140
Nostr continues to raise the bar on private, uncensorable online discourse (lemmy.ml)
submitted 10 months ago* (last edited 10 months ago) by makeasnek@lemmy.ml to c/privacy@lemmy.ml
52 comments fedilink hide all child comments
  • Note: "relay" is the nostr term while "instance" is the AP/Mastodon/Lemmy term. They are functionally very similar and offer the same abilities to ban annoying users from "public square" type spaces. Moderation works identically.
  • In AP/mastodon/lemmy you are connected to one "main instance" and then connect to other instances "through" that instance. In nostr, you are typically connected to multiple relays and access content more directly.
  • Nostr is an underlying protocol like AP is for Mastodon/Lemmy. The main use of nostr currently is as a twitter/mastodon clone, but it has other interfaces as well (calendaring, video sharing, etc) that I am less familiar with.
  • Both networks are decentralized in nature

AP/Mastodon/Lemmy

  • Instance admins on your instance and the instance of the user you are DMing can read your DMs, block them, or modify them without your knowledge or the knowledge of the receiving user
  • If your instance goes down, so does your access to the wider network. It will take your DMs with it, and your identity.

Nostr

  • Relays cannot read the content of your DMs as they are encrypted. They can only see that user A is DMing user B and approximate DM size. (This upgrade reduces that visibility further)
  • Relays cannot manipulate DMs as they are encrypted and will fail a signature check
  • No relay can prevent you from DMing another user as your client will automatically route the DM through another relay (unless that user has blocked you, which they can do).
  • You can receive DMs from anybody as long as one relay lets your DM through (and you are usually connected to several)
  • Your DMs and other content is replicated across multiple relays. Downed relay? No problem. You don't lose your content or your identity as your identity is a private/public keypair not "user @ instance dot com"

Bluesky

Idk anybody care to fill this section in?

Image source: nostr post

top 50 comments
sorted by: hot top controversial new old
[-] SorteKanin@feddit.dk 54 points 10 months ago

I have a hard time trusting something that advertises itself as "uncensorable". Good moderation requires censoring (and this is an okay version of censoring, it's not like your human right to be on a specific fediverse community).

Not being able to censor sounds like an easy way to become the nazi bar. Or in the case of nostr, I guess the blockchain/cryptocurrency bar.

[-] makeasnek@lemmy.ml 22 points 10 months ago* (last edited 10 months ago)

Lemmy is "uncensorable" and offers identical moderation abilities in the "public square" aspect. E-mail is "uncensorable". Uncensorable does not equal unmoderated. It means if you want to publish something, nobody, not the even the government, can stop you (though they can throw you in prison but that's outside the discussion of protocol). It doesn't mean anybody has to choose to listen to what you publish. It does not mean relays have to include you in their list of public tweets. Relays can pick what tweets/etc they show. They can choose what goes through their relay. What they can't do is stop you and another user from using the protocol to DM each other. As long as one relay allows your traffic through, the traffic will flow. They also can't stop you from tweeting, they can just choose not to show your tweets. If I want to follow somebody, frankly, it should be no business of a relay operator or the government or anybody to prevent me from following them, just like it should not be the business of the government to decide what books I am legally allowed to read. By building networks which are "uncensorable" we can guarantee that it remains not their business for future generations. So that they can live as free, or freer, than we do.

The internet, as a structure, is "uncensorable". This is good. Power should be decentralized. The whim of a government shouldn't dictate how the entirety of the internet operates, and it can't. People in power love censorship, it is to their advantage that we are not able to organize among each other using common communication platforms.

[-] SorteKanin@feddit.dk 4 points 10 months ago

I don't agree with that. ActivityPub includes methods of censoring and that is by design, for the purpose of moderation.

[-] Sekoia 43 points 10 months ago* (last edited 10 months ago)

I checked out Nostr relatively recently and it seemed to me it was full of cryptobros and extremely right-wing people (libertarians, Trump fanatics. A ton of racism and queerphobia, also a bunch of conspiracy thinking). Has anything changed?

[-] NigelFrobisher@aussie.zone 14 points 10 months ago

While I can see the value in speech that doesn’t exist at the whim of our corporate overlords, these are people who’d get beaten up if they tried to speak the way they do online in front of real people.

[-] Rose@lemmy.world 5 points 10 months ago

The corporate overlords are inherently right-wing, which is why they fund, build, and embrace those platforms. There's no revolt in joining them.

