Hacker News new | past | comments | ask | show | jobs | submit login

I have to repeat my most important concern about Nostr from ~3 months ago[1]: Nostr makes you forward data from strangers unencrypted. If anything unlawful which you forward for Nostr is ever found on your computer, or found transmitted from your computer, you'd have fun time to explain to the authorities how it even ended up on your machine, and why are you disseminating it.

Encryption is not trivially easy to introduce into this scheme, and it can't be too seamless. It's possible though, and I encourage the developers to work on that.

[1]: https://news.ycombinator.com/item?id=34529931




Then I guess I'll have to repeat my top reply to you then.

"Relays can be authenticated. If you don't want your relay to accept data from anyone, don't leave it open. Same with any other Internet protocol."

If you don't want people to host illegal stuff on your server, do not run an open relay, an open FTP server, a social network, or an image host.

If you do, be prepared to have to work hard to keep bad actors at bay.

It's not strictly a NOSTR fault, and there is no reason why YOU need to run a relay.

Your comment is misleading and a little disingenuous: Nostr doesn't make you forward stuff. A client doesn't have to forward anything. It just connects to relays and subscribes to topics. Relay != client.


Authorities are already working together with companies in lots of ways to filter out illegal things, and it doesn’t look like they are putting CEOs for prison as long as they try to filter these things out with the tools available.

What Nostr changes is the backdoor deals that are happening and Elon was showing: FBI, CIA and other governmental organizations censoring politically sensitive, but legal content, which incentivises governments to be more transparent (and of course CSAM will remain illegal, there’s no controversy around it).


I guess what I meant to say, for those who missed out on the good old scuttlebot days, is that encryption is trivial and also you should not be syncing strangers.

People have solved these problems before, and we will solve them again.


Certainly! But they need to be solved first, and key distribution / trust is a bit more involved than just message propagation.

Not synching strangers may sort of miss the point of "censorship resistance". A group of people that know each other can use e.g. Signal to share data, with very good guarantees of protection from outside snooping or pressure. I thought that one of the key parts of Nostr's idea is the ability to find forwarding nodes without being personally friends with node operators, much like Bittorrent or IPFS.


Yah, you've got it. Nostr is heading in this direction that scuttlebot already achieved (at one moment in time) by eventually developing encryption over a wire and having a sync strategy.

Right now Nostr (mostly) parks everyone's data on the relays without a strategy. On ssb there was a strategy, which was that relays are also friends and they decide what they keep for you. FOAF gossip and replication. I'm sure there's a repo with some old node.js code in it somewhere around here that describes it.

We'll get beyond this, and we're putting together the team to redevelop scuttlebot right now.

If you're interested, hollar. We have no funding.


To me the entire protocol seems like a slightly shittier reinvention of the fedi approach; centralize what some people would consider hard to decentralize, assume there's enough willing souls to run the centralized technology and pray that you don't end up with one big default who can exclude all the others.

The problem is that you get the Tor exit node problem with this approach - being a relay means becoming the toxic sewage plant of the network in this way. Running a Tor exit node basically means arranging for the authorities to try and bust you down because someone tried to get unencrypted CP over your exit node. (Running between nodes over Tor is marginally safer since you'll only be handling partial requests but still not recommended for much of the same reasons.)

Now, Tor is perfectly functional since some countries have relaxed laws for that sorta thing, but Tors data transfer is also transient - an exit node does not store anything long-term. Nostr's relays on the other hand need to do long-term data retention. I wonder how long that will last outside of flagship/VC-backed instances.


Not that it is 1:1 equivalent (due to expense and difference in encoding), but blockchains such as bitcoin can be used to store arbitrary data (and have been). Thus far I believe no one has gone to jail for running a cryptocurrency node because of non-financial reasons.


>blockchains such as bitcoin can be used to store arbitrary data

You are right, 50k or so Bitcoin nodes around the world host blocks with cp which was placed there roughly a decade ago. It cannot be removed from the chain.

AFAIK nobody has been arrested for running a node.


> If anything unlawful which you forward for Nostr is ever found on your computer

That can only happen if you are running a Nostr relay. Nostr clients don't forward anything.


I understand the concern, but it makes me sad.

The internet itself is a network of relays that store and forward traffic for other nodes, unencrypted.

With that modern perspective, the internet would be unthinkable.

And, yes, these days you might have to "explain", but even the law says you are clearly not liable for passing other people's traffic. At least until recently, that was the principle. In the US, that's e.g. DMCA §512.


Yes, this is where Secure Scuttlebot is superior.

Why would you connect to people out of your friend of a friend zone?

An algorithm should decide who you are relaying.


You are talking to strangers on the internet right now and seem to find it worthwhile.

Do you mean Secure Scuttlebutt? "Scuttlebot" seems to be the old name for the primary Secure Scuttlebutt server implementation (https://handbook.scuttlebutt.nz/glossary), though its website is still https://scuttlebot.io/.


Yes, you've got it. Not many people were around back then, but once upon a time there was a working version of Scuttlebot (by Dominic Tarr) that was documented at https://scuttlebot.io/ with a client called Patchwork (by Paul Frazee).

The idea behind the project was that you would gossip between scuttlebot 'pub' servers and then replicate messages from the people you follow and the people that those people follow. All of the messages were signed with ed25519 keypairs, and to send private messages you'd use ed2curve to box private messages.

These days we're putting together a team that is going to salvage what is left of the working code from back before the project was scuttled and hopefully restore the network to functionality again. Please be in touch if you are interested in this future.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: