The biggest problem I see here is forwarding someone else's unknown and unencrypted content.
Imagine you're running a relay on your machine, and somebody posts some CSAM, or stolen CC data, or hate speech, etc through your relay.
Unlike an email client, your relay actually makes that message available to anyone.
Unlike an email relay, you are not forwarding the message to someone else like a dumb pipe; there's no final destination.
Unlike a torrent / DHT node, you do not know beforehand what you are going to make available.
Unlike a Tor exit node, you do not deal in encrypted fragments which you don't store locally.
Unlike an IPFS node, you do not store fragments of files while not even having a full set of such fragments for a given file.
Even though the message is signed, you can't reasonably prove that you do not possess the private key used to sign it, or have not possessed.
So, if you are an anti-censorship activist, and your machine gets searched (which may be even easier to do in the case of a VPS), you, the runner of the relay, may have some pretty unpleasant time. Even if you manage to convince everyone that you only forward these messages and do not inspect or endorse them, and the authorities will not even fine you, it will cost you time and trouble.
Worse, it becomes easy to send something incriminating from a throwaway or stolen client through your relay, and report you to the police. This can of course be done with email or any IM, but these will immediately show you what you've got, so you can e.g. immediately delete it. They do not allow perfect strangers quietly put random stuff onto your disk.
Of course the point of the protocol is to resist censorship, so any content deemed criminal by someone cannot be entirely blocked. But the publishers and the receivers of such content make their choice, while those running a relay seem to remain unprotected from from consequences of that choice which they did not make.
> Imagine you're running a relay on your machine, and somebody posts some CSAM, or stolen CC data, or hate speech, etc through your relay.
Relays can be authenticated. If you don't want your relay to accept data from anyone, don't leave it open. Same with any other Internet protocol.
Also, per the spec or convention, relays SHALL NOT talk to each other. Each relay is a separate island, but the protocol permits and recommends clients to publish on multiple relays. This is the basis of their censorship-resistance.
The whole reason I was excited about Nostr was the censorship resistance but if the relays choose who gets to authenticate you’re back to square one (well, whichever square Mastodon is).
Also, it seems naive to think that a ban on blocklists in the spec will keep real free humans from doing exactly as they’ve done on email, Mastodon etc and share block lists.
I've only read a little about Nostr, but I think the difference is that with Nostr you own your own identity, so if a relay bans you you can just switch to a different relay and continue as you were with no significant disruption.
You're probably right about shared blacklists eventually becoming a thing though.
The AUTH Nostr Implementation Possibility is not mandatory. You can choose to use it or not, it's not all or nothing.
Every single NIP except for NIP-01 is optional.
> It says they don't talk to each other but it is not prevented
No protocol can prevent a piece of software from doing whatever they want.
The "shall not" is not absolute: the spec assumes and expects relays not to talk to each other. Nothing prevents you from creating a relay that connects to another relay, of course, but that would not be in the spirit of what Nostr is trying to achieve.
All this stuff might true, but from both a user and a developer perspective it actually works today and has a vibrant community of motivated, talented and interesting people building on it AND using it.
There are ways to address all of these problems if and when they occur.
I think one of Nostr's biggest contributions is its culture of pragmatism and speed. Do something simple, quickly that works instead of sitting around worrying about every edge case (which is a what a lot of "decentralized" projects do). If you have no apps and no one using them, none of the problems you mention exist. If you come up with something ridiculously complicated (think some recent w3c proposals), you've built a massive barrier to contributors and to developer and user adoption.
I see now. The censorship against which Nostr offers some resistance is things like being banned from Twitter, or being expelled by disgruntled moderators from a subreddit, or maybe even fired by your domain name registrar..
It's not the kind of censorship resistance which opposition in country with an oppressive regime might need, and in general not a solution against censorship by state-level actors.
Well, fair. Also, fun and lightweight, no browser needed.
One other critical bit of "censorship" and "oppression" that Nostr very much wants to route around is any restrictions on use of Lightning et. al. cryptocurrency payments directly in Nostr clients, without any intermediaries or custodians in the way. (This fear of "economic censorship" seems to be a common boogieman in cryptocurrency circles, from what I can tell. Certainly a bigger fear than state-level actors coming after you for your Nostr notes or toots or whatever.)
Whether you think that's a good or necessary thing probably tracks very closely with your beliefs about whether money and its expenditure is protected speech. Obviously that's something about which the highest courts and legislative bodies in the USA already have complex and sometimes-contradictory views, so I certainly won't claim there's a single correct answer...even if my personal beliefs fall very much on the "money is a modern social fiction in no way connected to fundamental human rights" side of the spectrum.