[-] makeasnek@lemmy.ml 6 points 10 months ago* (last edited 10 months ago)

Still some of those, as with any social media platform. I have come across a few objectionable things, I just blocked and moved on. But you pick who you follow so you pick who shows up in your feeds. Each relay has their own moderation policies, so (like Lemmy), you can pick relays which suit your moderation preferences (which effect the "trending notes"/public square section). Most nostr apps by default upon install will ask you if you want to automatically filter out crypto/nsfw/foul language/etc. I picked at random and didn't enable many of the filters.

[-] Sekoia 7 points 10 months ago

I'll stick with AP for now but I'll keep an eye on it, then.

[-] glowie@h4x0r.host 3 points 10 months ago

Libertarians are not right-wing lmao

[-] poVoq@slrpnk.net 21 points 10 months ago* (last edited 10 months ago)

They are in the USA, just not of the specific MAGA lunacy.

[-] glowie@h4x0r.host 4 points 10 months ago

You must be American. You should research Libertarian. It's one step before Anarchist.

[-] poVoq@slrpnk.net 25 points 10 months ago* (last edited 10 months ago)

No, I am European and I am painfully aware of the right-wing ursupation of the originally anarchist term "libertarian" in the USA.

[-] Sekoia 14 points 10 months ago

Nostr is culturally vaguely american, and it's hard to distinguish the libertarians from the Trumpists there (I've seen several posts saying "Trump will be better for Bitcoin", for example). Libertarians and republicans both sell themselves as "small government".

"Leftist libertarians" generally call themselves anarchists, in my experience.

[-] glowie@h4x0r.host 6 points 10 months ago

Yes, you're thinking of Libertarian Socialism, which is what I predominantly subscribe to.

[-] kenkenken@sh.itjust.works 35 points 10 months ago

For becoming something noticeable Nostr firstly need to go beyond just a bitcoin maxi discussion platform. Currently it's just a decentralized Parler.

[-] makeasnek@lemmy.ml 13 points 10 months ago* (last edited 10 months ago)

It definitely started as mostly crypto bros, kinda like how lemmy was 100% tankies, but it's gotten better. Lots more human rights activists and scientists and even just regular people on there now. A lot of human rights/privacy activists/orgs are joining up to it after nostr got some promotion at their conferences. Ultimately your feed will be who you follow so luckily you're in control of that. The default settings for most nostr apps even include a filter to remove anything crypto, NSFW, and other controversial topics related.

Still very early days for all these platforms.

[-] SnotFlickerman 22 points 10 months ago

There's a reason Lemmy strongly suggests using Matrix for secure direct messaging and has a place for it on your profile. 🤷

Just feels like a slightly disingenuous take on Lemmy since it's made clear in a lot of places that its suggested to use Matrix if you want safe user-to-user communication.

[-] makeasnek@lemmy.ml 8 points 10 months ago* (last edited 10 months ago)

DMs aren't as relevant in Lemmy so I get why securing them isn't a priority, but in Mastodon or any twitter clone it seems like a relevant feature I'd like to have some security/privacy with. Instance admins, and anybody who breaks into their server, being able to see all DMs seems like a security flaw that should be engineered away. Even Facebook, the place with the worst privacy, has E2E encryption (or so they claim, who really knows)

[-] possiblylinux127@lemmy.zip 10 points 10 months ago

I think there was a E2E spec being worked on with Activity Pub. I'm not sure what happened to it.

load more comments (1 replies)
[-] possiblylinux127@lemmy.zip 13 points 10 months ago

I'll just stick with Lemmy as Activity pub is where it is at

[-] greywolf0x1@lemmy.ml 5 points 10 months ago

Nostr isn't a Lemmy alternative, it's a Mastodon/Twitter/BlueSky substitute with more decentralized, secure and private features and i think OP should have pointed that out.

And since Op was comparing the secure and private features of both protocols, ActivityPub surely has improvements to implement for greater privacy and security.

[-] possiblylinux127@lemmy.zip 4 points 10 months ago

I can see mastodon users and communities on Lemmy though. We are one big family.

[-] SorteKanin@feddit.dk 3 points 10 months ago

Nostr is an alternative federated protocol. It can be used to make a microblogging application but there's no reason you couldn't make a Lemmy clone that uses Nostr instead of ActivityPub. But generally I'm not a fan of the stuff I've heard and read about the Nostr protocol so far.

