Nostr: open protocol for a truly censorship-resistant and global social network

Clayton · Post by **Clayton** » Sat Oct 21, 2023 7:41 pm

@Atruepatriot -- This one will interest you. I just heard about this from Snowden so I haven't dug into the details but I'm sure it's solid if he's name-dropping it. Looks legit...

Atruepatriot · Post by **Atruepatriot** » Sun Oct 22, 2023 6:13 am

Thank you Clayton! Yes I have been also looking into Nostr! I found out about it while reading around in Geminispace. It is basically the same as ZeroNet and uses peer relay nodes to create the network.

They say it is secure because like ZeroNet it is secure because it uses encrypted and signed packets. And I do think they are pretty secure because it is basically the same protocol as bitcoin.

But what I am running into with this venture I am on is that folks do not trust what they might pick up from any of those middlemen relay nodes. And what it stores in your personal box. And as you know, this is also a concern with even TOR nodes. So they might have a legitimate concern, and if the relay node network can be eliminated to make it truly direct peer client to peer server the middleman node worries disappear altogether.

Hence why I have been playing with Gemini. It is also encrypted and signed but uses a direct tunnel from personal client to personal server and server back to client. No relay nodes needed in between. Here is the most important thing for myself. Websites... Being able to build websites in the network aside from just messaging and file sharing like most P2P protocols.

The ability to build websites would make it more viable as a true alternative full featured internet. Both ZeroNet and Gemini are built to allow building websites like this. But as you see from my Gemini thread ZeroNet is too heavy running unneeded stuff in the background all the time, and it is broken and probably never going to get fixed because the owner and admin disappeared, he died or something.

Now let me share a suspicion about Nostr, I think it is based on the ZeroNet protocol, someone fixed it. But I also think it is probably just as heavy and has the same dependencies and software running in the background all the time. I am going to play with it next to see.

But I have to share that I am really liking how simple and straight forward Gemini is, less moving parts. Seriously, it is just like the old days and the beginning of the internet where everyone personally hosted their own dial in server with simple minimal static pages and old school BBS boards.

You might wonder why I am working so hard to try and put this together as a alternate for us and our friends. It is because I don't want to lose you all when they start coming down on the clear net. We can extend our friendships longer if we also have a secure place to meet up in the basement. With Gemini as a base we could build our own private network by using custom ports Etc.

Clayton I really wish you might humor me and find the time to go see what I am trying to explain for yourself. That way your concerns and constructive criticisms would be based on actual hands on knowledge and experience of the protocol. It is free to load up a linux VM and grab the Lagrange client from the official repository. I promise, I am sure you will be quite intrigued once you have poked around in there a bit to see what is there. Once in there all the detailed specs and current projects are available to study. Along with a whole hidden internet of it's own. You have mentioned going back to basics again, well Sir... This is it...

The Lagrange client comes with Gemini already included and already set up to go... Once you have the protocol I have a list of links to share in there.

Clayton · Post by **Clayton** » Sun Oct 22, 2023 9:38 am

Atruepatriot wrote: ↑Sun Oct 22, 2023 6:13 am Clayton I really wish you might humor me and find the time to go see what I am trying to explain for yourself. That way your concerns and constructive criticisms would be based on actual hands on knowledge and experience of the protocol. It is free to load up a linux VM and grab the Lagrange client from the official repository. I promise, I am sure you will be quite intrigued once you have poked around in there a bit to see what is there. Once in there all the detailed specs and current projects are available to study. Along with a whole hidden internet of it's own. You have mentioned going back to basics again, well Sir... This is it...

Trust me, I'm decades ahead of you on this. I'm no cypherpunk but I was reading the source-code of PGP back in the 1990's. So, my criticisms are not meant to be dismissive, only cautionary. As for adoption, the problem is that we need convergence on a solution that comes truly from grassroots, not from any one "source". Anyone promoting their "solution" is instantly suspect in my book. I will listen to a tip from Snowden because... he's freakin' Snowden. But anyone below that tier is potentially compromised in my book. Again, if a grassroots network starts to take root, I will late-adopt. If someone like Snowden who has made a material sacrifice for liberty is willing to endorse a tool, I will consider early-adoption. Otherwise, "let the chips fall where they may."

I know that's a hard line but we'll all meet again on the other side, in Jesus, so I'm not worried about losing contact. The real issue is that the enemy must be given no quarter and must not be permitted to "break in" ever again, through clever means. What I'm trying to explain to you and others on this forum is that what is happening with the US election system is actually a kind of macrocosm of what the network-of-evil is doing to each of us, 24x7 365. Your "decider" inside of you is broken. Mine is broken. We have all been hacked inside of us. And the network-of-evil is manipulating us all, like puppets, from within. This is what I really mean when I use the word "witchcraft." And the global compromise of virtually all electronic devices is parallel to this. They are using RF and other tools to peer directly into devices we consider to be "black boxes" but are only metaphorically so. Think of it like infrared versus house walls... you "imagine" that your house walls cannot be seen through. But this is just a comfortable illusion we all live inside of. The reality is that IR easily sees through house walls and we are all living in so many top-down dollhouses in respect to the overwatch satellites. When this technology was expensive, yes, they only used it on "high value targets" like OBL. But it's not expensive anymore and, for some reason, nobody ever sits down and does the back-of-envelope calculation to figure out that, for the price of a handful of Tomahawk missiles, the US military could have 24x7 satellite overwatch on any theater of operation they choose so obviously they would make that investment unless you believe that JCS are literally drooling retards.

Now, apply this insight to EW and you understand why I'm pretty jaded to most "solutions" out there. The keys always have to live on some electronic device, and every electronic device is only "opaque" in the sense that your house-walls are... they are not opaque to EW equipment. Reading arbitrary data from an arbitrary device might be difficult but, as we saw with Snowden's disclosures, that's not how they operate. Rather, they generally do a two-step procedure by which they first provoke a weakness in a target device (eg deploying a 0-day exploit) and then they "harvest" data from that weakness using another system. This whole process is itself automated so that they are able to deploy these exploits truly "across-the-board", meaning, they are really hacking everything that can be hacked (all the time). I'm not baiting paranoia, here... if I thought there was no hope at all, I wouldn't even be here. But the problem is a lot more complicated than just "let's all go use this new tool I heard about." Any new protocol must be inter-operable with reasonably good OPSEC (at an affordable budget) and, even more importantly, it must not be "hacked from within"... aka embedded F.B.I. See AN0M.

"Behold, I send you forth as sheep in the midst of wolves: be ye therefore wise as serpents, and harmless as doves." (Matthew 10:16)

Atruepatriot · Post by **Atruepatriot** » Sun Oct 22, 2023 10:21 am

Clayton wrote: ↑Sun Oct 22, 2023 9:38 am
Atruepatriot wrote: ↑Sun Oct 22, 2023 6:13 am Clayton I really wish you might humor me and find the time to go see what I am trying to explain for yourself. That way your concerns and constructive criticisms would be based on actual hands on knowledge and experience of the protocol. It is free to load up a linux VM and grab the Lagrange client from the official repository. I promise, I am sure you will be quite intrigued once you have poked around in there a bit to see what is there. Once in there all the detailed specs and current projects are available to study. Along with a whole hidden internet of it's own. You have mentioned going back to basics again, well Sir... This is it...
Trust me, I'm decades ahead of you on this. I'm no cypherpunk but I was reading the source-code of PGP back in the 1990's. So, my criticisms are not meant to be dismissive, only cautionary. As for adoption, the problem is that we need convergence on a solution that comes truly from grassroots, not from any one "source". Anyone promoting their "solution" is instantly suspect in my book. I will listen to a tip from Snowden because... he's freakin' Snowden. But anyone below that tier is potentially compromised in my book. Again, if a grassroots network starts to take root, I will late-adopt. If someone like Snowden who has made a material sacrifice for liberty is willing to endorse a tool, I will consider early-adoption. Otherwise, "let the chips fall where they may."

I know that's a hard line but we'll all meet again on the other side, in Jesus, so I'm not worried about losing contact. The real issue is that the enemy must be given no quarter and must not be permitted to "break in" ever again, through clever means. What I'm trying to explain to you and others on this forum is that what is happening with the US election system is actually a kind of macrocosm of what the network-of-evil is doing to each of us, 24x7 365. Your "decider" inside of you is broken. Mine is broken. We have all been hacked inside of us. And the network-of-evil is manipulating us all, like puppets, from within. This is what I really mean when I use the word "witchcraft." And the global compromise of virtually all electronic devices is parallel to this. They are using RF and other tools to peer directly into devices we consider to be "black boxes" but are only metaphorically so. Think of it like infrared versus house walls... you "imagine" that your house walls cannot be seen through. But this is just a comfortable illusion we all live inside of. The reality is that IR easily sees through house walls and we are all living in so many top-down dollhouses in respect to the overwatch satellites. When this technology was expensive, yes, they only used it on "high value targets" like OBL. But it's not expensive anymore and, for some reason, nobody ever sits down and does the back-of-envelope calculation to figure out that, for the price of a handful of Tomahawk missiles, the US military could have 24x7 satellite overwatch on any theater of operation they choose so obviously they would make that investment unless you believe that JCS are literally drooling retards.

