#[1] Do you have a recommendation for how this can be mitigated? If so, I think it would make sense to do a PR against the NIP with this recommendation, so other protocol devs know about this. (Pretty standard ethical hacker steps here....)

Good find!

Keep working on it!

#[0]

I very much preferred when "Global" and "Following" were over in the left menu.

Totally digging your client still though!

Verifying my Nostr Nests identity: 3hV_sm9ytiDyWyc0nmqiUldIYD3WH2YG-SltvbN17BY

https://nostrnests.com

Please read this in the spirit of "iron sharpening iron". I want this community to "create a censorship-resistant global 'social' network once and for all.".

#[0]

On the current landing page of https://bitcoinhackers.org/, you say:

> But, it's biggest offense is that Users don't own their identity & data. Mastodon is not decentralized, it's just someone else's computer.

How is Nostr different? Unless I run my own relay, then I'm just storing my data on someone else's computer. If I don't run my own DNS, then I don't own my NIP-05 identity.

How are we ensuring Nostr doesn't just become another Mastadon, with a centralization of large relays (which is already starting to happen with most clients picking a common set of popular relays?)

To save everyone else a quick search, External Identities in Profiles: https://github.com/nostr-protocol/nips/blob/master/39.md

😎

Couldn't this be done similar to Reddit by just adding a metadata field for voting to allow automated curation from the crowd?

(Obviously someone would need to implement this in a relay, just proposing a relatively simple solution)

Typo: *...a message for the receiver for it to get there...

It's built into the protocol, and frankly, a somewhat inherit part of how most social networks work. You have to know an address for the sender for it to get there, if that is encrypted, than no one will know where their message is (unless every client is attempting to decrypt metadata for *every* message ever sent).

However, Signal has taken some exotic steps to reduce their ability to see those messages, namely leveraging enclave tech like SGX: https://signal.org/blog/building-faster-oram/

There are ways to obfuscate the identity of the sender/receiver, but that metadata still must be present unencrypted to allows messaging protocols to work. Maybe there's some crazy way to do it with quantum tech, but we're still a ways from that :D

Yes'ish. You can just download a Windows 10 ISO from here: https://www.microsoft.com/en-us/software-download/windows10ISO and use it just fine. Eventually, you will be prompted to 'Activate' with a key, but you can run it for free practically forever. You can get an activation key on Amazon, NewEgg, Ebay, or wherever else you trust if you don't trust that.

Earlier versions of Win10 allowed install without a Microsoft account, but it got more difficult in later versions. I haven't tried much with Win11 installs to know for sure there.

Tough few days for MyAlgo wallet users. The Algo Foundation is reporting _thousands_ of wallets have been compromised, significantly up from the initial reports of 17.

From their Twitter Space earlier today (3/8/23) https://twitter.com/i/spaces/1nAJErBZNyoxL

Same here. I switched to https://iris.to and have had much fewer problems.

Things are still slow to load, but I think this is currently inherent to how the Nostr clients/nodes are enumerating posts from users across relays.

Palm trees in the mountains? I guess maybe somewhere south?

Or, maybe arriving early to Costa Rica in prep for Nostrica...?

I've been thinking about this as well. I wonder if a sort of multi-sig or multi-signing solution can be added to the system. There's potentially a way to have two backup accounts that could both be used to 'approve' and account transfer. We'd need someway to track how this happens, maybe a special type of event from the compromised account that points to the new account. The clients would have to do the work of connecting the dots between the accounts, but this should be a huge lift on the client side.

Agreed. People can get political about anything (including bitcoin), but the technology it self is indifferent.

Unlike fiat, which is fundamentally rooted in politics, as its value, amount, legal use, and everything else about it, is determined at the whim of political actors.

Definitely need a way to filter on languages. I'd prefer not to block everyone posting in something other than English. Could be a great post, but I can't understand it, so it's just noise in my feed.

Perhaps a possible NIP - field where the client/user can provide a language for the post. (Easily abused, but can at least filter out good actors not wanting to make noise)

I'm using https://iris.to right now and it's pretty reliable. https://snort.social is another good web client. I've heard damus is good, though I haven't used it, so it might be worth sticking with for now if you want to be on a mobile app.

I'm still just getting into using it. I've mostly just been reading NIPs and looking at the libraries supporting the protocols. Lots of work to be done to make this a proper decentralized social network.

I just blocked wiz. I don't see the constant begging for sats in my Global feed anymore, so I would say yes.

New NIP maybe: Curated block lists to auto-reduce spam?

So far, Nostr is just looking a lot like the early days of the internet protocols, namely TCP/IP, which is a decentralized protocol, but needs support from other services, DNS, DHCP, etc., to make it useful.

I'm seeing the exact same thing in Nostr, in that, it's a 'decentralized' protocol that isn't defining the required scaffolding to make it useful, which inevitably means those will be filled by centralized services. NIP-05 is proving this out. The relay model itself is pretty broken, as the user doesn't own their posts, the relay they send to does.

How is Nostr going to avoid all these pitfalls? Is anyone working on that?