Sounds fine. Thankfully we don’t need Nostr to be trustful.
I don’t trust relays. The beauty is they are actually in competition. If they don’t let you easily lookup profiles, replies and threads, it feels like they aren’t working at the user UX level.
My main concern was instead the expectation that we should trust decentralised reports and/or moderation events - which is different.
As a decentralised network, Nostr has censorship resistance properties - however it has a single major fault. Due to all content being hash addressable (an event id or pubkey), it now means to moderate the exact same content or identity, you target this single hash and broadcast bogus reports to all relays.
In effect it’s cheaper moderation than today, where the same content is not linked across platforms with hard references. And we already know US officials email Twitter to suppress tweets with hesitation - it’s not just theoretical.
Market incentives exist to build both general and targeted bot identity farms, to slowly get followed by interacting with you, and posting targeted content to your Nth degree network too. At some point your immediate network becomes 5-15% bots. Your 2nd degree network becomes not 5-10 people, but 50-100+ imposter bots. They now can control what you see using trust thresholds - and it’s hard to detect or notice it’s even happening to begin with.
Now, let’s say I run a Nostr Web Store selling digital goods. Imagine if my shop competitors can now buy or lease an bot identity farm, targeting my current or future customers. They could abuse reports, create fake product reviews, and so forth.. my competition now steals my business away. It could be really subtle too.. barely noticeable at first.
The state has unlimited money. I can already generate 22,000 identities and events/second on my laptop. Twitter, Facebook, LinkedIn use KYC and still has a major bot problem - ironically KYC acted like poor man's CAPTCHA, and kept virtual identities from exploding. That still doesn't work however, as if you go to India or a country with 1B+ population, and just piggy back off their SIM card 'mobile number as KYC' - you can still create mass virtual identities. Being an Indian SIM doesn't mean your profile has to be Indian, or for anyone to else to even know... It's a failure of mobile KYC as proof of identity - but also shows how trusting even centralised identity’s is a extremely problematic.
You also can't ban VPNs from publishing events, as people need them for protection. That means you can't rate-limit IP addresses. How do you propose, at this scale and volume, you can make any decisions from the data - when it can all be spoofed, targeted censorship, and so forth.
wakoinc / Blake
npub1kt…rmrvj
2023-05-03 15:54:00
in reply to nevent1q…fpt8
Author Public Key
npub1ktw5qzt7f5ztrft0kwm9lsw34tef9xknplvy936ddzuepp6yf9dsjrmrvjPublished at
2023-05-03 15:54:00Event JSON
{
"id": "d33bf3dc8c7dbc93f9ddb98cfdad2f9c37cdb0b2a5d1d6a920a807fd95556d38",
"pubkey": "b2dd40097e4d04b1a56fb3b65fc1d1aaf2929ad30fd842c74d68b9908744495b",
"created_at": 1683129240,
"kind": 1,
"tags": [
[
"e",
"5fe5eb146cd32bf481428cfc669bed57804f8e5c29a375f4bb43399c863ac781",
"wss://e.nos.lol/"
],
[
"e",
"05d1211ed86ab183ca4f4dda3f02140a5a8dab3e1ac61aee92f4ebf2d3113b98"
],
[
"p",
"3356de61b39647931ce8b2140b2bab837e0810c0ef515bbe92de0248040b8bdd"
],
[
"p",
"bf943b7165fca616a483c6dc701646a29689ab671110fcddba12a3a5894cda15"
],
[
"p",
"667205eb525aa4a794859b2bd2bdd16e64ff57fd600880500fc53cdbf476439e"
],
[
"p",
"76c71aae3a491f1d9eec47cba17e229cda4113a0bbb6e6ae1776d7643e29cafa"
],
[
"p",
"460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c"
],
[
"p",
"d0a1ffb8761b974cec4a3be8cbcb2e96a7090dcf465ffeac839aa4ca20c9a59e"
]
],
"content": "Sounds fine. Thankfully we don’t need Nostr to be trustful. \n\nI don’t trust relays. The beauty is they are actually in competition. If they don’t let you easily lookup profiles, replies and threads, it feels like they aren’t working at the user UX level. \n\nMy main concern was instead the expectation that we should trust decentralised reports and/or moderation events - which is different. \n\nAs a decentralised network, Nostr has censorship resistance properties - however it has a single major fault. Due to all content being hash addressable (an event id or pubkey), it now means to moderate the exact same content or identity, you target this single hash and broadcast bogus reports to all relays. \n\nIn effect it’s cheaper moderation than today, where the same content is not linked across platforms with hard references. And we already know US officials email Twitter to suppress tweets with hesitation - it’s not just theoretical. \n\nMarket incentives exist to build both general and targeted bot identity farms, to slowly get followed by interacting with you, and posting targeted content to your Nth degree network too. At some point your immediate network becomes 5-15% bots. Your 2nd degree network becomes not 5-10 people, but 50-100+ imposter bots. They now can control what you see using trust thresholds - and it’s hard to detect or notice it’s even happening to begin with.\n\nNow, let’s say I run a Nostr Web Store selling digital goods. Imagine if my shop competitors can now buy or lease an bot identity farm, targeting my current or future customers. They could abuse reports, create fake product reviews, and so forth.. my competition now steals my business away. It could be really subtle too.. barely noticeable at first. \n\nThe state has unlimited money. I can already generate 22,000 identities and events/second on my laptop. Twitter, Facebook, LinkedIn use KYC and still has a major bot problem - ironically KYC acted like poor man's CAPTCHA, and kept virtual identities from exploding. That still doesn't work however, as if you go to India or a country with 1B+ population, and just piggy back off their SIM card 'mobile number as KYC' - you can still create mass virtual identities. Being an Indian SIM doesn't mean your profile has to be Indian, or for anyone to else to even know... It's a failure of mobile KYC as proof of identity - but also shows how trusting even centralised identity’s is a extremely problematic. \n\nYou also can't ban VPNs from publishing events, as people need them for protection. That means you can't rate-limit IP addresses. How do you propose, at this scale and volume, you can make any decisions from the data - when it can all be spoofed, targeted censorship, and so forth. ",
"sig": "818882c06367594191ab953c3c1845c1068d73c14d3aebecb5f8119a7ab529a0aef2f5dbae17dd16bd8a985370b0b757b0fb11812db549813d70efe569cbefbf"
}