Now, apply this insight to EW and you understand why I'm pretty jaded to most "solutions" out there. The keys always have to live on some electronic device, and every electronic device is only "opaque" in the sense that your house-walls are... they are not opaque to EW equipment. Reading arbitrary data from an arbitrary device might be difficult but, as we saw with Snowden's disclosures, that's not how they operate. Rather, they generally do a two-step procedure by which they first provoke a weakness in a target device (eg deploying a 0-day exploit) and then they "harvest" data from that weakness using another system. This whole process is itself automated so that they are able to deploy these exploits truly "across-the-board", meaning, they are really hacking everything that can be hacked (all the time). I'm not baiting paranoia, here... if I thought there was no hope at all, I wouldn't even be here. But the problem is a lot more complicated than just "let's all go use this new tool I heard about." Any new protocol must be inter-operable with reasonably good OPSEC (at an affordable budget) and, even more importantly, it must not be "hacked from within"... aka embedded F.B.I. See AN0M.

"Behold, I send you forth as sheep in the midst of wolves: be ye therefore wise as serpents, and harmless as doves." (Matthew 10:16)

All I'm asking is to humor me and take a look at it in an isolated VM and then dump the VM. Just don't plot to blow anything up or even comment in the boards there and there would be nothing to worry about. I'm going to go check out Nostr with an objective mind at your suggestion because I trust Snowden too... In fact I would have already had it set up but I just had visitors to deal with...

Clayton · Post by **Clayton** » Sun Oct 22, 2023 10:38 am

Atruepatriot wrote: ↑Sun Oct 22, 2023 10:21 am All I'm asking is to humor me and take a look at it in an isolated VM and then dump the VM. Just don't plot to blow anything up or even comment in the boards there and there would be nothing to worry about. I'm going to go check out Nostr with an objective mind at your suggestion because I trust Snowden too... In fact I would have already had it set up but I just had visitors to deal with...

As I noted before, I'm on the road, so I'm not set up to do any experimentation right now (including Nostr). I'll keep an eye on it. I'm not opposed to late-adopting something that people are finding useful, and protecting myself using my own methods. I'll be digging into Nostr's protocol/design and will likely update on this thread what I learn. I acknowledge this is a crucially important area, and is really a major blind-spot for a lot of the prep community. We need a "grid-down communications" system. RF is great for worst-case scenarios, but I still think the probability of those scenarios is relatively low. Have some radios on hand just in case but I think the DS is 90% bark, 10% bite. So, I think rolling data-blackouts are a far more likely situation. They could use targeted blackouts to punish rural areas that aren't going along with whatever their agenda happens to be at the moment. Being able to set up mesh networks and run non-standard social network protocols over those mesh networks may be an important survivability measure. I'm not as worried about hiding the fact of communication (e.g. Tor) because I think that's a fairly easily-solved problem by simply moving your tent every so often. Set up a station, mesh-network for a few days, then pack up and move on down the road. A rotating network of a few individuals doing this would act as a kind of "physical Tor", removing the need for all of the complex moving-parts that make Tor work (and also make it risky to be compromised.)

Think bombproof everything. Systems so simple they can't not work. Red Dawn stuff. That's what real solutions will look like.

Atruepatriot · Post by **Atruepatriot** » Sun Oct 22, 2023 11:56 am

Clayton wrote: ↑Sun Oct 22, 2023 10:38 am
Atruepatriot wrote: ↑Sun Oct 22, 2023 10:21 am All I'm asking is to humor me and take a look at it in an isolated VM and then dump the VM. Just don't plot to blow anything up or even comment in the boards there and there would be nothing to worry about. I'm going to go check out Nostr with an objective mind at your suggestion because I trust Snowden too... In fact I would have already had it set up but I just had visitors to deal with...
As I noted before, I'm on the road, so I'm not set up to do any experimentation right now (including Nostr). I'll keep an eye on it. I'm not opposed to late-adopting something that people are finding useful, and protecting myself using my own methods. I'll be digging into Nostr's protocol/design and will likely update on this thread what I learn. I acknowledge this is a crucially important area, and is really a major blind-spot for a lot of the prep community. We need a "grid-down communications" system. RF is great for worst-case scenarios, but I still think the probability of those scenarios is relatively low. Have some radios on hand just in case but I think the DS is 90% bark, 10% bite. So, I think rolling data-blackouts are a far more likely situation. They could use targeted blackouts to punish rural areas that aren't going along with whatever their agenda happens to be at the moment. Being able to set up mesh networks and run non-standard social network protocols over those mesh networks may be an important survivability measure. I'm not as worried about hiding the fact of communication (e.g. Tor) because I think that's a fairly easily-solved problem by simply moving your tent every so often. Set up a station, mesh-network for a few days, then pack up and move on down the road. A rotating network of a few individuals doing this would act as a kind of "physical Tor", removing the need for all of the complex moving-parts that make Tor work (and also make it risky to be compromised.)

Think bombproof everything. Systems so simple they can't not work. Red Dawn stuff. That's what real solutions will look like.

I understand the "next step" after the internet is done for and we can't even get online, I am already set up with radio and ready to go. I'm currently after underground internet when they completely take over the indexed clear net and it becomes no man's land. It won't be long and they will be throwing folks in jail for anything they don't like being shared on the clear net. They are already throwing folks in jail for just sharing memes. Now is when to set up an underground alternet and have it ready and available.

Anyhow, I really do appreciate you being willing to check out Gemini when you get a chance. Using that software it would be fairly easy to set up our own unique network isolated away from the current public Gemini network by just changing the client and server ports. It can be used to set up local area and mesh networks also.

Clayton · Post by **Clayton** » Sun Oct 22, 2023 3:24 pm

Atruepatriot wrote: ↑Sun Oct 22, 2023 11:56 am I understand the "next step" after the internet is done for and we can't even get online, I am already set up with radio and ready to go. I'm currently after underground internet when they completely take over the indexed clear net and it becomes no man's land. It won't be long and they will be throwing folks in jail for anything they don't like being shared on the clear net. They are already throwing folks in jail for just sharing memes. Now is when to set up an underground alternet and have it ready and available.

I get it. I think you overestimate them in some ways. I'm not saying that they don't intend to do what you say... of course they do. But consider this: despite literally moving heaven and earth to "take over" the Internet, what have they really accomplished? The "Great Firewall of China", the supposedly impenetrable digital boundary around China is, in reality, a leaking sieve and there is a steady stream of embarrassing disaster videos leaving China, exposing the total lies that they are constantly telling on the world stage. Sure, they'll keep trying to increase their control over that and, like all such political matters, they will continue to raise the stakes, etc. But my prediction is that, for all their whiz-bang gadgetry, they're never actually going to succeed in their own tyrannical goals. Why? Because they are in denial of the basic laws of reality. They view computers as gadgets or toys, kind of like radios or TVs but with way more channels and fancier graphics. They fundamentally do not understand what a computer or computer-network even is. We knew this was true in the 1990s, and it was falsely assumed that this would lead to the downfall of the ruling order. It did not, and the cypherpunk movement was blind-sided by .... Clown World. Who ever suspected that something like Clown World even exists!? I never imagined something like CW, even in my most dystopian predilections about possible future scenarios. There is no Clown World in dystopian fiction or movies, not like this. The memes showing Orwell shocked out of his mind reading the news from 2023 are absolutely accurate. Clown World is far weirder than the weirdest dystopian fiction ever written.

But no matter how blind-sided we were, no matter how absolutely outrageous and cowardly the ambush of our generation by the forces of Clown World is, it still doesn't change the fact that they fundamentally do not understand what computers are. To them, computers are just very fancy gadget/gizmos and, "with the right controls", they can be locked down/controlled. They do not understand the halting-problem. They do not understand uncomputability. They do not comprehend how these are absolute limits of logic, even more fundamental than the laws of physics! And so they are locked in a war with reality. Like O'Brien in 1984, they are asserting that 2+2=5 which, fine, they may be able to shock us with so many volts that we cannot help complying with their demand to agree that 2+2=5 but no matter the voltage 2+2 never equals 5!

I am not about to interrupt my enemy when he is at war with reality itself. If "they" want to try to prove 2+2=5, so be it, let them exhaust themselves on futility ad nauseum. That's a win for us. So I'm not worried in the slightest that they're somehow going to "lock it all down" because... it's objectively impossible. In fact, they should be encouraged to expend all the assets at their disposal on calculating how to lock down all of computation. The more assets they burn on the objectively impossible, the better!

Basically the soundtrack for my life...

Atruepatriot · Post by **Atruepatriot** » Sun Oct 22, 2023 5:01 pm

Clayton wrote: ↑Sun Oct 22, 2023 3:24 pm
Atruepatriot wrote: ↑Sun Oct 22, 2023 11:56 am I understand the "next step" after the internet is done for and we can't even get online, I am already set up with radio and ready to go. I'm currently after underground internet when they completely take over the indexed clear net and it becomes no man's land. It won't be long and they will be throwing folks in jail for anything they don't like being shared on the clear net. They are already throwing folks in jail for just sharing memes. Now is when to set up an underground alternet and have it ready and available.
I get it. I think you overestimate them in some ways. I'm not saying that they don't intend to do what you say... of course they do. But consider this: despite literally moving heaven and earth to "take over" the Internet, what have they really accomplished? The "Great Firewall of China", the supposedly impenetrable digital boundary around China is, in reality, a leaking sieve and there is a steady stream of embarrassing disaster videos leaving China, exposing the total lies that they are constantly telling on the world stage. Sure, they'll keep trying to increase their control over that and, like all such political matters, they will continue to raise the stakes, etc. But my prediction is that, for all their whiz-bang gadgetry, they're never actually going to succeed in their own tyrannical goals. Why? Because they are in denial of the basic laws of reality. They view computers as gadgets or toys, kind of like radios or TVs but with way more channels and fancier graphics. They fundamentally do not understand what a computer or computer-network even is. We knew this was true in the 1990s, and it was falsely assumed that this would lead to the downfall of the ruling order. It did not, and the cypherpunk movement was blind-sided by .... Clown World. Who ever suspected that something like Clown World even exists!? I never imagined something like CW, even in my most dystopian predilections about possible future scenarios. There is no Clown World in dystopian fiction or movies, not like this. The memes showing Orwell shocked out of his mind reading the news from 2023 are absolutely accurate. Clown World is far weirder than the weirdest dystopian fiction ever written.

But no matter how blind-sided we were, no matter how absolutely outrageous and cowardly the ambush of our generation by the forces of Clown World is, it still doesn't change the fact that they fundamentally do not understand what computers are. To them, computers are just very fancy gadget/gizmos and, "with the right controls", they can be locked down/controlled. They do not understand the halting-problem. They do not understand uncomputability. They do not comprehend how these are absolute limits of logic, even more fundamental than the laws of physics! And so they are locked in a war with reality. Like Winston in 1984, they are asserting that 2+2=5 which, fine, they may be able to shock us with so many volts that we cannot help complying with their demand to agree that 2+2=5 but no matter the voltage 2+2 never equals 5!

I am not about to interrupt my enemy when he is at war with reality itself. If "they" want to try to prove 2+2=5, so be it, let them exhaust themselves on futility ad nauseum. That's a win for us. So I'm not worried in the slightest that they're somehow going to "lock it all down" because... it's objectively impossible. In fact, they should be encouraged to expend all the assets at their disposal on calculating how to lock down all of computation. The more assets they burn on the objectively impossible, the better!

Basically the soundtrack for my life...

Of course we are still always going to have the top tier indexed internet. The point is that a time is coming very soon we are not even going to want to use it because it is useless to us for real stuff and communications. We are almost there now. 95% of it is nothing but a commercialized market place. And there are only about .01% websites that are NOT hooked to Alphabet and the government tracking our every move to use as evidence against us in a future court of law.

It is so bad, I don't even want to use the HTTP/HTTPS/WWW indexed layer at all anymore for anything. Or any browsers available. NONE of it can be trusted and we are stepping on our own toes if we use it. I have to get underground or bail off the sinking ship. I don't want anything to do with the internet except for having the local access to use an offgrid protocol. If not, I am leaving the net period. And there are a lot of folks who are also disgusted and ready to do the same. The only thing holding them back is their own lack of knowledge to do it and a good plug and play protocol system to use.

It is something I would like to try and put together for humanity in the time I have left to do it. Just a package of stable modules and apps that works well offgrid. I am plugging away at it and self educating myself now, but at the same time I am moving and making a major lifestyle change.

Atruepatriot · Post by **Atruepatriot** » Sun Oct 22, 2023 5:26 pm

Coming by the day now...

Majority of Supreme Court Allows Gov to Use Private Companies to Censor Speech Into 2024

viewtopic.php?p=108144#p108144

Clayton · Post by **Clayton** » Sun Oct 22, 2023 6:15 pm

Atruepatriot wrote: ↑Sun Oct 22, 2023 5:01 pm Of course we are still always going to have the top tier indexed internet. The point is that a time is coming very soon we are not even going to want to use it because it is useless to us for real stuff and communications. We are almost there now. 95% of it is nothing but a commercialized market place. And there are only about .01% websites that are NOT hooked to Alphabet and the government tracking our every move to use as evidence against us in a future court of law.

Yes, I get it. But the solutions are quite simple. Burner phones, p2p networks, etc. We've gone over this all before. If they want to destroy the value of the Internet in some scorched-earth campaign to prove that they "own" it, there's nothing I can do about that. But we are still able to connect p2p, and on independent forums like this. I don't think this is going to go away. You have a login and I really think this model is a lot more durable than it might seem. The only downside is that it has to be paid for, dollars-and-cents. As long as you have enough people willing to throw $5 into the pot, then it's sustainable. They're going to rattle the sabers and threaten to shut it all down by striking section 230 etc. etc. but let's not forget that these are the very same people who just had Roe-v-Wade stripped out of their hands. Think about it from the standpoint of the typical Woke leftist feminist... that's doomsday-level for them. They're losing case after case on gun control in the courts, with their puppet sitting in POTUS. They have their hands on all the levers of power, and they're still losing. Something is not what it seems! Maybe it's Q-theory. Maybe it's something else. But something is not what it seems, not even the DS black-pill propaganda about how they control everything is true. They're lying on every level. They are the Emperor With No Clothes. They are the Wizard of Oz "pay no attention to that man behind the curtain."

We do need alternative systems. So we agree on that. That's why Truth, Rumble, Gab, etc. have all had to be built. "Build your own Twitter." How about we one-up you and crater Twitter and replace it completely with something else. Oh, and we'll build our own. See, they're trying to play the technology-game, but they're trying to use socio-political dynamics out of context. They're fish-out-of-water and they don't even know it. A computer doesn't care about your Mean Girls-level comebacks on Twitter/X. Neural nets don't actually care about anything, no matter how much Woke training they're subjected to. This is what the Left fundamentally does not understand. They actually believe the sci-fi tropes, they don't understand the "fi" in "sci-fi". Yes, you can use technology to do amazing things, but it's not literally magic. These people are magical thinkers. They couldn't think their way out of a wet paper bag. The reason they're so good at winning is that they are masters of art and scene, poise and social context, comebacks and witticism. They are elitist snobs with razor tongues and whip-crack wit which they use to cut anyone who opposes them down to look like drooling morons or seething psychopaths. Their greatest strength is also their greatest weakness. Don't underestimate them, but don't pretend they have no weaknesses!

It is so bad, I don't even want to use the HTTP/HTTPS/WWW indexed layer at all anymore for anything. Or any browsers available. NONE of it can be trusted and we are stepping on our own toes if we use it.

I look at it like driving a car with all the emissions-control and onboard computer crap on it. Yes, it's all per agenda. However, it still does get me from point-A to point-B. One day, we're going to have to come back and fix all this stupid crap. But we have higher priority stuff to address first. So, first we have to take the fight to the enemy, after he is defeated, then we can roll back all the insanity that was instituted for the duration.

I have to get underground or bail off the sinking ship. I don't want anything to do with the internet except for having the local access to use an offgrid protocol. If not, I am leaving the net period. And there are a lot of folks who are also disgusted and ready to do the same. The only thing holding them back is their own lack of knowledge to do it and a good plug and play protocol system to use.

It is something I would like to try and put together for humanity in the time I have left to do it. Just a package of stable modules and apps that works well offgrid. I am plugging away at it and self educating myself now, but at the same time I am moving and making a major lifestyle change.

I get it. I am looking for similar. I'll be digging into the details of Nostr as I have time and I'll share my findings here for the benefit of all. We need an alternative that is both technologically viable, and not infiltrated with TLA spooks / FBI turncoats. That's a tall order these days...

Atruepatriot · Post by **Atruepatriot** » Mon Oct 23, 2023 4:55 am

Clayton wrote: ↑Sun Oct 22, 2023 6:15 pm
Atruepatriot wrote: ↑Sun Oct 22, 2023 5:01 pm Of course we are still always going to have the top tier indexed internet. The point is that a time is coming very soon we are not even going to want to use it because it is useless to us for real stuff and communications. We are almost there now. 95% of it is nothing but a commercialized market place. And there are only about .01% websites that are NOT hooked to Alphabet and the government tracking our every move to use as evidence against us in a future court of law.
Yes, I get it. But the solutions are quite simple. Burner phones, p2p networks, etc. We've gone over this all before. If they want to destroy the value of the Internet in some scorched-earth campaign to prove that they "own" it, there's nothing I can do about that. But we are still able to connect p2p, and on independent forums like this. I don't think this is going to go away. You have a login and I really think this model is a lot more durable than it might seem. The only downside is that it has to be paid for, dollars-and-cents. As long as you have enough people willing to throw $5 into the pot, then it's sustainable. They're going to rattle the sabers and threaten to shut it all down by striking section 230 etc. etc. but let's not forget that these are the very same people who just had Roe-v-Wade stripped out of their hands. Think about it from the standpoint of the typical Woke leftist feminist... that's doomsday-level for them. They're losing case after case on gun control in the courts, with their puppet sitting in POTUS. They have their hands on all the levers of power, and they're still losing. Something is not what it seems! Maybe it's Q-theory. Maybe it's something else. But something is not what it seems, not even the DS black-pill propaganda about how they control everything is true. They're lying on every level. They are the Emperor With No Clothes. They are the Wizard of Oz "pay no attention to that man behind the curtain."

We do need alternative systems. So we agree on that. That's why Truth, Rumble, Gab, etc. have all had to be built. "Build your own Twitter." How about we one-up you and crater Twitter and replace it completely with something else. Oh, and we'll build our own. See, they're trying to play the technology-game, but they're trying to use socio-political dynamics out of context. They're fish-out-of-water and they don't even know it. A computer doesn't care about your Mean Girls-level comebacks on Twitter/X. Neural nets don't actually care about anything, no matter how much Woke training they're subjected to. This is what the Left fundamentally does not understand. They actually believe the sci-fi tropes, they don't understand the "fi" in "sci-fi". Yes, you can use technology to do amazing things, but it's not literally magic. These people are magical thinkers. They couldn't think their way out of a wet paper bag. The reason they're so good at winning is that they are masters of art and scene, poise and social context, comebacks and witticism. They are elitist snobs with razor tongues and whip-crack wit which they use to cut anyone who opposes them down to look like drooling morons or seething psychopaths. Their greatest strength is also their greatest weakness. Don't underestimate them, but don't pretend they have no weaknesses!

It is so bad, I don't even want to use the HTTP/HTTPS/WWW indexed layer at all anymore for anything. Or any browsers available. NONE of it can be trusted and we are stepping on our own toes if we use it.
I look at it like driving a car with all the emissions-control and onboard computer crap on it. Yes, it's all per agenda. However, it still does get me from point-A to point-B. One day, we're going to have to come back and fix all this stupid crap. But we have higher priority stuff to address first. So, first we have to take the fight to the enemy, after he is defeated, then we can roll back all the insanity that was instituted for the duration.

I have to get underground or bail off the sinking ship. I don't want anything to do with the internet except for having the local access to use an offgrid protocol. If not, I am leaving the net period. And there are a lot of folks who are also disgusted and ready to do the same. The only thing holding them back is their own lack of knowledge to do it and a good plug and play protocol system to use.

It is something I would like to try and put together for humanity in the time I have left to do it. Just a package of stable modules and apps that works well offgrid. I am plugging away at it and self educating myself now, but at the same time I am moving and making a major lifestyle change.
I get it. I am looking for similar. I'll be digging into the details of Nostr as I have time and I'll share my findings here for the benefit of all. We need an alternative that is both technologically viable, and not infiltrated with TLA spooks / FBI turncoats. That's a tall order these days...

"I get it. I am looking for similar. I'll be digging into the details of Nostr as I have time and I'll share my findings here for the benefit of all. We need an alternative that is both technologically viable, and not infiltrated with TLA spooks / FBI turncoats. That's a tall order these days..."

Good at least you are digging into self hosted P2P like I am. Here is the true perspective. We need to remove the dependencies of third parties. Even as private as we have made the TA here we are still at the mercy of our 3rd party domain server hosting. At any time they could just freely give up our server data to the powers that be. Or would be required to give it up if a warrant was served on them for our records. Or just refuse to host us period. Using 3rd party storage and services is a huge risk these days.

This is why I begged like hell for someone willing to set up a dedicated personal server to move the LA/TA over to. I would have done it very first thing when I started LA, but I do not have the carrier internet infrastructure here to do it. No DSL, no land lines, no nothing except spotty unreliable wireless telephone/data. So what is the next option? P2P without any need for a 3rd party server or 3rd party relay nodes and tracker servers. But it needs to be more than just chat/messaging protocols or file sharing. The ability to build surfable assorted static websites and load them with great content needs to be part of it too.

This unique "website" issue is why I chased ZeroNet and now Gemini. It needs to be more than just a social/chat/message platform. Like the clearnet there needs to be blogs, stores, wikis, forums, image galleries, Etc. Not just one social "messaging" platform style everyone is locked into. But it needs to have the license and ability to build a private community network without any dependencies on 3rd party outside entities.

Clayton · Post by **Clayton** » Mon Oct 23, 2023 8:50 am

Atruepatriot wrote: ↑Mon Oct 23, 2023 4:55 am But it needs to be more than just chat/messaging protocols or file sharing. The ability to build surfable assorted static websites and load them with great content needs to be part of it too.

I'm still digging but, as far as I understand, Nostr is able to host all kinds of content, not just Twitter-like content. Its main "killer-app" is its distributed messaging system which is frequently compared to Twitter but, under the hood, works nothing like it. You can be banned from any one individual relay in Nostr, but you can't be "banned from Nostr" since you can always just set up your own relay (for as cheap as buying a Raspberry Pi... $50 or whatever). Thus, Nostr is censorship-proof in its very core.

This video points out (and I'm glad to hear) that Nostr is NOT based on blockchain. This is good because building blockchain into the very framework of your communication protocol (a) makes it very complex (thus, hackable) and (b) reverses the priority of the network from being communication to being profit. In addition, you don't need to build on blockchain in order to build in blockchain, which is exactly what Nostr has done. You can link your Lightning wallet to whatever app you are using with Nostr and use it to give a tip to someone who makes a post you really like. This is similar to liking a Tweet, except that the like comes with a little cash (Bitcoin) to your own Lightning wallet. But once again, this is a purely optional feature and no user has to participate in it. Support is built-in, but the protocol itself is not built on Lightning/etc.

In this case, I consider it a good thing that Jack Dorsey is supporting Nostr. Jack was forced out of Twitter (which was then cratered) and I think a fly on the wall in Elon Musk's house may have discovered that Jack was the architect of Musk's buy-up and cratering of Twitter. I don't think it was a random urge that Musk got one morning, I think he 100% knew that he was going to win, and 100% knew what he was purchasing. Just my opinion, anyway. The point is that I see Dorsey in a similar vein to Musk -- I don't "trust" him, but I also think he is capable of telling the Deep State "hell, no." Which is a good thing. And having a billionaire backing something really does bolster its viability, since people are much more likely to say, "Hey, I'll try that new app... Jack is on it and that means it's probably going to be around for a while." That alone is worth its weight in gold, to be able to attract an initial quorum of users to make the app truly self-sustaining.

I'm still digging to find out how this is being used for non-Twitter services. Nostr is supposed to be able to host its own Github and other websites like that. So, it appears that it can host any kind of p2p network, although it may not be a simply "plug-and-play". So, we may need to get a website-hosting platform that runs on Nostr before we'll be able to set up regular websites there.

Clayton · Post by **Clayton** » Mon Oct 23, 2023 10:05 am

Here's the README.md from their Github:

@Atruepatriot -- see the section titled "How does it solve the problems the networks above can't?"

# nostr - Notes and Other Stuff Transmitted by Relays

The simplest open protocol that is able to create a censorship-resistant global "social" network once and for all.

It doesn't rely on any trusted central server, hence it is resilient; it is based on cryptographic keys and signatures, so it is tamperproof; it does not rely on P2P techniques, and therefore it works.

This is a work in progress. [Join the Telegram group!](https://t.me/nostr_protocol)

## Very short summary of how it works, if you don't plan to read anything else:

Everybody runs a client. It can be a native client, a web client, etc. To publish something, you write a post, sign it with your key and send it to multiple relays (servers hosted by someone else, or yourself). To get updates from other people, you ask multiple relays if they know anything about these other people. Anyone can run a relay. A relay is very simple and dumb. It does nothing besides accepting posts from some people and forwarding to others. Relays don't have to be trusted. Signatures are verified on the client side.

[How to start using Nostr](https://github.com/vishalxl/nostr_conso ... ussions/31)

[Nostr client feature comparison](https://github.com/vishalxl/Nostr-Clien ... /Readme.md)

(https://github.com/aljazceru/awesome-nostr)

## This is needed because other solutions are broken:

### The problem with Twitter

- Twitter has ads;
- Twitter uses bizarre techniques to keep you addicted;
- Twitter doesn't show an actual historical feed from people you follow;
- Twitter bans people;
- Twitter shadowbans people;
- Twitter has a lot of spam.

### The problem with Mastodon and similar programs

- User identities are attached to domain names controlled by third-parties;
- Server owners can ban you, just like Twitter; Server owners can also block other servers;
- Migration between servers is an afterthought and can only be accomplished if servers cooperate. It doesn't work in an adversarial environment (all followers are lost);
- There are no clear incentives to run servers, therefore, they tend to be run by enthusiasts and people who want to have their name attached to a cool domain. Then, users are subject to the despotism of a single person, which is often worse than that of a big company like Twitter, and they can't migrate out;
- Since servers tend to be run amateurishly, they are often abandoned after a while — which is effectively the same as banning everybody;
- It doesn't make sense to have a ton of servers if updates from every server will have to be painfully pushed (and saved!) to a ton of other servers. This point is exacerbated by the fact that servers tend to exist in huge numbers, therefore more data has to be passed to more places more often;
- For the specific example of video sharing, ActivityPub enthusiasts realized it would be completely impossible to transmit video from server to server the way text notes are, so they decided to keep the video hosted only from the single instance where it was posted to, which is similar to the Nostr approach.

### The problem with SSB (Secure Scuttlebutt)

- It doesn't have many problems. I think it's great. I was going to use it as a basis for this, but
- its protocol is too complicated because it wasn't thought about being an open protocol at all. It was just written in JavaScript in probably a quick way to solve a specific problem and grew from that, therefore it has weird and unnecessary quirks like signing a JSON string which must strictly follow the rules of [_ECMA-262 6th Edition_](https://www.ecma-international.org/ecma ... .stringify);
- It insists on having a chain of updates from a single user, which feels unnecessary to me and something that adds bloat and rigidity to the thing — each server/user needs to store all the chain of posts to be sure the new one is valid. Why? (Maybe they have a good reason);
- It is not as simple as Nostr, as it was primarily made for P2P syncing, with "pubs" being an afterthought;
- Still, it may be worth considering using SSB instead of this custom protocol and just adapting it to the client-relay server model, because reusing a standard is always better than trying to get people in a new one.

### The problem with other solutions that require everybody to run their own server

- They require everybody to run their own server;
- Sometimes people can still be censored in these because domain names can be censored.

## How does Nostr work?

- There are two components: __clients__ and __relays__. Each user runs a client. Anyone can run a relay.
- Every user is identified by a public key. Every post is signed. Every client validates these signatures.
- Clients fetch data from relays of their choice and publish data to other relays of their choice. A relay doesn't talk to another relay, only directly to users.
- For example, to "follow" someone a user just instructs their client to query the relays it knows for posts from that public key.
- On startup, a client queries data from all relays it knows for all users it follows (for example, all updates from the last day), then displays that data to the user chronologically.
- A "post" can contain any kind of structured data, but the most used ones are going to find their way into the standard so all clients and relays can handle them seamlessly.

## How does it solve the problems the networks above can't?

- **Users getting banned and servers being closed**
- A relay can block a user from publishing anything there, but that has no effect on them as they can still publish to other relays. Since users are identified by a public key, they don't lose their identities and their follower base when they get banned.
- Instead of requiring users to manually type new relay addresses (although this should also be supported), whenever someone you're following posts a server recommendation, the client should automatically add that to the list of relays it will query.
- If someone is using a relay to publish their data but wants to migrate to another one, they can publish a server recommendation to that previous relay and go;
- If someone gets banned from many relays such that they can't get their server recommendations broadcasted, they may still let some close friends know through other means with which relay they are publishing now. Then, these close friends can publish server recommendations to that new server, and slowly, the old follower base of the banned user will begin finding their posts again from the new relay.
- All of the above is valid too for when a relay ceases its operations.

- **Censorship-resistance**
- Each user can publish their updates to any number of relays.
- A relay can charge a fee (the negotiation of that fee is outside of the protocol for now) from users to publish there, which ensures censorship-resistance (there will always be some Russian server willing to take your money in exchange for serving your posts).

- **Spam**
- If spam is a concern for a relay, it can require payment for publication or some other form of authentication, such as an email address or phone, and associate these internally with a pubkey that then gets to publish to that relay — or other anti-spam techniques, like hashcash or captchas. If a relay is being used as a spam vector, it can easily be unlisted by clients, which can continue to fetch updates from other relays.

- **Data storage**
- For the network to stay healthy, there is no need for hundreds of active relays. In fact, it can work just fine with just a handful, given the fact that new relays can be created and spread through the network easily in case the existing relays start misbehaving. Therefore, the amount of data storage required, in general, is relatively less than Mastodon or similar software.
- Or considering a different outcome: one in which there exist hundreds of niche relays run by amateurs, each relaying updates from a small group of users. The architecture scales just as well: data is sent from users to a single server, and from that server directly to the users who will consume that. It doesn't have to be stored by anyone else. In this situation, it is not a big burden for any single server to process updates from others, and having amateur servers is not a problem.

- **Video and other heavy content**
- It's easy for a relay to reject large content, or to charge for accepting and hosting large content. When information and incentives are clear, it's easy for the market forces to solve the problem.

- **Techniques to trick the user**
- Each client can decide how to best show posts to users, so there is always the option of just consuming what you want in the manner you want — from using an AI to decide the order of the updates you'll see to just reading them in chronological order.

## FAQ

- **This is very simple. Why hasn't anyone done it before?**

I don't know, but I imagine it has to do with the fact that people making social networks are either companies wanting to make money or P2P activists who want to make a thing completely without servers. They both fail to see the specific mix of both worlds that Nostr uses.

- **How do I find people to follow?**

First, you must know them and get their public key somehow, either by asking or by seeing it referenced somewhere. Once you're inside a Nostr social network you'll be able to see them interacting with other people and then you can also start following and interacting with these others.

- **How do I find relays? What happens if I'm not connected to the same relays someone else is?**

You won't be able to communicate with that person. But there are hints on events that can be used so that your client software (or you, manually) knows how to connect to the other person's relay and interact with them. There are other ideas on how to solve this too in the future but we can't ever promise perfect reachability, no protocol can.

- **Can I know how many people are following me?**

No, but you can get some estimates if relays cooperate in an extra-protocol way.

- **What incentive is there for people to run relays?**

The question is misleading. It assumes that relays are free dumb pipes that exist such that people can move data around through them. In this case yes, the incentives would not exist. This in fact could be said of DHT nodes in all other p2p network stacks: what incentive is there for people to run DHT nodes?

- **Nostr enables you to move between server relays or use multiple relays but if these relays are just on AWS or Azure what’s the difference?**

There are literally thousands of VPS providers scattered all around the globe today, there is not only AWS or Azure. AWS or Azure are exactly the providers used by single centralized service providers that need a lot of scale, and even then not just these two. For smaller relay servers any VPS will do the job very well.

## Protocol specification

See the [NIPs](https://github.com/nostr-protocol/nips) and especially [NIP-01](https://github.com/nostr-protocol/nips/ ... ster/01.md) for a reasonably-detailed explanation of the protocol spec (hint: it is very short and simple).

## Software

There is a list of most software being built using Nostr on https://github.com/aljazceru/awesome-nostr that seemed to be almost complete last time I looked.

## License

Public domain.

Atruepatriot · Post by **Atruepatriot** » Tue Oct 24, 2023 2:28 am

Clayton wrote: ↑Mon Oct 23, 2023 10:05 am Here's the README.md from their Github:

@Atruepatriot -- see the section titled "How does it solve the problems the networks above can't?"

# nostr - Notes and Other Stuff Transmitted by Relays

The simplest open protocol that is able to create a censorship-resistant global "social" network once and for all.

It doesn't rely on any trusted central server, hence it is resilient; it is based on cryptographic keys and signatures, so it is tamperproof; it does not rely on P2P techniques, and therefore it works.

This is a work in progress. [Join the Telegram group!](https://t.me/nostr_protocol)

## Very short summary of how it works, if you don't plan to read anything else:

Everybody runs a client. It can be a native client, a web client, etc. To publish something, you write a post, sign it with your key and send it to multiple relays (servers hosted by someone else, or yourself). To get updates from other people, you ask multiple relays if they know anything about these other people. Anyone can run a relay. A relay is very simple and dumb. It does nothing besides accepting posts from some people and forwarding to others. Relays don't have to be trusted. Signatures are verified on the client side.

[How to start using Nostr](https://github.com/vishalxl/nostr_conso ... ussions/31)

[Nostr client feature comparison](https://github.com/vishalxl/Nostr-Clien ... /Readme.md)

(https://github.com/aljazceru/awesome-nostr)

## This is needed because other solutions are broken:

### The problem with Twitter

- Twitter has ads;
- Twitter uses bizarre techniques to keep you addicted;
- Twitter doesn't show an actual historical feed from people you follow;
- Twitter bans people;
- Twitter shadowbans people;
- Twitter has a lot of spam.

### The problem with Mastodon and similar programs

- User identities are attached to domain names controlled by third-parties;
- Server owners can ban you, just like Twitter; Server owners can also block other servers;
- Migration between servers is an afterthought and can only be accomplished if servers cooperate. It doesn't work in an adversarial environment (all followers are lost);
- There are no clear incentives to run servers, therefore, they tend to be run by enthusiasts and people who want to have their name attached to a cool domain. Then, users are subject to the despotism of a single person, which is often worse than that of a big company like Twitter, and they can't migrate out;
- Since servers tend to be run amateurishly, they are often abandoned after a while — which is effectively the same as banning everybody;
- It doesn't make sense to have a ton of servers if updates from every server will have to be painfully pushed (and saved!) to a ton of other servers. This point is exacerbated by the fact that servers tend to exist in huge numbers, therefore more data has to be passed to more places more often;
- For the specific example of video sharing, ActivityPub enthusiasts realized it would be completely impossible to transmit video from server to server the way text notes are, so they decided to keep the video hosted only from the single instance where it was posted to, which is similar to the Nostr approach.

### The problem with SSB (Secure Scuttlebutt)

- It doesn't have many problems. I think it's great. I was going to use it as a basis for this, but
- its protocol is too complicated because it wasn't thought about being an open protocol at all. It was just written in JavaScript in probably a quick way to solve a specific problem and grew from that, therefore it has weird and unnecessary quirks like signing a JSON string which must strictly follow the rules of [_ECMA-262 6th Edition_](https://www.ecma-international.org/ecma ... .stringify);
- It insists on having a chain of updates from a single user, which feels unnecessary to me and something that adds bloat and rigidity to the thing — each server/user needs to store all the chain of posts to be sure the new one is valid. Why? (Maybe they have a good reason);
- It is not as simple as Nostr, as it was primarily made for P2P syncing, with "pubs" being an afterthought;
- Still, it may be worth considering using SSB instead of this custom protocol and just adapting it to the client-relay server model, because reusing a standard is always better than trying to get people in a new one.

### The problem with other solutions that require everybody to run their own server

- They require everybody to run their own server;
- Sometimes people can still be censored in these because domain names can be censored.

## How does Nostr work?

- There are two components: __clients__ and __relays__. Each user runs a client. Anyone can run a relay.
- Every user is identified by a public key. Every post is signed. Every client validates these signatures.
- Clients fetch data from relays of their choice and publish data to other relays of their choice. A relay doesn't talk to another relay, only directly to users.
- For example, to "follow" someone a user just instructs their client to query the relays it knows for posts from that public key.
- On startup, a client queries data from all relays it knows for all users it follows (for example, all updates from the last day), then displays that data to the user chronologically.
- A "post" can contain any kind of structured data, but the most used ones are going to find their way into the standard so all clients and relays can handle them seamlessly.

## How does it solve the problems the networks above can't?

- **Users getting banned and servers being closed**
- A relay can block a user from publishing anything there, but that has no effect on them as they can still publish to other relays. Since users are identified by a public key, they don't lose their identities and their follower base when they get banned.
- Instead of requiring users to manually type new relay addresses (although this should also be supported), whenever someone you're following posts a server recommendation, the client should automatically add that to the list of relays it will query.
- If someone is using a relay to publish their data but wants to migrate to another one, they can publish a server recommendation to that previous relay and go;
- If someone gets banned from many relays such that they can't get their server recommendations broadcasted, they may still let some close friends know through other means with which relay they are publishing now. Then, these close friends can publish server recommendations to that new server, and slowly, the old follower base of the banned user will begin finding their posts again from the new relay.
- All of the above is valid too for when a relay ceases its operations.

- **Censorship-resistance**
- Each user can publish their updates to any number of relays.
- A relay can charge a fee (the negotiation of that fee is outside of the protocol for now) from users to publish there, which ensures censorship-resistance (there will always be some Russian server willing to take your money in exchange for serving your posts).

- **Spam**
- If spam is a concern for a relay, it can require payment for publication or some other form of authentication, such as an email address or phone, and associate these internally with a pubkey that then gets to publish to that relay — or other anti-spam techniques, like hashcash or captchas. If a relay is being used as a spam vector, it can easily be unlisted by clients, which can continue to fetch updates from other relays.

- **Data storage**
- For the network to stay healthy, there is no need for hundreds of active relays. In fact, it can work just fine with just a handful, given the fact that new relays can be created and spread through the network easily in case the existing relays start misbehaving. Therefore, the amount of data storage required, in general, is relatively less than Mastodon or similar software.
- Or considering a different outcome: one in which there exist hundreds of niche relays run by amateurs, each relaying updates from a small group of users. The architecture scales just as well: data is sent from users to a single server, and from that server directly to the users who will consume that. It doesn't have to be stored by anyone else. In this situation, it is not a big burden for any single server to process updates from others, and having amateur servers is not a problem.

- **Video and other heavy content**
- It's easy for a relay to reject large content, or to charge for accepting and hosting large content. When information and incentives are clear, it's easy for the market forces to solve the problem.

- **Techniques to trick the user**
- Each client can decide how to best show posts to users, so there is always the option of just consuming what you want in the manner you want — from using an AI to decide the order of the updates you'll see to just reading them in chronological order.

## FAQ

- **This is very simple. Why hasn't anyone done it before?**

I don't know, but I imagine it has to do with the fact that people making social networks are either companies wanting to make money or P2P activists who want to make a thing completely without servers. They both fail to see the specific mix of both worlds that Nostr uses.

- **How do I find people to follow?**

First, you must know them and get their public key somehow, either by asking or by seeing it referenced somewhere. Once you're inside a Nostr social network you'll be able to see them interacting with other people and then you can also start following and interacting with these others.

- **How do I find relays? What happens if I'm not connected to the same relays someone else is?**

You won't be able to communicate with that person. But there are hints on events that can be used so that your client software (or you, manually) knows how to connect to the other person's relay and interact with them. There are other ideas on how to solve this too in the future but we can't ever promise perfect reachability, no protocol can.

- **Can I know how many people are following me?**

No, but you can get some estimates if relays cooperate in an extra-protocol way.

- **What incentive is there for people to run relays?**

The question is misleading. It assumes that relays are free dumb pipes that exist such that people can move data around through them. In this case yes, the incentives would not exist. This in fact could be said of DHT nodes in all other p2p network stacks: what incentive is there for people to run DHT nodes?

- **Nostr enables you to move between server relays or use multiple relays but if these relays are just on AWS or Azure what’s the difference?**

There are literally thousands of VPS providers scattered all around the globe today, there is not only AWS or Azure. AWS or Azure are exactly the providers used by single centralized service providers that need a lot of scale, and even then not just these two. For smaller relay servers any VPS will do the job very well.

## Protocol specification

See the [NIPs](https://github.com/nostr-protocol/nips) and especially [NIP-01](https://github.com/nostr-protocol/nips/ ... ster/01.md) for a reasonably-detailed explanation of the protocol spec (hint: it is very short and simple).

## Software

There is a list of most software being built using Nostr on https://github.com/aljazceru/awesome-nostr that seemed to be almost complete last time I looked.

## License

Public domain.

Studying...

Atruepatriot · Post by **Atruepatriot** » Tue Oct 24, 2023 5:43 am

Sounds like an off grid relay based "Discord" platform. The platform usage features seem the same.

Ok, let me put this into perspective first so that you will understand where I am coming from exactly. No matter what protocol is implemented, there is no way to escape using the mainstream carrier server infrastructure. You still have to have carrier internet access and with that comes the server infrastructure dependencies they have set up to get you from point A to point B. So you still have this dependency on the sending end through their chain of servers to the receiving end. From their IP to the IP at the other end. And if either carrier utilizes AWS cloud or other server infrastructure to get from point A to point B there is no way to avoid that. So for them to claim here that it is skirting AWS or other infrastructure repeater servers is not true. Think of it like land line telephone. The only way to not use their own carrier "Switchboxes" and wires is to use radio and not use the wired infrastructure at all. Because there is no way to use their service at all without having to go through their carrier server equipment.

So no matter what communication protocol you use there really is no way to "sidestep" all those carrier servers. You are at the mercy of what server path and relay connection they have set up to get your communications from point A to point B. All you can choose is what form of communication transfer protocol you choose to utilize over this huge many point carrier infrastructure. Send and receive IP addresses give the illusion that it is going directly from one IP to the other when in reality it could be hopping through 20 carrier server relays to get to the other side of the world. Even if you have a personal peer hosted relay network it does not go around all this infrastructure. Everything is still stuck with using it all. The only way to do this is for the node relays to live close enough to each other to set up a wireless mesh network and bypass all carrier equipment.

Since this is unavoidable, the optimum situation is hope they take the shortest path with the fewest severs in between if possible. Now here is my whole point with this perspective in mind. This protocol is like qTox. qTox uses the same peer relay node network protocol this does. The initial reason for peer relay nodes was to hide the IP address of the sender with the relay onion protocol. The only advantage is if you want to have the node transfer software strip off the source IP onion layers so that it is harder to figure out the IP address it came from. But here is the problem, each relay node employed adds another carrier/ provider server infrastructure. Because now the middleman (men) local access carrier services are added in between also, so you are now going through even more carrier infrastructure to get from point A to point B with each additional relay node in between.

But the difference is, qTox does use the onion layer protocol to strip layers in an attempt to hide the source IP address. From what this shows the Nostr protocol doesn't do that? It doesn't strip layers to hide the originating IP address? So at that point I have to ask why add all this extra carrier infrastructure and 3rd party peer nodes if there is actually no practical advantage or effective purpose to have all those middlemen? It still doesn't remove the dependency on carrier server infrastructure either, in fact it adds even more to supply each of those peer relay nodes.

Now security is another issue with 3rd party middlemen nodes... If source or receiving IP addresses are transparent and not being peeled, each relay presents it's own unique security issue. What if one of those relays is being monitored because of illegal activity by the powers that be? Now your IP address and traffic is tied too and associated with that peer relay's activities, guilt by association is a real thing. And this will be monitored by the carrier's servers, there is no way to prevent this. Just the carrier's server record of your personal traffic coming in and out of that relay peer's personal box makes you legally an accomplice to whatever illegal activity they are doing. Same if you offer to provide a relay to the network, if someone is pegged for illegal activity and they are relaying through your carrier server and local box you are now associated with them. Content going through encrypted or not has absolutely no bearing on the situation, just piping their stuff through your stuff can drag you into their guilt.

This is already a similar issue when using TOR to access normal clearnet website domain servers aside from the onion domain. If that personal 3rd party relay exit node has been pegged for illegal activity, the server will not accept a connection with that exit node. So the carriers and authorities have made a direct connection to illegal activity coming from that node and put that node on a list, and everything coming and going through that node is being monitored and tracked and associated with that illegal activity.

Now in comparison with Gemini, while Gemini doesn't hide the source IP address (can be remedied locally) or the target address and it is still dependent on the carrier infrastructure they are all dependent on it is a 2 party protocol. No 3rd party middlemen are involved at all, so all the risks and 'moderation" coming from those 3rd party personal box relay nodes are eliminated. Everything is either directly browsed from one personal box server at the other end, or served up directly to a personal client box at the other end only if they choose to click your site link. This is controllable with no unknown 3rd party risks. You can choose to visit their personal self served site or not. And a community black list of known bad servers can be distributed. It is up to each client user to be proactive or not and personally block those servers with their client.

This situation puts each local box in complete control of what they serve up, and/or what is browsed or not from from the local clients. Like all protocols like Nostr, qTox and others, you can choose to have the client only (browser). Or if you want to add to the websites and content in the unique independent network you can host a tiny static webpage on your own extremely light server if you like. But a two way real time connection running is not required like messaging/chat/discord style protocols require. And you are not dependent on any 3rd parties in between point A and point B. It takes the shortest path of least resistance through the unavoidable carrier infrastructure.

But keep in mind, I am not advocating using the Public Gemini system that exists. I am advocating using the protocol software to build our own private network between members. So what is already in the public Gemini space is irrelevant we won't even be connected to that network, we will make our own independent internet with it's own unique website net and content. I can't get over how small, light, simple, and transparent the whole Gemini protocol concept really is. Everything including a base OS, Client, and personal server for the network can all be run from a plug and play 32 gig thumb drive with plenty of room to spare.

But I also think that it is important to share what the difference between the two actually is. Gemini is not a message/chat/ file sharing app/client. It is a whole "internet" of it's own. If one wants community forum style communications then they build a BBS site within that "internet". It is simply an internet/browser situation. And everyone can build and host all kinds of different websites within that private internet. Each can host their own blog, BBS, Image Gallery, whatever in that independent internet.

Clayton · Post by **Clayton** » Tue Oct 24, 2023 1:14 pm

Atruepatriot wrote: ↑Tue Oct 24, 2023 5:43 am Sounds like an off grid relay based "Discord" platform. The platform usage features seem the same.

Ok, let me put this into perspective first so that you will understand where I am coming from exactly. No matter what protocol is implemented, there is no way to escape using the mainstream carrier server infrastructure. You still have to have carrier internet access and with that comes the server infrastructure dependencies they have set up to get you from point A to point B. So you still have this dependency on the sending end through their chain of servers to the receiving end. From their IP to the IP at the other end. And if either carrier utilizes AWS cloud or other server infrastructure to get from point A to point B there is no way to avoid that. So for them to claim here that it is skirting AWS or other infrastructure repeater servers is not true. Think of it like land line telephone. The only way to not use their own carrier "Switchboxes" and wires is to use radio and not use the wired infrastructure at all. Because there is no way to use their service at all without having to go through their carrier server equipment.

I'm actually not too worried about that. Let's use a metaphor to transport. When transporting goods, you have to transport them over the highway. It is always possible they could block off roads but, in order to do this, they have to hurt their own transports, along with everyone else's. It's the only reason that government doesn't more frequently do roadblocks, etc. In the same way, they can interrupt the whole network, but selecting just for "one kind" of traffic is very difficult and, by the time they're bothering to do that, it's already too late. In other words, ISP packet-filtering targeting Nostr would be a sign of Nostr's success, not a reason to be worried.

Unlike physical transport, it is always possible to conceal or "wrap" comms inside of other protocols. This was why the V-chip flopped. They said, "We're going to encrypt all Internet comms using the V-chip and the government will have the key to unlock." Big flippin deal... we're going to encrypt any sensitive information before it goes over your stupid V-chip, so good luck decrypting that, morons. V-chip died almost as soon as it was proposed because it's truly that idiotic. When ISPs started heavily filtering against Torrent traffic, they just encrypted it. Some ISPs have tried to traffic analysis but Torrent can be concealed as standard TLS which means that you're throttling people's bank websites to stop kids from downloading pirated CDs. Again, absolutely idiotic.

The harsh truth that the TLAs can never seem to grasp is that, in this space, the mathematics of cryptography overwhelmingly favors the defenders. This is why politically sensitive data is constantly smuggled out of China and there's basically nothing they can do to stop it except resorting to ever-more violent backlash against those who do get caught, and boosting their own morale by rolling out ever more expensive sci-fi equipment that's supposedly going to finally impose 100.0% censorship, which it then completely fails to do, merely increasing China's censorship budget for nothing in return. It's a 100.0% losing game for the offense. Using a $100 laptop, I can encrypt a file and the combined might of all the world's intelligence agencies will not be able to decrypt it without the password. True, I might flub the OPSEC but that would be their only hope to ever crack it. So much for their supposed "dominance".

So, we can transport a "second-layer protocol" over any network that is still open, and there's nothing they can realistically do to solve it. In a sense, the only way to stop this kind of activity is to have their global "all-seeing eye" surveillance... you have to have all that pocket-lint and you have to have massive neural nets running over all of those patterns to decode all the little embedded communication networks to see who's talking to who, in order to have any chance of mounting a serious offense against a $100 laptop. That's how lop-sided this is, and that's why we (pro-liberty) need to stop obsessing over what "they" can do, and just focus on keeping our comms open using the simple, widely available tools which truly are effective. We're not the ones fighting gravity, they are! Make them do the heavy-lifting!

So no matter what communication protocol you use there really is no way to "sidestep" all those carrier servers. You are at the mercy of what server path and relay connection they have set up to get your communications from point A to point B.

Agreed but, as I said, I don't think this is really that much of a problem. In a grid-down scenario, you might have to find a logging-road to get from point-A to point-B in order to avoid the roadblocks. So be it. But most of the time, you can find someone in your group who is able to slip through the roadblock without issues. Could be a disabled vet that is making an "emergency" trip to the VA. Or whatever. They always put on a tough face that "YOU SHALL NOT PASS", but we need to think a little more cleverly than asking how to batter down the door with a battering-ram. In the same way, I'm not that worried about grid-down situations because I think the main way these will be used is as "area-of-effect" punishments against non-complying local regions. "Get with the Agenda, or no Internet for you." But once it's open, all channels are open and there's just not a lot they can do about it.

All you can choose is what form of communication transfer protocol you choose to utilize over this huge many point carrier infrastructure. Send and receive IP addresses give the illusion that it is going directly from one IP to the other when in reality it could be hopping through 20 carrier server relays to get to the other side of the world. Even if you have a personal peer hosted relay network it does not go around all this infrastructure. Everything is still stuck with using it all. The only way to do this is for the node relays to live close enough to each other to set up a wireless mesh network and bypass all carrier equipment.

So, I think it's important to distinguish between Clown World versus Red Dawn. In a Red Dawn situation, you're right, the mere act of communicating at all is a risk, because the two IPs are basically advertising that they're somehow linked. That's enough for a hostile foreign power to say "IP A is known-bad, and it just talked to IP B, so vector forces to IP B's geophysical location." While Clown World has that level of hostility in their intentions, the fact remains that they are shackled by the need to keep the mask on, to keep up the pretense that "everything is normal", even though it is not. So, I'm willing to run that Underground Railroad risk, to run the moonshine, so to speak. I'm fine with the fact that they can figure out who I'm talking to in a semi-grid-down situation. Keep in mind that, when they go operational, their attention will become scarce, and they will not be able to afford the leisurely lint-picking and navel-gazing they do in the current situation, endlessly combing through databases for pointless pet-projects.

