Nostr Web Client

I took notice of this account today, and want to first clarify that I am not affiliated with it. Looks to be someone's old account with a leaked nsec being puppeteered by a handful of trolls. Someone decided to take credit for the drama of the day it seems...

But there are some recent threats of exploiting #Mostr that I found quite fascinating. Not really the kind of exploit I'm interested in, but it sounds quite eggregious. It looks quite trivial to turn Mostr into a problem, attacking from either the Nostr or ActivityPub side, since it seems to blindly relay everything. You could just flood it with spam and it would do all the work of delivering it.

Someone should consider testing that. It sounds like a weakness to me.

nostr:nevent1qqstzxewt5krpy7qc459uagdnrj0txmf3540hwakau2gkxh8yflh8nspzpmhxue69uhnzdps9enrw73wd9hsyg83a2g7a2me3rkspce984w4p3ngxapnn9f5347e07tg5r8ts8sf9ypsgqqqqqqs53nh8y

Reply to this note

Please Login to reply.

Discussion

Alex Gleason 1y ago

It does (mostly) blindly relay everything. But this is considered okay because of anti-spam mechanisms on clients, relays, and on ActivityPub servers themselves.

That one annoying user was using a single pubkey and not actually doing anything new or interesting, except that he got an nsec that already had followers. Blocking the pubkey on my server made it stop. He's just a troll, not a hacker.

Ostrich McAwesome 1y ago

Oh, are accounts without followers unable to send a note through Mostr, or do you just mean that they ended up with an audience because of the history of the account?