The interesting thing (to me) about Nostr is that it let's people actually own their data in a relatively accessible/simple way. It's by far the simplest implementation of these modern decentralized protocols I've seen, and that's awesome.
But censorship resistance and decentralization are not really a problem for most people, and it definitely isn't a unique selling point.
Also, I always say this when Nostr comes up, but the stench of Bitcoin is hard to rub off. No matter how cool the protocol is, every Nostr community is pretty much filled to the brim with cryptocurrency people. At this point, everyone knows someone who has been scammed by crypto, so the association does not instill confidence. (Plus if we're talking social networks, hyper focused nerd communities are incredibly boring to most people)
Most people on Nostr are pro Bitcoin, not pro cryptocurrency. Bitcoin and crypto are not the same. There have been tons of scams in crypto, but not in Bitcoin. Sure there were people who created a scam and told people to send them their Bitcoin (Blockfi, Celsius, Netflix doc "Bitconned"), but that isn't the same as the crypto scams. The Bitcoin core devs never created a token and then ran a pump and dump. It's like saying someone scammed someone with USD, therefore USD is a scam.
bitcoin is a cryptocurrency. this idea that bitcoin isn't crypto is relatively new and only bitcoin maximalists actually believe it. the industry certainly has moral people who behave themselves and they're not all bitcoin maximalists. it doesn't actually do any good to try to set bitcoin apart in an attempt to appeal to public sentiment. it just makes the whole thing reek of sectarian quarreling.
Once you start requiring (thispubkey == thatpubkey) you make it so all relay operators have to index their entire repository of messages to comply. This requirement forces low end operators out of the relay space.
I don't know much about Nostr, but would like to learn more.
The author says they usually publish their messages to the relay at wss://pyramid.fiatjaf.com
Does that mean when I use a Nostr client, I can instruct it to pull from that relay and as long as that relay relays them, I will receive all their messages?
If so, I would call that decentralized.
The fact that a relay can decide to drop a message seems hard to change.
I guess one could put an incentive into the protocol for relays to not drop messages. Like having them stake a certain amount of value and slash it when it can be proven that they refused to relay a message. But that might be pretty complicated. For example: How would you know the relay received the message? Maybe with a web of witnesses which each have a certain amount of earned trust? Tricky.
My feeling is that the easiest way is to just accept the fact that relays can decide to drop messages. And for publishers to post to trustworthy relays, and for readers to pull from trustworthy relays.
A reputation system is about the only way to make federated or decentralized systems be robust against bad actors. Attaching financial incentives from an automated network isn't sufficient because the financial incentives to be a bad actor could very quickly outpace the incentives to be a good actor.
Reputation is notoriously difficult, but I have some ideas on how you could manage it in a decentralized-ish (I'll get to the "-ish" part later) manner that can't easily be gamed:
- Nodes discover each other via DHTs or DNS records
- Nodes peer with other nodes
- Node administrator selects a subset of "trusted" nodes. In practice, this creates centralization, but is important for bootstrapping...
- Nodes use the list of trusted nodes to calculate a reputation score. The reputation score is a float. The reputation score of a node starts at 0.0 and may be influenced by administrator-decided metrics such as spam detection, user interaction, or manual intervention to boost or deboost a score. The score is also weighted against the "opinion" other nodes have of that node, with a higher weight placed on trust the previously selected "trusted nodes"
- Nodes that fall below some threshold do not get events forwarded but do still get their reputation tracked and shared with other nodes
There's a bunch of details that need to be enforced by the network to ensure this works: nodes identity is at least partially tied to an IP address. All communications are signed using an alternate PKI web of mutual signature chains and trust. Reputation assertions are digitally signed and virtually unforgeable.
Nodes may have different classes for serving different purposes. For example, nodes whose role is exclusively to provide a reputation score to other nodes should be common and may chose to collect payment for verifying a node (yes, pay to play is a requirement for a healthy ecosystem). Other nodes may exist exclusively for spam filtration purposes and provide reputation scores based on heuristics.
Bake in a few heuristics into user interaction (blocks, reports, etc.) that in a reference implementation translate into dings in reputation scores should incentivize admins to police appropriately but should be weighed against echo chamber effects that may result.
I've thought about this rather extensively. Email is a great blueprint for this, but relies on protocols that make it very difficult to implement some of these features and so struggles to this day with spam management.
The distinction between federation and decentralization is missed in basically any article or discussion I have seen related to mastodon, cryptocurrencies, nostr, etc.
Decentralization ends up getting boiled down to a binary, a network is either decentralized or centralized. There's way more nuance than that, but nuance makes for boring and drawn out discussions/articles.
But censorship resistance and decentralization are not really a problem for most people, and it definitely isn't a unique selling point.
Also, I always say this when Nostr comes up, but the stench of Bitcoin is hard to rub off. No matter how cool the protocol is, every Nostr community is pretty much filled to the brim with cryptocurrency people. At this point, everyone knows someone who has been scammed by crypto, so the association does not instill confidence. (Plus if we're talking social networks, hyper focused nerd communities are incredibly boring to most people)