#asknostr
How do you prove that a running server/service runs on a certain commit?
In a verifyable manner not requiring trust. Like believing that the written commit hash on the page footer is really the correct commit hash?
#grownostr #dev #service
How do you as a user protect against this?
#asknostr
If you can review the code of a service and verify that exactly that code is running on the service.
Also you can verify that the service stores your content encrypted, and before encrypting it, it does not do scanning or data collection.
Is this enough security and privacy guarantee?
What else can you improve on a custodial solution? So someone hosts a service for you.
#plebchain #grownostr #nostr
Isn't it about making 99 posts with 0 engagement? π
"Keep your face always toward the sunshine - and shadows will fall behind you."
--Walt Whitman
I just wanted to take the time to thank you awesome people the good vibes, zaps, likes, comments, discussions, care, you do.
Keep up! I am certain that your life is rewarding you for doing these! π
#thankyou #gratitude #grownostr #plebchain
Nice! Not feeling alone on this makes it easier for me too, I'm grateful to nostr:nprofile1qqsp3yzapfwkyw4cr2vt4xx9s27474lj2pkxhqyfqh79n826pv3fkzqpvemhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef0dec82c33wfaxwwfk0f4xzan8v968x7p4vd5ryankw3cngct5v96xc7f4wfmxgam3va48qvr4w3u8wdp40fjh5mnk09ckvert0pmx20mzwfhkzerrv9ehg0t5wf6k2qgswaehxw309ahx7um5wgh8w6twv5q32amnwvaz7tmjv4kxz7fwd4hhxarj9ec82csky4qx7 nostr:nprofile1qqsxqn5kuzvex6ssfzpetzcypdrkwts0qjxf3tre8umllex8yqneavspzpmhxue69uhkummnw3ezuamfdejsz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcpp4mhxue69uhkummn9ekx7mqhuq8w6 nostr:nprofile1qqsf57muhcmm9j48qvrzc5djql4ka3xy95rtl2gfm9u65t2sqkkr6egpr9mhxue69uhhyetvv9ujuumwdae8gtnnda3kjctv9u2c5c8r nostr:nprofile1qqs288geas3c4ud3fwx0xcv94yemzs0ejn3077snywjvhdjl8ky0v8spzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtcpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhszymhwden5te0wp6hyurvv4cxzeewv4ej76hkz3f nostr:nprofile1qqsr92p3n22e5gpesf6tzpdk5w5lgathae2qzl6encnqz3k88mrxk5cpzemhxue69uhhyetvv9ujumn0wd68ytnzv9hxgqgcwaehxw309aex2mrp0yhxummnwa5x2un99e3k7mgpz3mhxue69uhhyetvv9ujuerpd46hxtnfduc7z9wu nostr:nprofile1qqsrlgx7jq84zhl3725uywt6m672yh2heavutl354hkyz9rwz8h5xpspzpmhxue69uhkummnw3ezumt0d5hsz8rhwden5te0dehhxarj9eehw6tnwvkk2mnfvakkztnrdqhszymhwden5te0danxvcmgv95kutnsw43z720999a nostr:nprofile1qqsr3f2zyxrsmxm8ltjxke9mgz4k7td0tzm2cru3g08pmpwr6d7dpnqpp4mhxue69uhkummn9ekx7mqpz3mhxue69uhhyetvv9ujuerpd46hxtnfduq35amnwvaz7tmwdaehgu3wdaexzmn8v4cxjmrv9ejx2ascm2vhj nostr:nprofile1qqsw2feday2t6vqh2hzrnwywd9v6g0yayejgx8cf83g7n3ue594pqtcpzamhxue69uhkummnw3ezuendwsh8w6t69e3xj7sprdmhxue69uhhyetvv9ujuamfdd5kvun9v4jxjcfw0puh5qg5waehxw309ahx7um5wghx77r5wghxgetkcx3vqu nostr:nprofile1qqspj28wx4v02n33vnvp6fkrtcfrcf2t4cfgx4xhv97hlkrz6uxe52cppemhxue69uhkummn9ekx7mp0qyg8wumn8ghj7mn0wd68ytnddakj7qgawaehxw309ahx7um5wghx6at5d9h8jampd3kx2apwvdhk6tczc730m and you ofc
Apologies if I forgot someone π
Frens, health, good vibes, hellthreads, good company π«
Yes, unfortunately if the server that converts the plain text mails to some encrypted something (an smtp) is not in your control, you have trust involved. And it there is trust, you need reputation to have some "punishment". I would be gladly not having trust though. Maybe the other idea helps a bit, but I have to design that to see how it is possible.