This sounds a lot like building a car by attaching an engine and a steering wheel to a frame, and worrying about addressing problems (such as seats, gear switching, seatbelts, airbags, doors, windshield, ...) only as they occur.
Which I guess is kinda fine if you're building slow go-karts to do friendly races with your neighbor in their backyard - but instead you're already letting those out on the open roads on day 1.
> You've just described 100 years of car evolution.
On purpose. You can't build a car today that ignores these learnings, and safely deploy it on the open roads; just like you can't build what's effectively an open relay like it's 1997 and expect to stay safe against the threats outlined by nine_k.
Your analogy fails at the mere fact that no physical harm can result from Nostr not solving this one thing you think is 100% necessary.
The fact that Nostr is up and running and working is the undeniable fact that you don't NEED to solve every single problem known to humankind before you write some lines of code.
I've never denied this. You can also DIY a go-kart and drive it on an open road.
> Your analogy fails at the mere fact that no physical harm can result from Nostr not solving this one thing you think is 100% necessary.
Notice how you've specifically used the term "physical harm" to differentiate from other forms of harm. Harm is harm.
> The fact that Nostr is up and running and working is the undeniable fact that you don't NEED to solve every single problem known to humankind before you write some lines of code.
...Where did I try to deny this? My analogy is very specific in that you can do all of these things, and with enough luck, nothing bad will happen.
The problem with luck is that it doesn't scale well, especially on the open road. I mean, Internet.
If your software encrypts user data with a user owned key that you never touch, i.e. everything is encrypted at rest, can you still be liable if it's later proven to be CSAM?
Not much. While this may keep you out of jail, it will not prevent you from being raided at four in the morning and having your pets shot and all your computers seized for months.
> Even though the message is signed, you can't reasonably prove that you do not possess the private key used to sign it, or have not possessed.
That is an assumption that you made and strikes as FUD. An equally valid assumption is that nobody can reasonably prove that the person has the private key used for signing the files. Assuming the stated nature of relays and their intended purpose, there is more ground to assume that a relay is a service provider without reasonable way to inspect the contents of encrypted data.
> without reasonable way to inspect the contents of encrypted data.
This would be entirely correct were the data encrypted %)
The data are signed, but otherwise plaintext.
For reference, kids in the US got arrested for possessing nude pictures of themselves on their phones [1], because mere possession of a nude picture of an underage person is restricted by law. Talk about who are you going to convince that some shady stuff just happened to pass your server.
Same with Mastodon, same with Tor. Abstract software people forget that at some point we run into the real world. The glyphs of science and math are not holistically representative of reality, but minified abstraction of reality for portability; it would take many more books to capture all of physics in English, so simplified languages over loaded with meaning to save space came about.
Social media seemed novel af but it’s resolution was the extent of what our computers and networks could handle at the time. Not some finally destination.
Especially with future hardware, RTX 6000, or whatever they call it, and beyond making novel content generation via ML a thing anyone can do, social gabbing in filter bubbles seems even more likely to be on its way out.
The protocol notes that the relay has a choice to accept content, for example a large video. If you were running a relay you might want scanners for spam and illegal content running out front before relaying any content.
It's only recommended that you store json and text on relays. It's a text protocol, not a protocol for storing large binary data. Note sizes are restricted as well on most relays.
> The biggest problem I see here is forwarding someone else's unknown and unencrypted content.
Like email.
> Unlike an email client, your relay actually makes that message available to anyone.
On the contrary. Public mailing lists work exactly like this. You send a "subscribe" message (or enter your email address and click on a "subscribe" button, or whatever), and the server starts forwarding all the messages to you.
Those have both been major problems for email. Enough that email has had multiple attempts at becoming encrypted, and mailing lists are very defunct for any sizeable group.
> One presumes that this is because people like email the way it is
And people choose to live in tyranny? No, it's because it's a coordination problem involving literally billions of people, thousands of pieces of software and would break compatibility.
> I still subscribe to at least half a dozen mailing lists
And I still use a radio to hew packets to connect to a BBS.
This article quietly equates "CSAM" with lolicon and shotacon content, terms colloquially used to refer to drawings and other creative expressions, which is very clearly what they're avoiding mentioning. Of course, most people aware of fediverse politics already know about Pawoo and there is no good reason to speak about it in hushed tones, other than cowardice. Also, using the term "CSAM" to describe lolicon and shotacon is just intentional factual inaccuracy: the point of the term CSAM to specifically exclude content that doesn't directly involve the harm of a child; that's what "abuse material" is meant to refer. That does not change the legal reality or moral ramifications of the content, but it's bad to start out with the terminology so wrong because it paints the entire remainder of the discussion. Yes, it's complicated and uncomfortable, but let's not mince words.
When you run a Mastodon instance though, you don't actually need distribute this content at all. In fact, you probably would at least ban proxying media for communities like Pawoo, and honestly, probably, any NSFW-oriented instance if you want to be safe.
I hate to break anyone's innocence, but this stuff is literally everywhere on Twitter, and a lot of the rest of the Internet, too. Is it legal? Depends on your jurisdiction. Is it moral? ¯\_(ツ)_/¯. Only one thing's for sure: it's on your Internet, along with plenty of other things that you can also find on Mastodon somewhere. Such is the reality of federation and scale of the Internet. The stuff that goes through email relays unencrypted is not so different, other than the fact that it doesn't get broadcasted, and that it's probably worse in many cases.
If some instance was broadcasting outright CSAM on Mastodon, it would no doubt become quickly blacklisted by basically everyone and then probably also shut down off the clearnet.
I wouldn't want to run the risk of being the first one it does happen to.
I think something like ipfs offers better resistance to such attacks for node owners. I wonder how the two compare because I don't know either in detail.
But sharing unencrypted content from others could be an issue for many reasons. Copyright too.
Especially because this protocol is aimed at content blocked or censored from other platforms, as others have pointed out.
Sure, you can block others from using your relay but then what's the point? Just host your stuff on your self hosted web blog.
If the problem that Nostr solves is, say, posting NYT headlines, pub crawl reports, or cute cat pictures, it's fine, but most centralized tools are also fine.
If the problem which Nostr is trying to solve is being censorship-resistant and allow for dissemination of information which is actively being suppressed, relay safety considerations become important. Less safety means fewer relays, and a need of a personal connection / trust to be admitted.
> If the problem which Nostr is trying to solve is being censorship-resistant and allow for dissemination of information which is actively being suppressed, relay safety considerations become important. Less safety means fewer relays, and a need of a personal connection / trust to be admitted.
Because almost all of Nostr logic is in the clients, you can always run your own relay or pay someone to run it. There will always be someone shady that will run a relay for you if you pay enough for it. And people that follow you will still be able to see your posts.
I agree that the current state where there are hundreds of open relays and people people posting to 20 of them at a time isn't likely to be what the network looks like in the future. But that's fine - it's good enough for now.
That's actually a great idea: run enough relays yourself, so you can somehow conceal your identity, and somehow protect yourself from things like losing your (DNS) domain.
It's a bit like posting to your blog anonymously, and having a bunch of mirrors.
> If the problem that Nostr solves is, say, posting NYT headlines, pub crawl reports, or cute cat pictures, it's fine, but most centralized tools are also fine.
This sentiment is what's missing in the decentralized space. There are so many centralized spaces that you can use to communicate, and that censorship-resistant is a non-feature.
You are going to post illegal stuff (signed by you) then somehow convince someone to raid my server in the hopes of that illegal thing being on my hard disk. Relays don’t have to store any message on disk, they relay stuff real time over websockets. Even if you store messages you can trivially wipe them every 24h?
Then you are going to convince a judge that the thing on my disk belongs to me, because judges are apparently braindead.
If this is the protocol’s glaring vulnerability then every server in the world has this vulnerability.
But your server was distributing the illegal thing. It doesn’t matter, that it might not be there anymore, here in Germany there is a decent chance of getting a police visit and possibly getting your hardware impounded.
This is also the case for tor exit nodes, which is why those here are all hosted by organizations with lawyers.
As you distribute the content here, unlike with tor, you would essentially act as a user generated content provider and would have to take steps to prevent the abuse from occurring again… probably after an involved court case.
This is not like "every server" because not every server distributes what anyone publishes to it.
Though a lot of that might not be an issue in jurisdictions with saner laws, I don’t know specifics.
Signed by a private key which has no connection to my legal identity, and which can be generated in a split second. Signatures give strong pseudonymity.
> Relays don’t have to store any message on disk
This is a good idea, as long as messages are relatively few, which may be hundreds of thousands if they are short. There's no promise of availability, so an infrequent reboot is free to erase them.
> Then you are going to convince a judge that the thing on my disk belongs to me
I'm afraid it can be the other way around, if the material is sensitive enough. You'd have to explain to the judge how it ended up on your computer.
> every server in the world has this vulnerability
No, only a server that allows users to upload UGC without requiring enough background information to let the law enforcement find out their real identities if need be. Should be an adequate explanation to the judge in a civilized country where governmental censorship is not a thing.
> No, only a server that allows users to upload UGC without requiring enough background information to let the law enforcement find out their real identities if need be. Should be an adequate explanation to the judge in a civilized country where governmental censorship is not a thing.
So just to be super clear, you don’t upload images on a relay, nostr messages are just signed json blobs i.e text. If you want to post an image you just post a link to it and the image is hosted elsewhere.
If there is such a thing as an illegal text string that is illegal to have on your hard drive then I can do the same attack on any webserver by having the illegal string in my user agent and it’s going to be saved to the hard disk in the logfile.
Then according to your plan I can raid the server with the illegal string and put the server owner to jail. Does that make sense to you?
This all depends who colonizes the space first. I have a rule, don't hang out in bad neighborhoods, this extends to social media, decentralized or not.
For example; certain nodes on Secure Scuttlebutt have been known to push porn, and this gets replicated onto your store. That node was traced, and blocked by many on the sphere.
The majority on ssb were against that.
Now, a social network populated with crypto bros? Nah... pass.
I'm working on software (member.cash) that bridges multiple decentralized social networks together and recently added support for Nostr.
Compared to the others, Nostr is optimized for innovation - it is easy to build new features on top and we'll see a lot of growth and evolution because of that. I really like that about it.
The problems I see with it right now are
1. Timestamps are easily forgeable
2. Difficult to control spam
3. Little incentive to run relays
4. Difficult to search the whole network
There are ideas on how to solve all of the problems, like POW on messages, like super relays(basically a mempool), there's a NIP for timestamps.
My guess is that it will evolve towards something that looks a lot like a blockchain. Decentralized Social is one of the few places where a blockchain actually makes sense. This will be interesting because the founding group is ideologically opposed to using a blockchain for anything but the holy BTC.
That’s probably related to the client you used, it’s not necessary for you to have a wallet. That being said, it’s useful to have a lightning address because you can link that to your pubkey and people can send you sats if they like what you have to say
Somethings a blockchain gives you - timestamp + cost per transaction + completeness. Not required, but Nostr has to find an alternative solution to all these issues.
Completeness in the sense that you know if you are missing any messages that have already been sent. If all messages are logged on the blockchain, then you can see which ones you never received.
Verifying completeness requires a blockchain of one type or another, where new transactions/messages reference a hash of past transactions/messages in some way.
>Everybody runs a client. It can be a native client, a web client, etc. To publish something, you write a post, sign it with your key and send it to multiple relays (servers hosted by someone else, or yourself). To get updates from other people, you ask multiple relays if they know anything about these other people. Anyone can run a relay. A relay is very simple and dumb. It does nothing besides accepting posts from some people and forwarding to others. Relays don't have to be trusted. Signatures are verified on the client side.
The FAQ on the same page also answers questions about why Nostr instead of other options like Mastodon, Secure Scuttlebutt, etc.
There's also a recently launched podcast that talks to some developers building on the protocol:
In NIP-04 I noticed that DMs can be encrypted using AES-CBC. IIUC, this is not a very robust mode for using AES. Seems surprising for a greenfield project.
What's wrong with CBC? I think the bigger problem is the symmetric keys are not using a key derivation function and are therefore not uniformly random: https://github.com/nostr-protocol/nips/issues/72
Discussion was about cipher block modes in the context of Nostr and NIP-04. You might notice all 3 levels above your comment reference either the Nostr protocol in general, or NIP-04 messages.
> And GCM does not ‘add’ a signature per se.
Your own comment to which I replied said "It’s not tamper proof, ie signed, unlike GCM". Wouldn't most people consider something "signed" as having a signature?
Is there a threat model? This does not seem to provide any metadata anonymity: if you ask a relay for someone's pubs, they know you're the person asking for it. Perhaps this could be layered with onion routing through relays to sole that though. At which point this feels like cryptographically-addressed NNTP, which is neato!
I'm seeing a lot of people not quite understanding what nostr is. I know it can be hard considering this is a crowd focused on products and frameworks and paradigms and what not.
It's not a "twitter alternative", it's not "federated like mastodon", it's not even social networking. It's just a spec for a signed message format and a relay server, that's it. It's very, very simple, you generate a key, sign a message, send it to whichever relays you want, it serves them to requestors or not, depending on what it wants to do. That is literally all it is.
After reading the page for a bit I don't really understand the fundamental difference to other decentralized systems except for the global public key based identity.
Nostr's relays are simply servers that push and receive structured data. So it's a sort of an email or http like protocol that's by default cryptographically signed? I don't really see the magic that makes it censorship resistant or particularly decentralized. The same networking and economic laws that consolidate internet traffic or mastodon servers are at work here too. Relays get popular, produce a lot of traffic, this spawns "nostr as a service" for economic reasons, and that's about it.
If people want to ban you they'll just blacklist your public key across popular instances just like someone on the fediverse does, companies won't host your stuff, and so on. If anything tying everything to a single global identity makes it more trivial to blacklist anyone.
Right but if I'm hosting my own mode that only I post to, in conjunction with other nodes, my followers get my posts from my node of im Black listed.
I think when you sub to someone you're also sent a list of nodes that a person uses. So when I'm banned you already have my node in your list, so you won't even notice.
Moderation is an essential part of community management, even in darknets. Trust in what is said and what is promised as part of a transaction is what attracts and retains members of the community. Just because you can create a censorship resistant network doesn't mean you should.
Nostr is a protocol. Are there moderation functionalities in RSS, SMTP or HTTP? Do matrix and XMPP protocols have some central authority overseeing what server a talks to server b?
It’s up to the relays implement their own moderation features and clients filter what they don’t want to see.
I don't think these protocols are quite comparable to a Twitter-like "town square" model, so they don't have the same problems. But where they overlap, they do some "censorship": SMTP will delete spam, XMPP servers will kick out spammers and harassers.
The problem with Twitter is that unlike RSS, it shows content from people you did not subscribe to (e.g. you get replies, you see strangers' replies to your friend's posts). The content is public, so unlike e-mail, receiving abuse is not just your private problem, but a problem for the network's image and reputation.
But in either case, when normal users (not righteous keyboard warriors) find some content to be horrible, they don't want to see it. If they keep being bombarded with unwanted content, they leave. For Mastodon/Twitter/Gab that may be "political" content, but the problem in general is similar to spam.
Can you point to the part on the SMTP RFC that specifies the spam deletion behaviour?
> XMPP servers will kick out spammers and harassers
Nothing prevents nostr servers from kicking out based on account or IP address or message content
> The problem with Twitter is that unlike RSS, it shows content from people you did not subscribe to.
This is not Twitter, any client can decide which content to show. And there are clients that do not show any content from people you don't explicitly follow.
Yeah, people should really go to the GitHub repo and actually read it. It doesn't even need to be a Twitter like. It could be a WordPress like, or a Discord like, it's already running chess, it's already blog comments.
It could be a community run closed system where only citizens are given access to the system.
It doesn't (and I think shouldn't) have any crypto features built in. That's up to the client builders to handle.
Does somebody know whether the same or something similar could be achieved by using the "Network News Transfer Protocol" (nntp), without designing a whole new protocol?
> NNTP is an application protocol used for transporting Usenet news articles (netnews) between news servers, and for reading/posting articles by the end user client applications.
nostr relays are not supposed to connect with other relays (I think to avoid the inevitable concentration of centralized hubs), which is a small but very significant difference
Perhaps you could avoid some pitfalls, which only become obvious when the practical application of the protocol is scaled. I have not dived deep into either nntp or nostr, but existing standards might offer useful considerations that could be reused. For example, it seems like nntp exchanges first a list of articles and clients only download the ones they don't have already. Does nostr do something similar? Like being able to get a list of event ids with minimal metadata and clients can selectively request the whole event data afterwards. As events might contain bigger text blobs, that could be important for performance or for adding placeholders to the UI. In general, it seems to me that nostr and nostr clients might need to come up with good strategies for caching and bandwith optimizations, considering the decentralized design. But please correct me if I am wrong.
I am thoroughly addicted to nostr. I've been building a browser extension for Safari for it, and I feel like I'm part of something amazing being built.
I saw Snowden tweeted about this. Anyone have a TLDR on what Nostr is exactly? And how it ties into Bitcoin (if at all)?
Update: It seems to be partly a twitter alternative perhaps using lightning network in some way. I set up an account on astral.ninja, created keys, username, saw that there were relays that were defined already.
I couldn't see any posts in my feed, and when I tried to make a post it just hung and never posted anything. Suffice to say my initial experience started off okay, then dissapointment.
It does not tie into Bitcoin. It's just a very very simple protocol of clients sending and subscribing to pieces of data, and relays that dumbly (i.e. with little processing) send data across connected and subscribed clients.
It's like a very minimal version of ActivityPub. It takes an hour to go through the whole spec and addenda.
Then Jack Dorsey got interested, gave the project a big grant (in BTC), and a lot of crypto hype flew into it. But while it is a convenient excuse to say "crypto, therefore bad", the protocol is itself completely unrelated and IMO quite neat. There is a lot of potential for systems that anyone can comprehend in their totality in an afternoon.
The relationship to bitcoin besides being created by bitcoiners is that it uses Schnorr Signatures for the secp256k1 curve - the same curve as bitcoin.
A Nostr account is identified by a public key, you follow accounts by following public keys and the ability to post as an account is controlled by the corresponding private key.
This tool lets you broadcast your pub key on twitter using a specified format, and the app will add you to the directory, and you can use it to find others that have also done that.
Also, if you go to https://snort.social/new, you can enter your twitter handle, and it will find everyone from you're twitter follows that you're not already following and let you sign up to follow them all.
It’s not tied to bitcoin other than it was created by decentralization loving bitcoiners. It doesn’t use blockchain or token bullshit as those people don’t believe blockchain is a silver bullet for any problem. You might see lightning invoices posted by users but that’s more of a client rendering the encoded data.
Fiatjaf who often posts here also stated that he would like to nostr to be used by non bitcoiners and even people who are antagonistic to bitcoin.
Damus is great and my client of choice. However, the TestFlight beta might still be filled up. If it is, I would recommend pairing a web client with an extension like nos2x/alby (chrome/firefox) or nostore (Safari).
It seems to work a little differently to other clients by aggregating all the content on one relay first before sending it to the client, but I prefer this as it is faster and uses less bandwidth.
I don't understand Nostr's comments on trying to be deplatform-proof. On Mastodon, for example, if you get kicked off a node just spin up your own node. If nobody wants to hear you spewing your stuff then you'll soon be screaming into the void but what you post will still be viewable on the web and to those that subscribe to you. So I don't get what Nostr is trying to do.
If you get kicked off a mastodon server, you lose your followers and posts unless you're able to move your account before you're kicked off - which requires the cooperation of the server that wants to kick you off.
> If nobody wants to hear you spewing your stuff then you'll soon be screaming into the void but what you post will still be viewable on the web and to those that subscribe to you.
People who are de-platformed are almost always people who others WANT to hear. Think of all the famous people deplatformed from big tech social media...10s of millions of followers each. It wasn't that "no one" wanted to hear them, but that the people that controlled the platform didn't want others to be able to hear them.
> So I don't get what Nostr is trying to do.
It took me a while to get my head around it as well. The intro and faq on the github repo really helped me.
> People who are de-platformed are almost always people who others WANT to hear. Think of all the famous people deplatformed from big tech social media...10s of millions of followers each. It wasn't that "no one" wanted to hear them, but that the people that controlled the platform didn't want others to be able to hear them.
They have platforms they could go to. Parler, Rumble, Truth Social, their own blogs/websites, running a Polermo or Mastodon instance.
Twitter was a giant public pool. For the most part everyone was chill. And then the trolls arrived and started shitting and peeing in the pool. Swimming in that pool (the algorithmic timeline and such) became horrible.
My idea that it was less about the "powers that be" deplatforming people and more not owning the platform you post on. I love the federated social movement and the push for people whom I agree with and disagree with to own their platforms I am just saying that the "wo is me, my megaphone was taken away from me and now I have no way to access the hordes of other trolls that think and spew the hate that I do" is a false narrative because nothing was stopping them from creating their own platforms with off-the-shelf tools or spinning up websites like the Drudge Report or blogs or going to the other places where they like the alt-right or other fringe folks.
Centralized social media has inspired and organized countless violent acts. Malaysia and India with Whatsapp is probably the most shocking. I don't see the connection between Federation/Centralization/etc. and violence. Can you explain your reasoning?
Monopolies in media make government censorship easier. They also make intentional government incitement to nationalist violence easier, but that's not the violence that people who think they're well-represented by the government worry about.
Centralized can be removed so that violent people can’t organize. It’s impossible to do that when those individuals own the servers or have a decentralized network.
> Twitter was a giant public pool. For the most part everyone was chill. And then the trolls arrived and started shitting and peeing in the pool.
Have you ever looked at the replies to a Trump tweet, an Ilhan Omar tweet, a J.K. Rowling tweet, or a Briahna Joy Gray tweet? The degree of bullying, invective, and threats coming from people who support deplatforming is intense.