[-] FutileRecipe@lemmy.world 2 points 10 months ago

But generally I'm not a fan of the stuff I've heard and read about the Nostr protocol so far.

Can you elaborate?

[-] SorteKanin@feddit.dk 7 points 10 months ago

First of all, it seems too technical for normal people. It requires users to keep their own public/private keys in order. I don't find this realistic for general users.

Secondly, this kind of "anti-censorship" retoric and features. Yes, of course excessive censorship is bad, especially when done by governments. But a forum moderating users requires censorship and it's not a problem, it is the solution. I'm not sure I like the idea of relays instead of instances.

Lastly, the whole Nostr community is overrun by crypto-bros, which should tell you enough about the kind of people who are excited about Nostr.

[-] thegreekgeek@midwest.social 9 points 10 months ago

Let's not forget that one of the of the core developers is a fascist and Jack gave them 14BTC:

That anonymous Brazilian is Giovanni Torres Parra, a developer who has also built at least two webpages devoted to disseminating the work of the far-right conspiracy theorist Olavo de Carvalho. Before he died in 2022 after contracting COVID-19, de Carvalho — known as Olavo — praised Brazil's military dictatorship, claimed that Pepsi-Cola was flavored with stem cells of aborted fetuses, preached that tolerance for homosexuality was "incompatible" with democracy, and had an office in Virginia decorated with portraits of Confederate generals.

[-] poVoq@slrpnk.net 4 points 10 months ago

That's an interesting point. Where are you quoting this from?

[-] poVoq@slrpnk.net 5 points 10 months ago

I’m not sure I like the idea of relays instead of instances.

Relay operators hold almost the same power as AP instance operators, but are much less visible to public scrutiny and accountability for their actions.

[-] glowie@h4x0r.host 2 points 10 months ago

Instances mean you're at the mercy of the admin not to ban you. No one can ban you on Nostr.

Also, it isn't crypto bros. It's only Bitcoiners. No one supports the degenerate pump and dump crypto scams.

[-] SorteKanin@feddit.dk 6 points 10 months ago

No one can ban you on Nostr.

Thats exactly the problem with Nostr. You can't get rid of the bigots. It's doomed to become a nazi bar.

Also if you don't like your admin on an ActivityPub instance, you can just go to an instance with admins you trust better or make your own instance.

[-] FutileRecipe@lemmy.world 3 points 10 months ago

It's doomed to become a nazi bar...you can just go to an instance with admins you trust better or make your own instance

Ok, how is that different than Nostr? Don't like your Lemmy instance admins rolling against your Nazi views? Join a different instance. Nazi sympathetic instance gets defederated by everyone else? Make your own instance.

[-] SorteKanin@feddit.dk 2 points 10 months ago

Nostr seems to make it much more difficult to weed out the bigots as they don't have a single point of origin (an instance). When you get to the point of making your own instance, it becomes easy to filter out all the users from that instance in one go, if the instance turns into a nazi bar. That is the difference.

load more comments (2 replies)
[-] KLISHDFSDF@lemmy.ml 12 points 10 months ago

Anyone following anyone interesting on Nostr? Tried it for a while and while the tech is cool I felt it was missing a good collection of people. All I ever saw was crypto scams and self referential memes/discussions about how cool Nostr is - which I agree - but that's not what I'm interested in.

[-] makeasnek@lemmy.ml 4 points 10 months ago* (last edited 10 months ago)

Finding good people to follow has been a challenge for me both on mastodon and nostr. But I find just posting and seeing who likes my posts and then following them has got me a decent feed curated at this point. And searching hashtags for topics I'm interested in.

There are some bridges so you can follow mastodon users on nostr and vice versa, but it's not quite the same. We're still pretty early adopters on both platforms at this point.

[-] DavidGarcia@feddit.nl 7 points 10 months ago

Lemmy is absolute garbage on privacy. I would love a private Lemmy with fine grained privacy controls.

[-] Zagorath@aussie.zone 9 points 10 months ago

Lemmy is absolute garbage on privacy

I mean, yeah, it is. But that's because privacy is not what it's trying to do. If anything, privacy is fundamentally antithetical to what it does. Saying "Lemmy is garbage on privacy" is a bit like saying "Microsoft Word is a terrible IDE".

