Why Nostr? What is Njump?
2024-08-30 16:47:37
in reply to

Aspie96 on Nostr: Indeed, NIP-05 isn't meant at all as a verification system. ...

Indeed, NIP-05 isn't meant at all as a verification system.

What is NIP-05 really?

If you look at the spec, it’s a way to map Nostr public keys to DNS-based internet identifiers, such as name@example.com.

If you look at Nostr Plebs:

It’s a human readable identifier for your public key. It makes finding your profile on Nostr easier. It makes identifying your account easier.

If you look at basically any client, you see a checkmark, which you assume means verification.

If you ask someone, they probably will call it verification.

How did we get here?

Initially, there was only one client, which was (kind of) the reference implementation: Branle.

When it added support for NIP-05 identifiers, it used to replace the display name with the NIP-05 identifier, and it had to distinguish a NIP-05 from someone setting their display name to a NIP-05. So they added a checkmark…

Then there was astral.ninja and Damus: The former was a fork of Branle, and therefore inherited the checkmark. Damus didn’t implement NIP-05 until a while later, and they added a checkmark because Astral and other clients were doing it.

And then came new clients, all copying what the previous ones did… (Snort originally did not have a checkmark, but that changed later.)

The first NIP-05 provider

Long story short, people were wondering what NIP-05 is and wanted it, and that’s how Nostr Plebs came to be.

They initially called their service verification. Somewhere between January and February, they removed all mentions to verification except one (because people were searching for it), and publicly said that NIP-05 is not verification. But that didn’t work.

Then, there were the new NIP-05 providers, some understood perfectly what a NIP-05 identifier is and applied the correct nomenclature. Others misnamed it as verification, adding confusion to users. This made the problem worse on top of the popular clients showing checkmarks.

(from this point in the article we’ll refer to it as a Nostr address)

And so, the scams begin

Spammers and scammers started to abuse Nostr addresses to scam people:

  • Some providers has been used by fake crypto airdrop bots.
  • A few Nostr address providers have terminated multitude of impersonating and scam identifiers over the past weeks.

This goes to show that Nostr addresses don’t verify anything, they are just providers of human readable handles.

Nostr addresses can be proof of association

Nostr addresses can be a proof of association. The easiest analogy to understand is email:

jack@cash.app -> You could assume this is the Jack that works at Cash App.

jack@nostr-address-provider.example.com -> This could be any Jack.

What now?

We urge that clients stop showing a checkmark for all Nostr addresses, as they are not useful for verification.

We also urge that clients hide checkmarks for all domain names, without exception in the same way we do not show checkmarks for emails.

Lastly, NIP-05 is a nostr address and that is why we urge all clients to use the proper nomenclature.

Signed:

Author Public Key
npub13mjzjryckg9jnxgn3vez73nw5gx82cy0269t2083zjftlxewsjwqny8hs2