It worked a year ago, as I recorded the demos, but now some APIs have changed and it stopped working.
I can fix them if anyone's interested.
The nostr github bot nostr:npub15vukwsk3dcsfm0hkmeu9qfyp3elmtdlk3kdxc0h87gd8wfdp8a2swuu4kv may just be the first bot who's using PoW.
nostr:npub1xdtducdnjerex88gkg2qk2atsdlqsyxqaag4h05jmcpyspqt30wscmntxy that's pretty cool.
I'm curious, what's the rationale behind it?
nostr:npub13azv2cf3kd3xdzcwqxlgcudjg7r9nzak37usnn7h374lkpvd6rcq4k8m54 wen NIP-07 support for get-tao?
Atm there's no way to re-use a pubkey across PoW posts.
Default 21 PoW works, but if I change anything in the settings, posting doesn't work. It tries to connect to http://localhost:42068/powgen and fails.
PoW vs PoS, nostr edition
nostr:note10ms7220wus9fujuxafcfze7qgu64edelkuq6pajmcq7fr7x8tsrqyl8umt
nostr:note1y0s6ky8tr7ldq79qa6kg92cz3hg5x5ctj9et26nx43juegkavyrqlz6d78
I tried the latest master with rust 1.74 on a fresh new checkout.
`cargo build` worked.
TLDR: Spammers will only actually spam with PoW if it makes economic sense. This means PoW mining has a price at which it is profitable, which means there will be miners specializing in selling event hashrate at the cheapest price. This is great news for mobile clients, who can tap into that and simply buy PoW if they so desire. If spammer GPU miners make hashrate cheap for spammers, they will also make it cheap for honest users. The spammers are at a disadvantage though, as a sustained attack means continuous costs. For honest users, worst case this means a one-time cost (post as anon during spam attack, see below).
---
A dynamically adjusted PoW requirement by relays is IMO an easy and cheap way to reduce spam:
- A sustained spam attack on one relay is impractical. To keep the spam going = spammers have to keep burning lots of energy continuously.
- A sustained spam attack on multiple relays is extremely impractical, as every relay can have its own "PoW gateway" even for the same event (see AUTH example below).
At best, spammers might venture for short bursts of spam, affecting a few relays for short periods of time.
Most clients won't even be affected during a spam attack. If they only read, they see no difference. If they want to post, they only see a difference if they post
1) at the time of the attack,
2) to a relay that is under attack,
3) have no history or subscription to that relay (see below), and
4) do not wish to buy even moderate amounts of PoW.
Worst case, they can simply wait a bit and post a few seconds later. Or buy some PoW and post now.
Relays can use PoW in a bunch of ways that make life harder for spammers while sparing real users, like for example:
- plain PoW for every new event: dynamically adjust up or down based on server load (spammers must mine now or stop spamming; honest users can simply post later, when PoW threshold is lower)
- plain PoW for every session: same as above, but only ask for PoW in the AUTH event, which is once per session. Authenticated users can have fair-use or common-sense rate limiting, like max 1 event per second per session. If spammers want to go faster than that, they'd have to re-AUTH, so mine again.
- plain PoW for AUTH for anons, no PoW (or lower) for subscribed paying members: Paid accounts have their npubs whitelisted from PoW requirements. The higher the subscription level, the higher the chance they're not spammers, so the bigger the PoW discount can be. This adds another incentive for paid subscriptions to relays.
- plain PoW for new events from new keys: Combination of the above, where strictest POW requirement apply only to new events from fresh keys with no previous activity.
What affects spammers for 100% of their activity, and reduces their attack to short bursts -- benefits the honest users 100% of their time, and reduces their inconvenience to short bursts, if at all.
"Almost-Unforgeable Zaps: Wash-zapping can be almost entirely eliminated by requiring zaps to have PoW attached. The client can choose what an acceptable amount of PoW is, either absolute or relative to the zap amount. Anything below this threshold can be considered possible wash-zapping and ignored."
Thanks for this input.
1. Donation must be a burn, not a transfer, otherwise there will be wash transfers. The simplest burn to make is to run some PoW, so for new users that have no reputation I don't think there is a better costly signal than publishing a PoW event.
2. I agree that local trust score is the right solution (I think people refer to it WoT, but it's vague), and we're experimenting with applying TrustNet (https://cblgh.org/trustnet/) on the client so that users wouldn't have to rely on our opaque global trust rank.
Re your 1. "PoW as an anti-spam measure":
I'm working on PoW WoW, a distributed marketplace for event PoW. Can be used by mobile clients who can't afford to mine themselves, allows miners to join or leave at will, and be paid non-custodially over LN.
It has Rust libraries for clients and providers, but I can add bindings for other languages too.
nostr:note1qqqqqqpphaqu6jxayvczlajf3h7s57dvzwcsr9cp83lxuh2nd6dq29r9dd
That's one hop away (you trust Uncle Jim).
But if one of Uncle Jim's friends (2nd hop) signs the attestation? What if its 3 hops away?
It gets real tricky real fast.
You mistyped PoW there.
LN promotes spam resistance only for the sender and receiver, cause only they can tell if a payment (zap) is real or not. Any 3rd party cannot tell the difference between a payment and a self-payment.
Outside of direct connections, distingushing spam from non-spam becomes exponentially harder, the further you go down the social graph.
Problem is, there will always be good content voiced through anons. Any platform with a spam filter that ignores this is self-limiting.
A good way for anons to cut through the bot noise is with PoW.
Yes but its a very long list
Oh nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft btw, is it possible to get a Schnorr signature from a nostr extension (alby, horse, nsecbunker, etc) on random data?
No, but you could create a fake wrapper event, add random data in a tag, and sign that.
Swarmstr 🐝 build no. 0.29.0 is live 🔥
Changelog:
- similar searches powered by AI 🤖
- design improvements
- bugfixes 🐛
What is Swarmstr?
Swarmstr is a free and open source Q&A (Questions and Answers) #nostr client.
You may think of it as a quora/stackoverflow like app with integrated #zaps.
Recent questions
Nostr FAQ
https://swarmstr.com/d/nostr-faq
GitHub Repo
https://github.com/ptrio42/swarmstr.com
Project page on geyser.fund
https://geyser.fund/project/swarmstr
Feedback much appreciated!
Is there a way to reward answers with plain and simple sats? I've only seen the zap option.
Zaps leave a trace for every payment (sender, receiver, amount) in nostr events, but simple LNURL doesn't.
Feel free to give it a shot. I didn't try that myself because my Umbrel runs on a very old and low-powered raspi.
PoW WoW goes 007!
You can now use any NIP-07 browser extensions, like nos2x or Alby, to buy PoW for your notes.