Good morning! βοΈ
Choose a life that makes you proud and happy.
That makes you want to get up earlier and to go to sleep later.
Handle others as you want others to handle you.
Be the type of friend that you want your friends to be.
Don't just think, but act!
Thoughts are powerful, but thoughts combined with actions are bulldozers.
#grownostr #plebchain #nostr
This isn't the life godzilla wants for me
#asknostr
Why is it not a standard to pay privately by sending to onchain address with swaps?
#grownostr #nostr #plebchajn
You can swap your lightning sats to an onchain address with https://boltz.exchange/
Random idea:
User can select the smtp service version that it wants to relay its emails with.
This would mean that when user registers, he can verify the code of the different smtp service versions, and select one that fits his needs.
This would basically mean, that he is fully in control which smtp service relays his emails, and it can't be change without his approval.
So it is like installing a software on your computer, and being able to update, or iust opt out.
So no change would be enforcable on the user.
#grownostr #plebchain #nostr #email #privacy
Let's talk about #email #privacy
1οΈβ£ You send and receive emails with end to end encryption e.g.:PGP
2οΈβ£ You host a service that stores your emails encrypted.
3οΈβ£ You use a service that stores your emails encrypted.
The 3οΈβ£rd requires trust, the 2οΈβ£nd requires effort, the 1οΈβ£st requires effort from other people.
So basically, you can't enforce 1οΈβ£, only that you don't use emails for private information. Might work, might not.
You can either make 1οΈβ£ easier for others so they opt in, or you stuck with 2οΈβ£ and 3οΈβ£.
#grownostr #plebchain #nostr
Definitely. Alias is for increasing privacy, so we need strong guarantees.
The current plan for increasing privacy:
1οΈβ£ Open-source, so you can verify the code
2οΈβ£ Emails are stored as Private DMs, so encrypted
3οΈβ£ Your data is stored on nostr, so you can anytime move
I see 2 biggest problems now:
1οΈβ£ Smtp receives the emails in plain text
2οΈβ£ If your private key is compromised, your email history is compromised
The 2οΈβ£nd is a general nostr problem, so probably we get to use a solution, or I will think about one, if the base is ready.
The 1οΈβ£st seems kind of the toughest on the trust side, because you have to trust the smtp server relaying your mails onto nostr. As the rest is already happening behind private messaging/data storage on nostr.
I want to solve first the 1οΈβ£st problem.
Until that, if I release, source code can be verified, and smtp code will be small, so easy to verify.
Also I don't plan to read/associate or scan emails. This means spam filtering has to be solved on the user side, as usual on nostr. And because smtp code will be small, it will be easy for you to verify that no reading or so happening there.
But I want to minimize the trust further, but not yet know how. Maybe somehow I shall host the smtp servers for the users, therefore, they always control how their emails are relayed.
β οΈ Day 43 of #100pushups
Push ups: 35/35/30 (Half pushup)
Other: 45/45/10 sit ups (full)
1 min break in between.
#postr (Push ups and Other Stuff Transmitted by Relays)
#grownostr #plebchain #nostr #100aDayUntil100k
So for you, it is important that the alias is reasonable. Anything else that you find important?
So you would be interested in this project to have a simple nostr mailbox basically, where you can create a nice email address, and can share it with anyone, but your emails would be stored encrypted over nostr.
In short: It is service to create yourself email aliases that will send you the email via nostr DM, and has an email UI where you can see them in an "email way".