For anyone not in the know, nostr is fiatjaf's social network protocol:
The simplest open protocol that is able to create a censorship-resistant global "social" network once and for all.
It doesn't rely on any trusted central server, hence it is resilient; it is based on cryptographic keys and signatures, so it is tamperproof; it does not rely on P2P techniques, therefore it works.
Very short summary of how it works, if you don't plan to read anything else
Everybody runs a client. It can be a native client, a web client, etc. To publish something, you write a post, sign it with your key and send it to multiple relays (servers hosted by someone else, or yourself). To get updates from other people, you ask multiple relays if they know anything about these other people. Anyone can run a relay. A relay is very simple and dumb. It does nothing besides accepting posts from some people and forwarding to others. Relays don't have to be trusted. Signatures are verified on the client side.
This is needed because other solutions are broken
The problem with Twitter
Twitter has ads;
Twitter uses bizarre techniques to keep you addicted;
Twitter doesn't show an actual historical feed from people you follow;
Twitter bans people;
Twitter shadowbans people.
Twitter has a lot of spam.
The problem with Mastodon and similar programs
User identities are attached to domain names controlled by third-parties;
Server owners can ban you, just like Twitter;
Migration between servers is an afterthought and can only be accomplished if servers cooperate. It doesn't work in an adversarial environment (all followers are lost);
There are no clear incentives to run servers, therefore they tend to be run by enthusiasts and people who want to have their name attached to a cool domain. Then, users are subject to the despotism of a single person, which is often worse than that of a big company like Twitter, and they can't migrate out;
Since servers tend to be run amateurishly, they are often abandoned after a while — which is effectively the same as banning everybody;
It doesn't make sense to have a ton of servers if updates from every server will have to be painfully pushed (and saved!) to a ton of other servers. This point is exacerbated by the fact that servers tend to exist in huge numbers, therefore more data has to be passed to more places more often;
For the specific example of video sharing, ActivityPub enthusiasts realized it would be completely impossible to transmit video from server to server the way text notes are, so they decided to keep the video hosted only from the single instance where it was posted to, which is similar to the Nostr approach.
I definitely like this general line of thinking, but I want to look at the censorship part a bit more carefully:
The distinction between 'relays' and mastodon 'instance servers' is a real one in as much as a relay doesn't "own" its clients, but what stops relay operators from blocking posts or users they don't like; you can say 'well you just use the other relays', true (probably redundantly), but relays might coordinate in the same way as current mastodon instance owners do, publishing ban lists that "right thinking people" all agree on.
I would like to say there is an encryption/blinding based cryptographic solution, but I don't see it, currently (if anyone can decrypt, so can the relay operator! - at least in any practical system that's going to be true) ... unless you entirely ditch identities, which removes the whole social network concept.
I would guess that the counter-argument is: well, you only need one non-censoring relay, so the decoupling of users from servers in this sense could well be enough. Hmm, probably. Servers can be shut down, though.
so are the notes saved on my client in local storage? or are they saved on the relays?
is my user account cross-device (exists in the nostr network) or is it limited to my one device?
also, is my profile and feed propagated to everyone by default? or the only people / relays that pick me up are ones that specifically request it? in that sense, it is more private because people can’t scrape the network and find me
Someone correct me if I'm wrong. I'm not a nostr buff ...
so are the notes saved on my client in local storage? or are they saved on the relays?
They're at least stored on the relays I imagine. It's probably up to the client to store wherever.
is my user account cross-device (exists in the nostr network) or is it limited to my one device?
Your key pair is your identity. Wherever your key pair goes you go.
also, is my profile and feed propagated to everyone by default? or the only people / relays that pick me up are ones that specifically request it? in that sense, it is more private because people can’t scrape the network and find me
I believe users have to request your feed from the relays.
I am both 2508ed2c2ab3f6728a880fafbc0895a2afeacbb74eb69847255fb60564af0d85 and 51535ad9f0e13a810f73ea8829a79b3733bd1fffb767c4885990b02f59103a13 as I am playing both with https://branle.netlify.app and https://branle.fiatjaf.com respectively.
Under settings -> there is a button "view your keys" but that screen doesn't allow me to enter existing keys or seedphrase... so basically every login is a new profile as wel??
in the latest version you can import a private key from another device but you have to clear your cookies to restart. Also, import the private key, not the 12 backup words, because the way jaf's software derives private keys from the backup words changed and consequently you won't get the same private key anymore if you use the same 12 backup words
There is no real delete on the internet, but there are ways to do best-effort delete attempts which we're considering.
The protocol doesn't have much baked in it, but most things can be done as extensions, which are always going to be optional and opt-in by clients and relays. Deleting is one of those.
This project is cool. You've obviously thought way harder about this problem/solution space than I, but something to consider if you haven't already...
Could the hosting cost be dramatically reduced if everything was deleted by default after some per-post-configurable amount of time?
Keeping data would become a reason to build an extension. Rather than the other way around. Relays would have retention policies. Users would have re-broadcast/archive policies. Those could be co-operative or redundant, depending on their respective choices and indexing extensions installed. The rogue relays would be the ones intentionally keeping data longer than they are supposed to, which would be kindof a service in and of itself.
...anyway, just $0.02 for you to noodle on. Keep up the cool work!
nostris fiatjaf's social network protocol:2508ed2c2ab3f6728a880fafbc0895a2afeacbb74eb69847255fb60564af0d85and51535ad9f0e13a810f73ea8829a79b3733bd1fffb767c4885990b02f59103a13as I am playing both with https://branle.netlify.app and https://branle.fiatjaf.com respectively.22e804d26ed16b68db5259e78449e96dab5d464c8f470bda3eb1a70467f2c793