You might have come across Nostr for the first time when Elon Musk banned links to other platforms on Twitter, inadvertently publicising Nostr. But just what is Nostr? I wrote this primarily for myself and would be happy if my notes help you as well. These are six basic things about this revolutionary innovation:
  1. Nostr stands for Notes and Other Stuff Transmitted by Relays. According to GitHub, it is described as “a truly censorship-resistant alternative to Twitter that has a chance of working”. (https://github.com/nostr-protocol/nostr)
  2. Fun fact: the co-founder of Twitter, Jack Dorsey, donated about 14 BTC to fund and facilitate Nostr’s development. (https://www.coindesk.com/tech/2022/12/15/jack-dorsey-gives-decentralized-social-network-nostr-14-btc-in-funding/)
  3. Nostr is different from Twitter in the sense that it is decentralised. Rather than depending on a centralised server, all Nostr users run their own client. This client enables one to publish content by writing something, signing it with their private key and transmitting it to other clients which relay this content. All relays are permission-less.
  4. If you are keen to try Nostr out for yourself, this might be a helpful resource: https://github.com/vishalxl/nostr_console/discussions/31
  5. Some popular clients that you might want to check out include Astral (https://astral.ninja/) and Anigma (https://anigma.io/)
  6. Here’s one of the sites of the #nostr social network (https://branle.netlify.app/). Nostr allows you to log in using your Lightning Wallet.
Anything else that you think noobs like me should know?
Seems like Nostr is attracting more than just bitcoiners. Was yelling at some .eth person about how slavery is bad, and how vitalik should not consider vitalik to be his father......
30ceb64e73197a05958c8bd92ab079c815bb44fbfbb3eb5d9766c5207f08bdf5
reply
Sounds like an interesting conversation! Haha
reply
Followed 🤝
reply
Followed
reply
Thanks for this! I think it's important to add that:
  • The web-based clients are compromised, because of the browser security flaw. It's important not to put your private key directly into the browser. Instead use an extension called Alby to sign – the nostr private key can be generated and stored more securely in the Alby settings.
  • It's good to understand how the relays work: https://usenostr.org/#relays
reply
Using alby helps but is still extremely bad on web clients like anigma and nostr.com. For example, even if you use alby to hide your private keys, attackers can still (1) decrypt and siphon the contents of all your dms (2) steal any money you have on the anigma wallet (3) impersonate you.
This is all because alby auto-signs messages on your behalf. Attackers who want your private data -- even if you use alby -- can use the cross-site scripting vulnerability of anigma and nostr.com to create messages containing all your private data (except your private key itself), ask Alby to sign it, wait for the auto-signature Alby gives, and then send those messages to themselves, thus stealing all of your private data except your private key.
So still don't use anigma without awareness that it's just a toy example, a proof of concept. People see everything you type into it and they can take any money you have on it. When I wrote it I did not know how cross-site scripting vulnerabilities worked. Eventually I hope to rewrite it with vulnerability avoidance top of mind.
reply
This is one detailed explanation! All the best in building!
reply
Thanks for imparting your knowledge, mate
reply
If you are on iOS, Damus (damus.io) (Test flight) is becoming a beast! ❤️
reply
Thanks for the heads-up!
reply
Damus on iOS is great. Just came out with a new polished update too
30ceb64e73197a05958c8bd92ab079c815bb44fbfbb3eb5d9766c5207f08bdf5
reply
I really need to check out Damus!
reply
Probably worth mentioning that nostr.directory as seen on many tweets is a tracker where people verify their nostr pubkeys against their twitter account.
reply
Ohh I didn’t know that. Thanks for the insight
reply