Anti-Trump responses make sense. He's the most polarizing US President in recent history and almost everything he's done has been bad for the US (ok of course this is arguable but hold on while I make my point). Him leaving the platform was good for Twitter and for democracy. If he comes back as a candidate then he'll likely come back to Twitter, his account has already been reinstated.
Omar, if she breaks Twitter rules, can, and should, have her personal account suspended. As a sitting congresswoman she is entitled to her official handle. Unlikely to get deplatformed, so not an issue.
J.K. Rowling's takes on the transgender community is not even something I want to touch. It's too toxic and complicated to do so. That being said if -- see a pattern here? -- she runs afoul of the Twitter rules (whatever they may be) her personal account can be suspended or banned.
Briahna Joy Gray -- of course there are extremists on the left -- but if they don't oh I dunno -- incite a violent riot to overturn an election -- then I doubt she'll be deplatformed, though if she calls for violence or ... which would run afoul of rules ... see I am starting to see how the pool analogy really does work.
I know my stance on censorship is not a popular one. I have struggled with it myself. But I think it is self-consistent and I stand by it: let the wierdos, racists, nazis, hate filled folks scream into the void of their own making on servers they own to others that subscribe to their bullshit. As for me and the rest of the civilized world we'll continue to swim in clear, shit and pee-free water. ;-)
> It wasn't that "no one" wanted to hear them, but that the people that controlled the platform didn't want others to be able to hear them.
This is an important point. Free speech is really as much about the rights of the listener as the rights of the speaker, if not more so.
I think this is a good way of framing the censorship debate, because while it may be easy for some to dismiss the rights of a few dozen famous people that they hate, it's way harder to argue that the millions of people who follow those celebrities shouldn't be allowed to hear what they have to say, even if they want to.
(To be clear, I'm making a generalized moral argument here, not a legal one, so let's skip the whole "but it's a private platform" debate this time.)
> it's way harder to argue that the millions of people who follow those celebrities shouldn't be allowed to hear what they have to say, even if they want to.
Nobody is making that argument. The actual argument is that a private company should not be compelled to provide free hosting for them. They can and have used other hosting services but many of their followers apparently prefer not to use those alternatives.
Not only are people making that argument explicitly, but there have been any number of orchestrated attacks on private companies in order to force them to remove content. And if they refuse, attacks on their vendors and distributors (such as app stores), including by the federal government and congresspeople openly demanding that they be banned, surrounded with completely unveiled threats of investigation and new legislation.
> They can and have used other hosting services but many of their followers apparently prefer not to use those alternatives.
Those alternatives are under constant attack by people making that argument that "nobody is making." The ones that have secured revenue or financing that is difficult to attack (i.e. Substack, Rumble) are thriving.
If you read more carefully, consider the distinction between a mainstream platform being asked to remove people who violated their terms of service and saying that those people should not be allowed to use platforms which cater to extremists. The former is what actually happens for otherwise legal content — and the reason is obvious once you think about it: private companies can’t be forced to provide services for anything other than legally protected categories, but they are sensitive to what advertisers want and what will attract the type of users they’re looking for. Twitter was previously trying to be more mainstream, which is why extremists trying to recruit wanted to be there instead of alternatives like Parler or Truth Social which only had people who were already converted.
If the rights of the listener have been infringed, why wouldn't the listener simply go to where they can continue listening? Nobody's holding a gun to their head.
> People who are de-platformed are almost always people who others WANT to hear.
A tiny minority. The majority listens to public health (in the case of Covid) and doesn’t want to read conspiracy theories or research analysis by someone unqualified.
They opposed it because they said there wasn’t enough information. That is the excuse for doing nothing — an argument repeated ad nauseam during the pandemic.
Certainly there is an argument that children will be harmed if we do nothing. It’s a difficult decision because children a small number if children die from Covid, but it’s still not zero. The best way forward is to proceed with caution.
They clearly stated their opposition to injecting an experimental substance on children.
After two years before the injections existed exactly 3 cases of COVID-diagnosed deaths across a population of +700 thousand children in Portugal. Now the number of children with heart problems related to the injections is visible on news at plain sight.
The experts were ignored. Those supporting the experts on social media got banned or shadowbanned. This is not science, unless you consider medieval practices to be science.
This is obviously false. Some people will eventually have to learn to cope with the fact that Trump won an election, which means that their received wisdom is not a consensual truth.
edit: Additionally, the reasoning is fallacious - all people are minorities in many ways, so a few dozen tiny minorities can add up to an entire population. You may not disagree with the government about covid (although the government has disagreed with itself about covid), but you might disagree with the government about something else.
