Avatar
victor 2y ago

nostr:npub1pnpez7cn4h04pxg07dmmklzyz7u7fm0w2ddrw220qh785rq3m42ql452zw nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 nostr:npub1grd6pp385tevd8psx9nxzjd4vutg7pycjj49cs3q8gujpg77sjps4752zz nostr:npub1sn40xanqyfdrztf8m0mj4n6csyrxvn2yf02r9vwgqpxp37ssn43sv3asfw nostr:npub1cdak4q4f3h3k3sgyh0rd5dj4w8k95f3mquzh6z3ew76vqkh60e3slyczgz nostr:npub1zxxp06lma7hh358kc36fytf6psy3ra0v6r53epxrwssgnvm5plhs06u452 nostr:npub1znavx0efn9y7a9tjux6pchjdurmw2e84fxwxflmauupjz0558x0sqmwtpl "Verify identity" with whom? The owner of the domain, obviously.

Well, I own a domain and I "verify identity" of people you hate. I do it on purpose because it makes you mad and I'm a big meanie troll doodoohead.

The people I verify just so happen to like talking to each other. They're a community. Maybe they talk out-of-band on Matrix or Discord or whatever.

Lots of people hate that community because they and the one who "verifies" them are a bunch of booger eaters. So what's the obvious solution? Let a person block the entire domain--any pubkey verified by that domain doesn't show up anymore.

Or maybe I'm just a spammer who wants to break through everyone's clients by "verifying" my many spam accounts (so many that nobody can hope to manually report them all). I buy my own cheap domain name and use it to get a fancy little checkmark or whatever clients decide to show, and then spam away. The obvious solution? Don't trust that domain to verify pubkeys.

This sort of thing is going to become commonplace.

"Verification" works when you trust the verifiers. Right now Nostr has mostly good (albeit very boring) actors and verifiers, but that is going to change if momentum picks up.

Reply to this note

Please Login to reply.

Discussion

Avatar
you are fat (fact) 2y ago

That’s not how verification is meant to work at all, it’s irrelevant that some ppl do that rn and “verify” random ppl.

Avatar
H 2y ago

Rather than verify lets say nip05 makes your identifier distinct but readable/ memorable vs the npub which is distinct but not memorable. Anyone can create a copycat display name and PFP so without the nip05 anyone you aren't following would be difficult to distinguish.

We actually had this issue with a user who is using an AI PFP and a bunch of other people joined with that PFP to fuck with them but at least with the nip05 you can say "that's user a, that's user b etc" in a thread without following them.

Avatar
Frank "RICO" Blunt 2y ago

this is why

Avatar
Ingwie Phoenix (aka. birb) 2y ago

Oof, this should've had #hottake in it - but, not wrong.

I verified myself with my own domain - one of the four I own anyway. But I did notice that there was a tendency for a lot of the spambots to use similiar domains to one another. This *could* be useful albeit I am not sure if it *should*...

However, to find a user's NIP-05, you'd have to look up each user off their post. I.e.:

[kind:1 Post].pubkey -> (Create a wss sub + filter for this pubkey) -> [kind:0 Profile].content -> JSON.parse(content).nip05.

It's not that many steps, especially with profile cachers like rbr.io (Iris uses that) but would be quite some work. Because now, each time you hold a post, you have to look at the NIP-05 and then decide to show or hide it - and you can't exclude it via wss filters either unless the respective relay happens to support additional syntax for it, which is very doubtful.

As said, quite the material for thought, but likely not easy.

nostr:note166flpypyxsx0xs8230kxh4mn6pfsrpptszpu7jwwha0nhqtgslasr3ma4e