
Yes, but in order to avoid hosting non-group zap receipts I'd have to parse the zap receipt and make sure the p-tagged user (or even e-tagged event) is on the relay. Not impossible, but also not clean
đź”” This profile hasn't been claimed yet. If this is your Nostr profile, you can claim it.
EditYes, but in order to avoid hosting non-group zap receipts I'd have to parse the zap receipt and make sure the p-tagged user (or even e-tagged event) is on the relay. Not impossible, but also not clean
NIP 29 is deceptively hard. Trying to implement zaps on access-controlled groups right now, and I either have to have the zapper send them to publicly writable relays, or white-list zap responses on the group relay somehow, since the zapper doesn't have permission to write to the group.
Ohh, those are badges. Interesting. Those also seem pretty easy to fake for a persistent attacker.
Yes, I was impersonating myself:
I'm having a little trouble with zapstore this morning, got this error when trying to publish a release: > Publishing kind 32267...Exception: error: SQLiteError: database or disk is full zapstore install zapstore also hangs searching for zapstore
Nostr will fail to the extent that people can't tell an impersonator from the real thing. The number of reports I get about my impersonator indicates to me that nostr is failing. But it doesn't have to be this way! Web of trust fixes this. Let's play a game of "spot the impersonator". I created a fresh impersonator account with a valid NIP 05 from nostrplebs and all the same profile data. I didn't bother to clone my notes or create a bunch of sock puppet followers, but that could easily be done, and would improve the resemblance. Coracle: Pretty good if I do say so myself. Social trust is shown in two separate ways: web of trust indicator and followers tab (although followers is not complete or sybil resistant). 0xchat: Exactly the same, other than NIP 05 address, which I don't consider any sort of validation at all. This is a classic phishing maneuver, and recently allowed 's impersonator to trick some people. Yakihonne: Some social indicators are shown, but are not sybil resistant. They're also down the page a bit, and might not be noticed by users. Jumble: No social proof indicated at all — the tabs at the bottom can easily be faked by the impersonator. Nostter: No social proof, and failed to validate the NIP 05 for the real user. Nostrudel: Nostrudel does something original in showing the public key color. But how often are you going to memorize a user's color? I'd argue this is even worse than nothing because it obscures the NIP 05, which _might_ tip you off. Iris: Iris shows wot-vetted "known followers", which is good. In other places, a wot-based check mark is shown next to user avatars. This should probably be added to the profile page too, but still, pretty good. Amethyst: Amethyst shows some social proof, but it's hard to tell exactly what those profile pictures mean. Primal: Like yakihonne, social proof is visible, but not sybil-resistant. Let's take a look at search now. Some clients do a much better job at this, some do a MUCH worse job. Coracle: WOT indicators, correct sorting, complete results. Arguably, the impersonators should be filtered out entirely, but I personally prefer to have them included. Jumble: Same thing, minus WOT indicators. Not bad. Nostrudel: It's a pass, but I'm not sure if duplicates are filtered out on purpose or not. The check marks indicate NIP 05 validation, not wot validation. Yakihonne: Only shows the legit version, along with a badge (I'm unsure if it's NIP 05 or something else). Pretty good. Iris: Very limited results, WOT-based check, pretty good. Primal: Eliminates impersonators, show follower count, pretty good (though not sybil resistant in all cases). The winners are Iris and Coracle for web of trust indicators, and Primal and Yakihonne in the "global view of the network" category. I'd love to see this get better though, and not just because I am now famous enough to have an impersonator. WOT calculations are low-hanging fruit, especially with the vertex DVM by around. Getting this right is a core value proposition of nostr and is worth the effort.
You'll also want to find a way to avoid duplicating tags if they need to be indexed but also used in content. Which means content likely needs to be able to reference tags in either place.
I make ginger beer for the family, it's very easy and DELICIOUS
I didn't read the whole thing, but IMO this is straight up loser talk. His identification of the outward decline of Christendom with the hidden advance of the gospel is gnostic bunk. To be fair, I think this position comes from a reaction against Christians who do exactly what he's condemning, i.e. trying to advance God's kingdom primarily or exclusively through human effort. This is doomed to fail because it's an explicit rejection of the empowerment and direction of the Spirit. But to me, Constantine was very much the tail — Christianity didn't become established because it was adopted by the emperor; it was adopted by the emperor because it had become established. And having been adopted by the emperor, certain fruit necessarily ensued — the character of the empire changed as a result of its adoption of Christian values. See Leithart's "Defending Constantine" for more details. When Gordon claims "What Christianity needs is competent ministers, not Christian judges, legislators, or executive officers," he's overstating his case. In one sense, I agree — Jesus is the vine from which the branches grow, and we know Him through the preaching of the gospel. But does this mean the branches don't have a role in producing fruit? Preaching is not a one-sided activity, the word is meant to go out and have an effect in the lives of the judges, legislators, and execs sitting in the congregation. This effect is not abstract or ephemeral, it takes shape in actual human action. Christian workers produce Christian work, which is evidence of the advance of the gospel, not evidence against it.
If there's any activity on telegram, I'm not aware of it. I left the nostr group long ago. I do have a flotilla instance set up just for this purpose, which you can join at relay.nostrtalk.org with the invite code `nostrtalk`. Not much is going on there, the conversation is too fragmented across different sub-protocols, but it's something.
Wow, I have infinite volgers, cool! The negative flag is really nice, how are you calculating that ? I'd be afraid of false positives.
Yeah, don't let me stop you
I don't think so. Until the event is processed, you have no information either way. A negative flag just confirms that it's ok. Requests are async and so clients have to defer anyway. There also may not be a label for every event, does that mean the service is still processing, or is there a timeout relative to created_at? You have to deal with all these problems regardless, negative flags just clog up the network with a bunch of mostly useless events.
I'm not convinced about the negative flagging, I still think 1984 is good enough
Some clients do this, it's not a bad idea
I think this would be great. I built a proxy a long time ago: https://github.com/coracle-social/multiplextr but the AUTH stuff never got solved. I like your solution.
Sure, but also design matters. Wot isn't a panacea, I'll give you that
I see what you mean, not a bad idea
Yes, which is one reason why we need wot
It just seems like a different way of doing the same thing
This is definitely a weak point of WOT, once it's infiltrated you have to get rid of the attacker another way. We've actually had "petnames" for as long as I've been around, the problem with them is people aren't likely to assign them unless people's own names are confusing to them. Adding petnames publicly also has some privacy implications which would make them hard to share.
Just figured it out, just check the zap request (which is embedded in the zap receipt) for authorization.
Not sure yet
I'm the fake
Christian Bitcoiner and developer of coracle.social. Learn more at info.coracle.social. If you can't tell the difference between me and a scammer, use a nostr client with web of trust support.