Skip to content

My Love Hate Relationship With Nostr

So Nostr, all my friends know I like talking about it, but they don't know why so let's make that clear

For those that don't know Nostr stands for "Notes and Other Stuff Transmitted through Relays", Nostr is a social media protocol that can is moldable into any social media experience. Any type of social media app you can imagine from real time text chat, forums, media feeds like Instagram, gated communities like Discord etc. etc. it can can be built using Nostr as a base.

Here are the things I like about Nostr:

  • Digital Sovereignty
  • Separation of Identity and Medium
    • Same digital identity across many apps
    • Is infinitely extensible via new "event kinds" and the tagging system
  • Federation
  • RBAC(Rule Based Access Control)
  • Potential for Crypto Currency Integration

Digital Sovereignty

To put things simply, the internet is just someone eases computer and that other person can technically do whatever they want with it. All data you put out there on the internet from your browsing history, likes, posts, photos etc. etc. are just sitting on someone else's computer.

There's nothing stopping the person who stores your data from changing it. They own your account and your data and therefore have no problem impersonating you and rewiring the the data on your account, data integrity. This means the people who store your data can change it, rewriting the history of group chats, make it look like your account was used to do illegal things, make backdated posts to ruin your character etc. etc. In fact this is the core of what the 1995 movie Hackers was about.

Since your data is stored on someone else's computer there is no privacy, whomever owns that computer can read your messages.

The use of Encryption, specifically Cryptography, and Digital Signatures help solve the problems of data integrity, impersonation, and privacy.

Digital Signatures accomplish the same thing written signatures do, except using magic math. Written signatures, when you sign your name on a document or cheque, are used to assert facts and validate agreements using the pattern of how one writes their name. Our brains are not calculators so we can't produce complex mathematical proofs therefore we need to use something more akin to a Wax Seal which were used the same way written signatures were back in the middle ages, Victorian era.

Instead of using a written signature people used to validate provenance of Identity via Wax Seal's, Digital Signature's work in a very similar fashion. Back in the days before electricity people sent letters that were sealed with Wax to make sure nobody else opened the letter while it was getting delivered. If you wanted to communicate with people securely you would seal an envelope with the written letter using wax and then make an impression in the way using a wax seal. It was extremely difficult to replicate the impression, pretty symbol, of someone else's wax seal therefore if the wax seal matched who was sending the letter the message could be trusted.

Pasted image 20260408172747.png

The Digital Signature, think digital Wax Seal, comes in the shape of a magic number known as a Private Key which can be backed up using 12 random words known as a mnemonic. The Private Key works just like the Wax Seal in the image above, if someone steals it they can impersonate you. Nobody is impersonating that Digital Wax Seal unless they steal it therefore if you use it every time you interact online nobody can pretend to be you. It can make social media like Nostr a bit slower but it's worth it.

A Wax Seal produces a pretty symbol made of wax, A Digital Signature produces a a big random number known as a Public Key that people use to verify your identity. Data such as name and description can be easily added to a Public Key so people can find you on the internet.

There is also the Web of Trust which can be used to verify people. Seeing who follows, interacts, and messages who can be used to help validate if someone is trustworthy or an impersonator.

For privacy there is this magic thing called Asymmetric Encryption it also works using a Public Key and Private Key pair. Asymmetric Encryption works like a special magic box that people can place messages in that nobody else besides you, the owner of the Private Key can open.

Nostr supports both Digital Signatures to stop impersonation and Asymmetric Encryption to help with privacy.

There is a problem with Nostr's Privacy. The message content itself is secure and nobody can read it. But people can see the size, length, of a message, and who the the message is being sent to someone and when. This is known as Metadata and Edward Snowden says this data is more important than the content of the message itself. Therefore Nostr is not actually a secure medium to communicate anonymously without people listening to you.

Separation of Identity and Medium

The internet is made of up many different experiences. There's

The data in each of these Platforms is siloed.

Even though you may login to each of these platforms with the same Email address, they each provide you a unique "Identity". Even though I created a Reddit and Pinterest account with paul@mememaps.net I need to follow my friends on each "Platform" separately. If I have a banger post on Reddit, I need to repost it using something like a screenshot, on Pinterest. Like WTF

The Nostr Angle

Via Nostr you may use the same account across many different apps (Mediums). Each medium such as content curation, image collecting, live action etc. etc. manage data very differently. That's why each of those "Platforms" have a different website, app, and culture.

Nostr uses these things called "events", think of them as any social media interaction from like to post. These events have content, a kind which is a number, and tags. Each "medium" has a different event kind and instructions on how to use tags. For example if there is a image in a post one uses the "image" tag. If there is a custom emoji in a event one uses the "emoji" tag, if someone is responding to an event they use the "e" tag.

Via Nostr you can get the same variety of mediums but you can use the same identity across all of them and interoperate the data amounts mediums to create new mediums.

Federation

When it comes to Platforms you either follow they rules or they ban you. The people who run Platform's are functionally little despots. These little despots also add and remove features changing the nature of the "medium" which really pisses me off.

Email, and Nostr, allow anyone to be their own little despot if they so choose. This helps with the data sovereignty issues we talked about earlier such as data integrity and privacy.

The Nostr Angle

Federation via Nostr leads to many different communities showing with their own sets of rules. For example some Nostr community's may now allow images to be attached to event posts while other Nostr communities will can anyone who uses a swear word or talks about politics. With Federation the world is your oyster.

One epic feature of Nostr that does not come with email is multi relay, think server, backup. Your email is only stored and accessed via a single email server. Via Nostr you can send your events, think posts, to all sorts of different Nostr Relays, and different relays can have different events.

This different Nostr relays storing different events is a feature and a curse. It leads to data fragmentation and makes it difficult for people to discover posts made by others. Most Nostr clients don't implement sharing Nostr events across many relays properly.

RBAC(Rule Based Access Control)

RBAC, Rule Based Access Control, is at the core of social media. If all your friends and family could real ALL your messages you would not be a happy camper. The vibe of being an anon shitposter, digitally and via pen names, has deeply shaped the world we live in. People should be able to like, dislike, and discuss things without their employer looking over their shoulder. So yea, RBAC, that stuff is important.

The Nostr Angle

On Nostr everything is public. There aren't any "Private Accounts" like you would find on Facebook and Instagram. The capacity to approve who is allowed to follow and interact with your posts is VERY IMPORTANT.

Nostr does have feature sets such as NIP-42 Authentication and NIP-29 Groups which can be used to create the White List, approve your followers, and provide other RBAC functionality that Platforms provide. The problem with these NIPs is that very few Nostr Apps support them, therefore you are trading usability for privacy.

Why I don't Like Nostr