paid and who wasn't. I am even sure I double paid somebody.

Each time I took a break, reloaded the pages, switched client, I was asking myself who I paid already. The lists keep reshuffling, accounts came and went from the lists and in the end I was using my own spreadsheet to track.

Honestly, the truth of it is that I got fed up and did not have the time to do the manual labour required to check if all accounts were real, already paid and logging in my personal sheet. Clients load too slowly for me, creating a lot of dead time waiting for loading each user profile before I can even begin my checks.

The way I move forward now, is just to accept that it could have been handled better, so for future zapvertisements I will change my approach.

Setting a total sat limit, asking for a reply to the thread, and setting an end date in the OP would be changes I would make next time.

Up to you if you see me as "scamming". I find it a rather large stretch though, I don't know many scammers parting with 400k sats..

Further, most of my DM's to potential candidates seem to have been lost. So after all this, I am left feeling NOSTR could really do with more user experience consistency somehow.

Leo Wandersleb 3mo ago 💬 1

Sorry if my post offended you. My closing statements were that I don't think you were scamming us but just were overwhelmed by the lack of tooling and defenses against Sybil attacks.

Your definition of "at least 100 followers" is trivial to fake so scammers could make sure to zap themselves before anybody sees the post by generating 40 accounts with +100 followers, creating the post and the 40 boosts but publishing them late by one hour. Now others see the post, don't bother to count and boost, too - for free, as the 400ksat budget already went to the sock puppets.

You did not do that but what would be a more robust bounty? I think it has to involve follows, not only followers. Limit the campaign to follows of your follows. If an account can't be reached via one hop from your follows list, it doesn't qualify. You could of course follow your own Sybils but very simple heuristics could expose that if more devs would take the follows graph into account. If all the zapped accounts form an island in the follows graph, the scheme gets exposed. Any site supporting this type of campaign could expose this trivially.

Maybe nostr:npub1vl38mdazffm0u644zj9lqt00lthuqwvnclqdxzvu0y2cvw4s539s3a5l7q wants to continue work on his too 🤔 or at least share the code for others to improve upon?

Reply to this note

Please Login to reply.

Discussion

Morgan William 3mo ago

If you've been a victim of an online scam, getting your money back can be tough. Our team is here to help with everything from finding where your money went to providing the legal paperwork, and we keep everything confidential.