π£ Introducing zap.store 0.1.0
For months I have been dreaming of a better app store, frustrated by big tech's permissioned bs, GPG's complexities, and Obtainium's reliance on centralized services and poor UX.
Here's the first (very alpha) iteration of zap.store, a permissionless app store leveraging the nostr social graph.
β Android only (for now! Desktop coming soon)
β Obtainium drop-in replacement (smaller catalog but growing)
β App releases are signed/curated by this account, as developers start self-signing
β Web of trust check before installing an app
Get it at https://zap.store or https://github.com/zapstore/zapstore
(SHA-256 hash of the APK version 0.1.0 is 8540bd492064c17d83bcdc6d2a463c2aea46f13c2b0d13b8a96023df95bd0c9d)
Feedback more than welcome, it's also possible to send directly from the βοΈ screen in the app
s/o to nostr legends nostr:npub149p5act9a5qm9p47elp8w8h3wpwn2d7s2xecw2ygnrxqp4wgsklq9g722q and nostr:npub1zafcms4xya5ap9zr7xxr0jlrtrattwlesytn2s42030lzu0dwlzqpd26k5 for their invaluable help
Something neat about nostr is that, by receiving a note like this, you received an app hash that's already signed by the creator π€―
nostr:note1z28paxtevkywrlc5yhtwfkrzljr9qqgytcjg3gaapvvsszturz7qg9v4vk
I've been complaining about this for years.
Finally someone else cares.
I mean in general for accounts. You can't make a Google account without a phone number, can't create a telegram account without a phone number. Hell, even Signal requires a damn phone number. It sucks.
It's time to end phone numbers as a kyc login.
I hate this dystopia where creating an account requires a carrier number with all my info and even the burner/virtual numbers are typically blocked or used up by spammers.
Just stop. Find a better way to fight spam.
Inflation is a property of markets, not currency, and that's the last I'm talking about it.
Nostr is decentralized. It's not evenly distributed. That's the distinction, to me.
The same is true about git. Git is still decentralized even if most repos are on Github.
You don't *need* Github for your code to survive. That's what matters.
Git and Github are both still great. Decentralized protocols don't need to be evenly distributed.
In a sense, data ownership on traditional platforms like Facebook and Twitter is governed by a terms of service, but on Nostr, it feels somewhat closer to publishing to the public domain.
It doesn't feel forthcoming to compare Twitter's ability to delete your data upon request to Nostr's. Someone could, theoretically, be backing up your tweets, sure. But large platforms do quite a bit to prevent that, it's against their terms, and anyone using it would or should know that the data was obtained in bad faith. On Nostr that's not the case. Nostr's operating model has no real agreements. And the core idea of the model is that anyone can and should be backing up that data on their own servers. It seems much more reasonable for someone to think that the data could be used for whatever they want in that model. That is the de facto ownership model on Nostr and fediverse content right now. You own the identity, but you don't own your data.
To be clear -- I don't think that's bad. I *like* the idea of that data being free and open when it's published -- who owns your words after you say them aloud?
But it does inform what data I put here. And I think that's a big shift for most people coming from large traditional platforms. We should embrace that distinction to help people's experience here.
I really want to dig into "you own your data" on nostr.
Do people feel like that's true?
I certainly don't feel like that. I feel like I can author whatever data I want, but once I publish it I don't have any control over it anymore. My data gets published to many relays in control of many different people with different ideas of how the ecosystem works. I generally have no way to delete or modify the data. I have access to my data whenever I want, but so does everyone else. And that data can be used for seemingly whatever purpose anyone that receives it would like. I'm not sure what would stop a company from using that data to, say, target ads at me.
It's not even really clear where the authority to do any of this comes from. There's no user agreement or anything. If I do own the data, it's certainly not treated that way.
I don't believe any of this makes the system *bad* per se. It just feels like something we haven't figured out yet.
nostr:note1q378dxn83zlcrrkz25jtwnp0jmxc6qzvx8v7fqntfgsdavmn7rys5553zw
The most satisfying feature in any hardware. #bitkey
I want to use GrapheneOS but I absolutely refuse to give Google money to buy a Pixel π
What are some good alternatives to Google Calendar?
This is your periodic reminder to install Amethyst (and all other Nostr clients) through Obtainium instead of Google's PlayStore.
You not only receive faster updates (the PlayStore is currently 4 versions behind) but you also start the process of freeing yourself from your invisible digital overlords.
Just follow this video: https://cdn.satellite.earth/2bd7e308c1797d64fca09b1d61e9bde24c68dd45e501c7383eff1e85392df11f.mp4
Now that Google banned my account, I'm *all-in* on Obtainium π
nostr:note1dzwu8k3snuwneufxkr5f2rpksq7d2j682eyffd2u87hlq9nxyllsswsjel
Itβs insane how much more complicated verifying applepay subscriptions is compared to our lightning setup. Few understand how good lightning is for commerce.
One day I will get back to working on https://jb55.com/btcmerchant/ to show how easy this is without needing to run any software except your lightning node, but even that could be managed.
Apple pay is not a good product. Apple knows this. If they believed it was a good product they wouldn't need to try so hard to prevent competition.
ChatGPT is so lame
Obtainium is great though. Bit of a clunky ui, but great concept.
I'm close to buying a pixel just for graphene but not quite there. Hoping they expand someday.
Switch platforms to allow-list models instead of block/deny lists.
You can, but most users won't, and maybe even shouldn't.
The message does not need to be designed this hostile, though. The 'Install' button is completely hidden, and designed to look exactly like text when you find it.
Also the title refers to the app directly as "unsafe" which Google has no way to reasonably conclude. That feels like slander.
Unrecognized? Sure. Untrusted? Maybe. Unsafe? No.