You're making the case that all social media should simply agree with the government line (because the people who disagree are minorities.) That's a dangerous case to make if you ever want to replace a government democratically.
Scientists work for the government. If something is wrong we should fight to fix it. But almost all of the scientists outside of government agree with the scientists that work for the government.
> It wasn't that "no one" wanted to hear them, but that the people that controlled the platform didn't want others to be able to hear them.
More accurately, it was because they repeatedly broke the terms of service and the companies were no longer willing to use their resources to provide free amplification for them. They had legal agreements with the platform and despite many warnings and leeway which isn’t extended to most people, chose to break the contracts.
It is, though, because if you don’t understand or are unwilling to honestly describe what really happened you won’t be able to come up with a viable response.
The issue with Mastodon is that your network ID is tied to the domain of the server you are connecting to. If you get kicked off of that server you can move to another one, but you effectively have to create a new account. You loose all your followers, etc.
Nostr fixes those problems. You can never lose your ID because it’s derived from your public key. You can be blocked from a relay, but it doesn’t matter because you can just switch to another one, and you are always connecting to multiple at the same time anyway. Following is managed on the client side, so it cannot be manipulated or disrupted.
Edit: Then this Nostr will gain the same rep as Polerma as a haven for right wing wierdos for better or worse. Or maybe it will take off and who knows.
People don’t like running their own server. In public key infra like nostr and farcaster, you get the non-custodial ownership of your account without the technical and cost barriers involved in running a server.
> If you get kicked off of that server you can move to another one, but you effectively have to create a new account. You loose all your followers, etc
The Alex Jones’s and Trumps and Fuentes’s and Kayne’s spewing their bile into a vacuum or even an isolated room into themselves (much like what Truth Social or Parler is) is a feature. They get to spew hate and dumb ideas and the rest of the civilized world need not hear or read it. Best of both worlds.
Have you ever considered deplatforming the average user drives them deeper down the right-wing hole? Trump and Fuentes are not in a vacuum talking to no one. They're talking to all the normans that were also deplatformed with them. Isolation breeds extremists. The only thing I agree with musk on is that limiting reach is better than deplatforming. Not for the reasons he thinks. People need to be able to dog pile and bully these idiots, and only weirdos are going to sign up on Truth Social just to do that.
You have one Mastodon server you can post to (for that account).
You can post on as many NOSTR relays as you want. Get banned on one, you are still publishing on the others.
You can also, along with your messages, suggest to "subscribers" your preferred relays, so people that really want to follow you as you get banned all over the net always know the best place to reach you. This process of course would be automated by the clients.
Mastodon does not solve the problem stated above. In Nostr you don't have to be jumping from instance to instance and losing all your stuff every time in the process.
Mastodon is clearly inferior to Nostr when it comes to having a decentralized identity.
You have proof of continued identity with nostr thanks to the keys but you still have the challenges around linking keys to people which were a major struggle for GPG. The solutions for that tend to involve social media or DNS (checking a personal domain).
This seems like a good area to improve since things like code signing could also benefit. One of the big problems I see is bootstrapping your network initially and also solving the lost phone problem without setting up a system which phishers and spammers would have a field day with.
Imagine you're running a relay on your machine, and somebody posts some CSAM, or stolen CC data, or hate speech, etc through your relay.
Unlike an email client, your relay actually makes that message available to anyone.
Unlike an email relay, you are not forwarding the message to someone else like a dumb pipe; there's no final destination.
Unlike a torrent / DHT node, you do not know beforehand what you are going to make available.
Unlike a Tor exit node, you do not deal in encrypted fragments which you don't store locally.
Unlike an IPFS node, you do not store fragments of files while not even having a full set of such fragments for a given file.
Even though the message is signed, you can't reasonably prove that you do not possess the private key used to sign it, or have not possessed.
So, if you are an anti-censorship activist, and your machine gets searched (which may be even easier to do in the case of a VPS), you, the runner of the relay, may have some pretty unpleasant time. Even if you manage to convince everyone that you only forward these messages and do not inspect or endorse them, and the authorities will not even fine you, it will cost you time and trouble.
Worse, it becomes easy to send something incriminating from a throwaway or stolen client through your relay, and report you to the police. This can of course be done with email or any IM, but these will immediately show you what you've got, so you can e.g. immediately delete it. They do not allow perfect strangers quietly put random stuff onto your disk.
Of course the point of the protocol is to resist censorship, so any content deemed criminal by someone cannot be entirely blocked. But the publishers and the receivers of such content make their choice, while those running a relay seem to remain unprotected from from consequences of that choice which they did not make.