More and more people started using Nostr, but not many people talk about how to use it safely—Nostr is not the social media we used to use, not something you can DELETE and pretend nothing happened.
Nostr: A simple, open protocol that enables a truly censorship-resistant and global social network.
Nostr is indeed a good tool against censorship, but it also comes at a price if you don't know what you're doing, and I'm going to share some of the safety practices that I've learned to help you stay safe in this Wild West.
How to Create a Nostr Account
-
Save the key somewhere safe, e.g. using offline password manager keepassxc, and always have a backup.
-
Choose any clients you like and log in with Alby.For Desktop
-
Primal: fast - I use this as my main client.
-
Snort: clean UI but quite slow - I use it as a backup when [Prima is down or fails to load.
-
Iris: average speed and average UI.
For Phone -
How to Find Interesting People or Content
Due to no algorithm in Nostr, it can be quite empty on your homepage if you don't know how or where to find interesting things, but there is one good tool to check notes or any activities: https://nostr.band/
For example,
see all the current popular notes https://nostr.band/trending/posts
see all the current trending users https://nostr.band/trending/profiles
A good hack is once you find some interesting accounts, then you look at what they are following.
How to Receive Zaps
There are many LN addresses you can link to Nostr, and I tested with different ones before, sharing two of my favorites here:
LNtip bot
This one is what I used to use - a simple LN address that you can easily create as long as you have a telegram account:
Features
- simple use
- got notifications
- private comments available
Downsides
- custodial wallet
- need to use telegram for it
- not much privacy
Hacks
If you would like to be more private, you can use sms4sats to sign up for a fresh telegram and then create an LN address with it instead of using your personal account.
Npub.cash
Another one of my favorites is the new kid in town: Cashu address. I've been using it for about one month now, and it's good for those who are up for more privacy or just being adventurous:
Warning: it's new, don't be too reckless using too large funds with it.
Features
- private by default
- no sign-up
- automatic Nostr DM notification
Downside
-
custodial wallet
-
needs to redeem the sats manually
Hacks
The way how I use it is once the accumulated zaps reach certain amounts, then I usually choose Lightning to redeem it, and it will overcharge you some fee at first - all you need to do is paste a Lightning Invoice, and then you claim the leftover with any cashu wallets, e.g.enuts. ( you can either redeem the sats over Cashu or Lightning. )
And anyone can have it, yours is <yournpub>@npub.cash, but if you want to have a human-readable address, you can get one with 5k sats; And you even have an extra payment page that you can link to your own social or sites.
How to Verify NIP-05
NIP-05 is how you can have the purple tick in Nostr, it means verified, and there are different ways to verify it.
If you own any site(s), you can link to your Nostr account.
Step 1. Create a JSON text file in your domain
{ "names": { "<username>": "<hex-public-key>" } }
You can use this tool to get the hex of your public key and one more tip: if you want to leave the user name blank, then use"_", the veirfy address would then simply be yourdomain.com instead of username@yourdomaindotcom
Step 2. Enable CORS - enable the 'GET' and 'head' ( important step! )
Then you can use this tool to check if it's set up well.
Step 3. Link the LN address to your Nostr
Put username@yourdomaindotcom or yourdomaindotcom into your Nostr setting, done.
I set this up before, but later I found out that it's actually better not to stand out so much in the crowd, especially in the Wild West.
If you don't have any site, you can link your SN LN address as NIP-5 verification in Nostr.
Simply go to SN settings—Nostr—NIP-5, put your Nostr public key into the public key section, then go back to Nostr and put your SN LN address into the NIP-5 area, done.
Or getting verified through a service.
And many others, but I don't see any point in using them; okay, you can get the purple tick and an address so others can easily search you instead of using the long string, but seriously, linking to your POW makes more sense than buying a verification.
Safety Practices
- Always use a VPN
Nostr uses relays to communicate between Nostr clients, which exposes your IP address, meaning the relay operator can easily access your locations, but using a VPN can solve this problem.
- Use an extension to log
- Follow and engage wisely
Anyone can log in with your public key and see what you follow and engage with. **Every like, comment, zap, and note is permanent and PUBLIC.
- Avoid using DMs
The messages are encrypted, but the metadata, who you talked to, when, or small details like who initiated the conversation, how enthusiastic you were in the conversations or unwanted spam, and what time range you were online to reply (which potentially tells the time zone, etc) can be viewed by ANYONE.
- Only use trusted relays
Your notes could be nuked, but I haven't paid too much attention to this; However, here is one handy backup tool for it: nostrsync.
- The Art of Sharing
It's basically the same practice for using any social media, but always think TWICE before posting anything, and avoid posting anything too personal because you
CAN'T delete it in Nostr.- For photos
Better remove metadata before uploading, especially the location.
- For articles
Avoid posting directly. Ideally, post the links controlled by you instead then you can always trash the link whenever you feel like it.
- Delay sharing
Avoid sharing anything in real-time, such as your current location; for example, I usually share things after I leave the place.
- Cross post from SN to Nostr
Crossposting is quite handy for creators, but do remember that you can't delete anything in Nostr. I don't use this crossposting myself, I rather share a link in Nostr and from links that I can control—not only can I edit my content anytime, but I also have the freedom to trash the links whenever I feel like it!
However, for those who would like to use it, go to settings, enable crosspost to Nostr, and done; also, it only shows up on platforms like habla.news instead of directly showing up in your feed.
Final Words
Don't be so serious about the number games like in other social media because most of them are incorrect, and there are many bots there - better care less about numbers and cheap likes, but how many people actually trust you and willing to vote with sats.
Also, there is no privacy online - using Nostr can be a good training on learning about what's public and private - freedom comes with responsibility and think twice before you share anything there.
Have fun Nostring! 💜
How to Create a Nostr Account
username@yourdomain.comand<yournpub>@npub.cash