(2024-02-12) Cosa Nostr-a ------------------------- This week, once again I came across an interesting case of people offering a technical solution to a non-technical problem. For some unthinkable reason, they still believe in the success of this solution though. Meanwhile, I got convinced in the opposite as soon as I found out the details: it's built on top of websockets, its core developers are clueless noobs that don't believe there are other version control systems than Git, it tries hard to integrate with the most inconvenient cryptocurrency ever, and it already attracts more propaganda morons than it should given the stage of its development. By now, you might already have guessed I'm talking about Nostr. The idea of this network looks quite noble: to create a decentralized, extensible and censorship-resistant (at least that's what they say) free speech medium where people could share their ideas in various forms and establish social contacts. All Nostr messages are digitally signed "event" objects in the JSON-based format described in so-called "NIPs" — Nostr Implementation Possibilities. By the way, the name "Nostr" itself means "Notes and Other Stuff Transmitted by Relays". Relays are just servers that serve the events and accept them from others. However, this is where the first problem is: relays don't talk to each other, only to end users. Why is this a problem? Because everyone is required to agree upon some set of relays where they can find each other, and even then it's not fully censorship-resistant. You can only be not silenced if you run your own relay, but then, good luck getting anyone else finding it if you're already censored, and this effectively doesn't make any difference from running your own website or a gopherhole (like this one). Another huge problem is implementation bloat. I haven't been able to find a single Nostr client in plain C or Nim. The closest to that was Algia written in Go. Requiring EC cryptography, JSON *and* websockets to write a minimum viable client is just too much. Not to mention that even web-based clients are naturally heavy and don't work in non-JS browsers like Links or NetSurf. A lot of these clients also integrate "zap" functionality, which is a word for giving tips via... Bitcoin Lightning network. And on top of it all, to do zaps, they promote custodial (!) wallets which are implemented as browser extensions, as well as some extensions to store Nostr private keys... I lost count how many security antipatterns were involved in the implementation of all this. Yet, despite its immaturity, Nostr already is infested with propaganda bot farms just like any other social media. And public relay owners don't seem to give a shit. That makes me wonder: who really runs those relays and for what purpose? I won't be surprised if they are used to coordinate botnet attacks sometime in the future yet do nothing with it as well. Still, for some small talk, I'm gonna hang around Nostr for some time at least, because this network does have some good things too (in comparison to the mainstream ones). Just remember: the most dangerous form of slavery is the one that gives you an illusion of freedom. --- Luxferre ---