A honeypot is a server or protocol designed to mimic a real one for the purposes of capturing and analyzing network traffic for potential malicious activity. The idea is that “honeypot” relays would exist that attackers would find in public relay registries. The attacker would add the relay to their relay list and start sending malicious payloads through nostr. The attacker on their end would see “successful” events being transmitted, but in reality the honeypot is capturing, analyzing, and identifying potentially malicious pubkeys and events.

Longer term this should be a module or drop in to existing relays so that the network can continue to function as normal instead of the honeypot mimicing successful event responses. In the meantime, I wanted to build a POC so I could start testing, analyzing, and determining the best route to go to help secure the nostr network. While we have not seen any relays or data serialization issues currently, I imagine over time we will see buggy clients and relay binaries that need to be tested, identified, and patched.