555 sats \ 2 replies \ @janetyellen OP 5 Feb 2023 \ on: Nostr sucks: A contrarian viewpoint nostr
Hope we can get a fruitful discussion started from the contrarian viewpoint! Here's the high level concerns and questions:

1. Incentives

2. Security

3. Scale
*The points below are assuming the NOSTR use case to be an alternative to Twitter as stated in the "About" section on Github https://github.com/nostr-protocol/nostr
About a truly censorship-resistant alternative to Twitter that has a chance of working

1. Incentives
  1. In the long run what incentive does a relay operator have to host a public relay (to achieve a twitter like global feed)?
  2. How will the relay operator cover the hosting costs? Assume, not all users are on a lightning standard. How will a normie use this system?
  3. How can we achieve a network effects if most current twitter users are not on lightning?
  4. What happens when your relay is shut down for routing illicit content, even if its encrypted en route thru the relay, its still public from the decrypted client. (kiddy porn, etc...)? Not a great end user experience if you need to play a game of "whack a mole" and keep changing relays when they get shut down or ddos'd.

2. Security
  1. How do you prevent XSS attacks for browser clients? Can we even have secure browser clients?
Warning Due to my incompetence, anigma has security vulnerabilities that allow remote siphoning of your private key. I haven't fixed them yet. Don't use anigma with a private key you're not okay with leaking.
  1. Do you feel comfortable having raw data coming into your phone/web browser via web sockets from random ppl on the internet without having a server virus scan it first? Lots of potential zero day exploits to come in the near future.
  2. If you argue the Alby chrome extensions can help, how many users are capable of running a browser extension, could the extension be dos'd? If a virus routes thru a websocket and dos's your session could they prompt you pay in an endless loop, rendering the browser client unusable (not sure if this is possible or rate limited but worth research)?

3. Scale
  1. How to achieve a global algorithmic feed like twitter?
  2. Will this lead to an emergence of indexing services?
  3. Take the scenerio of an indexing service emerging. Assume the service indexes and aggregates data from multiple relays into a better data structure for global feeds, such as a graph data structure. This could be useful to get info about a "friend of a friends" interest in a topic, such as "Dogs". (vertex => edges). The indexing services might reap all the benefit from the client apps (ad model, paid algorithmic feed) . Would the raw data relaying service get jealous and start censoring the indexer?
  4. What incentive does the relay have to feed data to an indexer, while they are going broke on hosting costs?
  5. If you argue relays will start indexing data then won't it just be a traditional client/server/database model?

The unhappy path
If you fast forward a few months/years could this be the reality we end up with:
  • The relays will end up being cartels and blacklist users/indexers.
  • The relays runners will run out of money because it costs alot to host and prevent spam
  • Once kiddy porn starts flowing thru nobody will want to run relays and the gov start shutting down relays like a game of whack a mole
  • Clients might need to connect to 100 relays to get relevent data. This might render a client app slow and buggy. Would this drain the battery?

Alternative Case studies
  • XMPP
  • Tim Berners Lee Solid Inrupt Project
  • The original Blockstack 1.0 stuff, *2017 era pre shitcoin stuff
  • All the stuff csuwildcat is doing
write
preview
1484 sats \ 0 replies \ @l0k18 6 Feb 2023
I think Nostr is just this generation doing what the previous generation did, without any awareness of the history that followed.
Which p2p systems with their inception in the 2000-2010 period survived:
  • Bittorrent
  • Bitcoin
  • Skype (which was precursor of Signal)
Gnutella is pretty much gone. Limewire, gone. Tor and I2P are creaking under the constant onslaught of spooks DoSing it to unmask hidden services, or user IP addresses, or just shut down onion sites. Tox has almost no users. There's a whole bunch I can't even remember their names, Mumble?, but nobody has even come close to touching the total connectivity that the big tech social media have got.
In what material way is Nostr any different to IPFS? A few pieces of metadata that could have been built on top of IPNS. Where's IPFS now? It's only use case seems to be hosting retarded image files that have their hashes stamped on some shitcoin chain or other.
My first instinct was "who will run relays", and then after watching the spamfest in #Nostr "how will this network not be overwhelmed by AI powered botspam?"
  • Bittorrent survives because it evaded DMCA and the piracy community doesn't need incentives because it is incentivised by the FU factor.
  • Skype/Signal/Whatsapp survive because they are supported by big tech companies who run highly available network peers that keep users connected.
  • Bitcoin is the only network that needs no external incentives.
Scaling up a social network system requires the support of phat servers like the instant messenger p2p protocols have that can soak the DDoS.
Funding the running of such high capacity servers is a tricky distributed systems protocol engineering task. We know we can't expect fiat bros to fund it like the chat systems, as we privacy- and decentralisation-fans have been sufficient in numbers to demand E2EE.
The initial paid relay services that have been proposed are still decentralised but trusting them seems like a likely bad idea, and if it gets popular enough, there's gonna be a lot of people zapping sats and getting no actual caching/relaying.
I might be biased, but I think that Indra's network-internal decentralised service access charging is the only solution that will work long term, and it will support all of the other protocols that are suffering due to lack of capacity.
Indra relay operators will have the option to run any number of decentralised p2p services attached to their relay's service ports, set a fee for access to it, and use those fees to scale up the capacity of their nodes, farm them out into failovers and relays, as well as deploy more Indra relays with popular p2p services attached to them. No need to ask a relay operator to store lots of data, they will just set their fees at a rate that allows them to continue to upgrade their systems to cope with growth in traffic.
reply
1375 sats \ 0 replies \ @maciek 6 Feb 2023
I will take a stab at describing how to achieve a global algorithmic feed.
First, let's acknowledge how weird it is that we cannot choose the algorithms that curate our feeds. Imagine that your phone came with a set of pre-installed apps made by a manufacturer, and you couldn't remove them or install any others. That is how phones used to work before Apple created the App Store.
Mobile apps are good analog to algorithmic feeds. The fact that people do not pay for curation algos today does not mean that they won't in the future. My money is on algo stores becoming an important piece of Nostr's ecosystem.
The marketplace could work in the following way:
  1. Algo designer submits his algorithm to the market & sets the price.
  2. The user chooses an algorithm and pays for it with lightning.
  3. The marketplace keeps track of user satisfaction from each algo, similar to the App Store's rating system.
  4. Algo designer shares part of the revenue with relay operators to ensure access to data.
Many users will likely prefer to watch ads instead of paying, and ad networks will also emerge over time. I suspect there will be something like Google AdSense, catering to algorithm designers, as AdSense caters to website owners. This way, individual algorithm designers would not need to run their ad networks to monetize with ads.
reply