[-] DavidGarcia@feddit.nl 2 points 10 months ago

It doesn't have to be.

You could keep the general structure and functioning while improving privacy.

For example, by obfuscating post history, anonymous posting or assigning a user pseudonym per instance/community, auto-deleting old posts/comments. All optional features of course. Let instances/communites decide which of these features they want.

Keep the structure of Lemmy with it's Reddit-like-ness and instances, but give users, instances and communities more control over data privacy.

Sure it's harder to implement, you need some minimal-knowledge reputation system, but there is nothing fundamental preventing that from being possible.

The nice thing about federation is that one instance/community can stay the same data-leaking privacy mess, if they so prefer. While others could operate analogous to 4-chan (or anything in between).

[-] SorteKanin@feddit.dk 4 points 10 months ago* (last edited 10 months ago)

obfuscating post history, anonymous posting or assigning a user pseudonym per instance/community

These suggestions sound like a moderation nightmare. This is definitely not desirable.

[-] DavidGarcia@feddit.nl 2 points 10 months ago

That's the point of the repuation system.

It's a very hard problem, I'll give you that.

What you need is, each instance and community collects reputation in the federation. then users posting on those instances can collect reputation on those. basically by not being banned or massively downvoted. Your reputation is weighted by the reputation of each you collected it from instance.

Each users identity is tied to some key that collects reputation, that you generate new identities from from for each instance/community/post. Like how some credit card services give you a new credit card number for each new website.

Admins don't know who you are, but they can see and verify your reputation.

Then instance/community admins can decide if they want a different weighting. For example, to completely disregard the reputation by some instance or make one you like 10x more important.

You could get an ordered list of posts or pseudonymous users based on the reputation. Untrustworthy users will glow like a christmas tree.

That would be one way to do it. It's hard to make it water tight, but any improvements would be better than the current fediworse.

[-] pedroapero@lemmy.ml 6 points 10 months ago* (last edited 10 months ago)

It seems to me that there will be much less relays than there are AP nodes. Users won't publish/subscribe to hundred of relays (if they did, relays would not scale). Hence more bad content to less moderators, and poor moderation.

Adding client filters would just shift the censorship power to those maintaining them.

[-] zinderic@programming.dev 5 points 10 months ago

Almost ready for it's prime time I think. We just need a bit more on the UI/mobile app friendliness to make it shine for all.

[-] makeasnek@lemmy.ml 3 points 10 months ago

Almost ready for it’s prime time I think. We just need a bit more on the UI/mobile app friendliness to make it shine for all.

Yep, been using it for a few months now and it's getting really good. Not quite as polished as mastodon (as least in the app I'm using), but still very fully featured.

[-] snowfall@mastodon.social 3 points 10 months ago

@makeasnek "private" as in ownership, not privacy.

[-] smileyhead@discuss.tchncs.de 2 points 10 months ago* (last edited 10 months ago)

Why do we even need relays in the first place? Like, if only someone could create a network that could enable computers to send messages to each other on the layer below apps so apps would just be to display and format those messages, not pass them (ツ).

[-] makeasnek@lemmy.ml 3 points 10 months ago* (last edited 10 months ago)

Why do we even need relays in the first place?

To store message content. To hold message content if you send a message to an offline contact and vice versa. To handle getting things across networks (clearnet to Tor and back if you only are connected to one). To work around NAT etc. To moderate "public square" type features (ie trending posts). Many reasons.

What if one relay is on clearnet and the other one is on Tor?

No problem, relays can communicate cross-network. They relay things between each other so traffic will find a way through as long as one node speaks to both networks.

What if relays I use are not rechable by my contact, that lives in censored country like China and can only connect to relays in there?

As long as there is a relay path between you and your contact, there is no issue. Relays can be run through Tor and other anonymity networks which are very difficult to distinguish from other forms of encrypted traffic.

Why do we even need relays in the first place?

load more comments (2 replies)
[-] RobotToaster@mander.xyz 2 points 10 months ago

Same reason you need an email server, not everyone is online at the same time.

Closest I've seen to something truly serverless is plebbit, which is a Reddit/4chan clone using ipfs.

load more comments (1 replies)
load more comments
view more: next ›
this post was submitted on 14 Jun 2024
140 points (100.0% liked)

Privacy

36993 readers
349 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz