The article is OK albeit unaware of what is happening on the NOSTR world so I'll take the liberty of making some predictions related to NOSTR:
1) Blossom grows even more and defacto replaces IPFS for decentralized file distribution
2) Open Social goes beyond text and decentralized video, docs, meetings, calendars become easily available with several implementations sharing a common NOSTR protocol underneath for accounts and communication, see https://iris.to/ as first example
3) True P2P social web is achieved. Forget about servers or clouds, each cellphone becomes its own data center and cellphones talk with other using P2P techniques
From what I see, WebRTC is the key to achieve direct P2P connections.
I'm involved at NOSTR project where beyond internet the connections can be made with bluetooth, LoRa, LAN (including Wi-Fi) and radio using walkie-talkies.
This is great to hear. The part about Bluetooth/radio/LoRa sounds vaguely like Reticulum. I’ve always thought that the two projects could find alignment somewhere. Nostr with Reticulum style features, or even just Nostr over Reticulum, would be unstoppable.
Not even knowing what deltachat is, however Signal was suspected from the start of being developed by the NSA (read the story about the founder and the funding from the CIA) and later received tens of million USD each year from the US government to keep running. So it is never advisable option when the goal is to acquire some sense of privacy.
Nowadays even YouTube comments are more anonymous than using a "deltachat" or "signal". On the first case there is zero verification on their claims, on the second case there is plenty of evidence of funding from the CIA.
At least commenting from an unknown account on any random youtube video won't land you immediately at a "Person of Interest" list and your comments will be ignored as a drop of water inside an ocean of comments.
This is such a recurring topic that it might be better for me to one day write a blog post that collects the details and sources.
In absence of that blog post:
Start by the beginning, how Moxley left Twitter as director of cyber over there (a company nowhere focused on privacy at the time) to found the Whisper Foundation (if memory serves me the right name). His seed funding money came from Radio Free Asia, which is a well-known CIA front for financing their operations. That guy is a surf-fan, so he decided to invite crypto-experts to surf with him while brainstorming the next big privacy-minded messenger.
So, used his CIA money to pay for everyone's trip and surf in Hawaii which by coincidence also happens to be the exact location of the headquarters for an NSA department that is responsible for breaking privacy-minded algorithms (notably, Snowden was working and siphoning data from there for a while).
Anyways: those geeks somehow happily combined wave-surf with deep algo development in a short time and came up with what would later be known as "signal" (btw, "signal" is a well-known keyword on the intelligence community, again a coincidence). A small startup was founded and shortly after that a giant called "whatsapp" decided to apply the same encryption from an unknown startup onto the billion-sized people-audience of their app. Something for sure very common to happen and for sure without any backdoors as often developed in Hawaii for decades before any outsiders discover them.
Only TOR and a few new tools remain funded, signal was never really a "hit" because most of their (target) audience insists on using telegram. Whatsapp that uses the same algorithm as signal recently admitted (this year) that internal staff had access to the the supposedly encrypted message contents, so there goes any hopes for privacy from a company that makes their money from selling user data.
Not discounting the suggestions and implications there, for all we know all of that could be true, but that's still a tremendous amount of speculation. And the fact itself that the US gov and US institutions have invested in cryptography or anything at all doesn't automatically make those investments "tainted" (for lack of a more inspired word).
I'd be interested in reading that blog post eventually.
NOSTR is built to behave like existing platforms when desired. You are forgetting the fundamental difference that brought NOSTR to life: your identity and your texts being verifiable as yours.
NOSTR was a response to the situation where virtually all other social media platforms could basically block your identity and delete all your posts. There is no such drastic possibility at this platform. Sure enough that relays might refuse to receive messages from a user and delete notes from their servers but they will never be capable of silencing that user and he can continue sending his (verifiable) messages to any other relays out there in the internet. Followers of that person will continue to read his texts without disturbance, which is quite relevant when not long ago you'd see large groups of people de-platformed when refusing to inject toxic substances on their bodies.
It is a world of difference between centralized/federated platforms to NOSTR where your freedom to write messages as yourself can never be taken away.
No, they're verifiable as having been signed by a key. You can still call yourself "Michael Jackson's Ghost". This is the only identity verification people care about, the big bad "send us proof you are who you say you are" gate.
The concept of public library are the "super-relays", which are always available and basically accept any note you send their way.
It is "kind of" like reinventing email with PGP. Main difference is that you can choose to send the message in plain text with a cryptographic signature that proves it was sent from you or full encrypted like PGP.
There is still (in my opinion) a disadvantage when compared to PGP: key rotation. Once you create a key pair in NOSTR it is your identity forever, whereas in PGP you have mechanisms to declare a key obsolete and generate a new one.
In overall PGP failed over the last 30 years, sharing public keys with other people was always the biggest difficulty for real adoption. With NOSTR this process is kind of solved but we are yet to see about adoption.
NOSTR is a protocol that doesn't detail all implementation details so it wouldn't be fair to point HTML as culprit for flaws of web browsers.
That is a good paper, the leaks are mentioned the app Damus (notes browser) which wasn't really much worried about verifying the authenticity of the notes. The details: https://crypto-sec-n.github.io/
These are apps developed on free time and made available for free so these issues are bound to exist and be repaired.
You are correct that it existed well before, the difference is that it was always complicated to use. Heck, we have been able to send PGP emails since almost 30 years ago.
The innovative concept is that npub/nsec along with sending notes is trivially simple. The content does not need to encrypted, there is a huge value on publishing clear text messages that are crypto-verifiable. You also didn't had this feature on groove and others. I'd argue that NOSTR has indeed pioneered them into mainstream.
Nowadays a NOSTR "relay" isn't exactly a relay any longer, is it?
Should likely be called a "database server" since it's main purpose is to host user data and perform queries over it. A relay is something connecting two devices and makes a best effort to get out of their way.
Nevertheless: NOSTR is the most exciting social network that I've seen in the past 20 years. The concept of owning the keys without a blockchain associated enables not just decentralization, it also permits a complete offline functioning to login, view private messages and so much more that isn't possible from any other popular social network predecessor.
I've been looking at that for quite some time, even met teams members developing the product. Sorry to say: both are fundamentally different technologies and philosophies.
NOSTR "accounts" are meant to trivially generated and used outside the context of micro-blogging. That is the reason for being popular, the npub becomes a signature that validates texts and there is value in that.
AT always feels like mastodon meets RSS with US-centric political moderation on top.
I wouldn't write ATProto off as just microblogging, there are a bunch of interesting (and exciting depending on your POV) apps out there that _aren't_ microblogging apps. To name a few:
This is something you opt-in to. Two concepts, labels and moderation policy.
You subscribe to "labelers" which will apply labels to posts. You can subscribe to many labelers. Some labelers will be generic or some will be focused on a certain idea/niche. You might have a labeler focusing on nsfw content or another for human vs ai content. Or one who just tags spiders. Labels can be anything, and are stand alone data objects in the atproto ecosystem.
Your moderation policy is up to you, on how to handle those above labels. You can decide to allow, warn, or block for each label applied by your labelers. Warn shows a content warning you must click through first to see.
Bsky does have a default labeler and moderation settings when you sign up, which you might be experiencing.
It can be done by the author (self-label), by an app, or by third parties (moderators/curators), depending on the trust model.
Other clients can decide to use that classification/label
--
For moderation purposes. If the behavior is closer to abuse (spam, scams, harassment...), use NIP-56 (Reporting). Reporting harmful/should-be-moderated content.
Thank you for explaining how it works. I'm building a decentralized platform and NOSTR was the first choice as base for signing messages and identities. There is the will to include other protocols (even IRC is supported as entry method) but whenever approaching AT there are always obstacles.
1) Blossom grows even more and defacto replaces IPFS for decentralized file distribution
2) Open Social goes beyond text and decentralized video, docs, meetings, calendars become easily available with several implementations sharing a common NOSTR protocol underneath for accounts and communication, see https://iris.to/ as first example
3) True P2P social web is achieved. Forget about servers or clouds, each cellphone becomes its own data center and cellphones talk with other using P2P techniques
reply