But the difference is, qTox does use the onion layer protocol to strip layers in an attempt to hide the source IP address. From what this shows the Nostr protocol doesn't do that?

Nope, it's just nodes and relays. That's why I prefer it. You can set up a private relay and buy a static IP and then have clients point directly at that IP. Yes, you're still hopping through the Internet routers and, yes, they can monitor the traffic there. However, this becomes a "needle in the haystack" problem for them... they don't get to "auto-slurp" that kind of traffic as they do with all the Google crap.

By contrast, I don't believe that Tor ever achieved the level of concealment it was designed to achieve. Better than nothing, sure, but still nothing close to what a "true believer" might imagine. There is also the open question of just how compromised the endpoints are, especially in the US. For all we know, connecting to Tor is literally just dialing the NSA and ensuring they're 100% aware of everything you're doing. There are other protocols out there, but I trust them even less. I use Tor on occasion for very specific use-cases but, otherwise, I just stay away from that stuff.

Simple, plain node-to-relay is a perfect model. You can still encrypt your traffic, and the challenge to the backbone is that, to track the fact that you and Billy Bob are talking, they have to track potentially hundreds, thousands or millions of relays and an ocean of crud they don't actually care about. Yes, they were doing that with Twitter but keep in mind that Twitter was very much a sandbox that they had full control over. Much harder when you have this distributed network, including fully-private relays, and you have to somehow watch all backbone routers. It's just super-low ROI and so how would all that budget ever get approved? One of the most important and least-talked-about aspects of Snowden's disclosures is the insight it gives on how the government budgets these spying programs. Yes, the government is a wastrel overall, but inter-departmental competition forces these programs to actually be quite frugal in terms of achieve bang-for-buck. So, yes, they could in principle drop billions of dollars on the special project of just monitoring Nostr... but will they actually do that? Again, I'm willing to bet they won't, I'll run that moonshine.

It doesn't strip layers to hide the originating IP address? So at that point I have to ask why add all this extra carrier infrastructure and 3rd party peer nodes if there is actually no practical advantage or effective purpose to have all those middlemen? It still doesn't remove the dependency on carrier server infrastructure either, in fact it adds even more to supply each of those peer relay nodes.

Having worked at two of the biggest chipmakers, as an engineer, on their flagship products, I have to emphasize that the level of corporate inefficiency and "dont-give-a-damn" is hard to exaggerate. Back in the 80's, the conservatives used to say that the inefficiency of government is its one saving grace, and that's true. But since government has gone multi-trillion, many private corporations are as big (in terms of revenue) as a large city, or a small state. You cannot imagine how inefficient these companies really are. "Cisco/Oracle/IBM see all." I mean, yeah, I guess, the data is probably all siphoned and stored somewhere, but don't bet that anybody will ever be able to figure out how to actually access it for any useful purpose. It's all much more haphazard than outsiders realize. I don't mean to downplay the dangers and risks because, when they do focus their full attention on something, they can be brutally efficient. That's why I'm more focused on Snowden-related stuff because that is the hardcore "kick down the front-door" type of mass-surveillance, that's the stuff where you really need to worry. But as I noted, it's also very expensive, and very targeted, despite being done on a mass scale.

if someone is pegged for illegal activity and they are relaying through your carrier server and local box you are now associated with them. Content going through encrypted or not has absolutely no bearing on the situation, just piping their stuff through your stuff can drag you into their guilt.

Sure, but this is the same case that was being made against Bitcoin in the early days and it just hasn't turned out to be true. Yeah, they do take down bad guys and, to be honest, I don't really have any sympathy for those who get caught in those nets. But at the same time, there is so much honest activity going over Bitcoin that we're talking about less than 1% of 1%... the amount of transactions that get pulled into that kind of stuff is extremely tiny. For now, I think the best rule-of-thumb is don't do illegal stuff and you're probably fine. That's not watertight, of course, but I think it's a good rule-of-thumb and I think those who are following it will be safe.

But I also think that it is important to share what the difference between the two actually is. Gemini is not a message/chat/ file sharing app/client. It is a whole "internet" of it's own. If one wants community forum style communications then they build a BBS site within that "internet". It is simply an internet/browser situation. And everyone can build and host all kinds of different websites within that private internet. Each can host their own blog, BBS, Image Gallery, whatever in that independent internet.

Nostr is absolutely capable of becoming its own "Internet". I think it could probably run Gemini on top of it, you'd probably need some glue-code to make it work. The problems that Gemini is trying to solve are perverse, meaning, they are trying to solve politico-legal problems with technological tools which, in my view, is always a waste of energy. I saw a pair of shoes from back in the Prohibition days... they were regular flat shoes fitted with cow's hooves on the bottom. The person wearing them would leave footprints that essentially looked like a cow had been walking along there, and so that would throw off the sheriff or whoever, since they would not try to send the dogs searching down a cow trail. While those shoes are a cool idea, and I respect whoever thought those up, they were never going to be a robust solution to the actual problem, which is that the Law is coming down on people running shine. Instead, you have to use more robust methods of evasion (mainly just good OPSEC) and risk-management and, at the end of the day, somebody's gotta be willing to put their skin on the line and run the moonshine. There will never be a "zero risk" solution to any of these problems. So, the best you can do is provide an honest solution to the actual technological problem -- an excellent tool in its own right -- and hope that people start adopting it. That is what Bitcoin has done, to great success. It's the right model to use.

Atruepatriot · Post by **Atruepatriot** » Tue Oct 24, 2023 5:35 pm

Clayton wrote: ↑Tue Oct 24, 2023 1:14 pm
Atruepatriot wrote: ↑Tue Oct 24, 2023 5:43 am Sounds like an off grid relay based "Discord" platform. The platform usage features seem the same.

Ok, let me put this into perspective first so that you will understand where I am coming from exactly. No matter what protocol is implemented, there is no way to escape using the mainstream carrier server infrastructure. You still have to have carrier internet access and with that comes the server infrastructure dependencies they have set up to get you from point A to point B. So you still have this dependency on the sending end through their chain of servers to the receiving end. From their IP to the IP at the other end. And if either carrier utilizes AWS cloud or other server infrastructure to get from point A to point B there is no way to avoid that. So for them to claim here that it is skirting AWS or other infrastructure repeater servers is not true. Think of it like land line telephone. The only way to not use their own carrier "Switchboxes" and wires is to use radio and not use the wired infrastructure at all. Because there is no way to use their service at all without having to go through their carrier server equipment.
I'm actually not too worried about that. Let's use a metaphor to transport. When transporting goods, you have to transport them over the highway. It is always possible they could block off roads but, in order to do this, they have to hurt their own transports, along with everyone else's. It's the only reason that government doesn't more frequently do roadblocks, etc. In the same way, they can interrupt the whole network, but selecting just for "one kind" of traffic is very difficult and, by the time they're bothering to do that, it's already too late. In other words, ISP packet-filtering targeting Nostr would be a sign of Nostr's success, not a reason to be worried.

Unlike physical transport, it is always possible to conceal or "wrap" comms inside of other protocols. This was why the V-chip flopped. They said, "We're going to encrypt all Internet comms using the V-chip and the government will have the key to unlock." Big flippin deal... we're going to encrypt any sensitive information before it goes over your stupid V-chip, so good luck decrypting that, morons. V-chip died almost as soon as it was proposed because it's truly that idiotic. When ISPs started heavily filtering against Torrent traffic, they just encrypted it. Some ISPs have tried to traffic analysis but Torrent can be concealed as standard TLS which means that you're throttling people's bank websites to stop kids from downloading pirated CDs. Again, absolutely idiotic.

The harsh truth that the TLAs can never seem to grasp is that, in this space, the mathematics of cryptography overwhelmingly favors the defenders. This is why politically sensitive data is constantly smuggled out of China and there's basically nothing they can do to stop it except resorting to ever-more violent backlash against those who do get caught, and boosting their own morale by rolling out ever more expensive sci-fi equipment that's supposedly going to finally impose 100.0% censorship, which it then completely fails to do, merely increasing China's censorship budget for nothing in return. It's a 100.0% losing game for the offense. Using a $100 laptop, I can encrypt a file and the combined might of all the world's intelligence agencies will not be able to decrypt it without the password. True, I might flub the OPSEC but that would be their only hope to ever crack it. So much for their supposed "dominance".

So, we can transport a "second-layer protocol" over any network that is still open, and there's nothing they can realistically do to solve it. In a sense, the only way to stop this kind of activity is to have their global "all-seeing eye" surveillance... you have to have all that pocket-lint and you have to have massive neural nets running over all of those patterns to decode all the little embedded communication networks to see who's talking to who, in order to have any chance of mounting a serious offense against a $100 laptop. That's how lop-sided this is, and that's why we (pro-liberty) need to stop obsessing over what "they" can do, and just focus on keeping our comms open using the simple, widely available tools which truly are effective. We're not the ones fighting gravity, they are! Make them do the heavy-lifting!

So no matter what communication protocol you use there really is no way to "sidestep" all those carrier servers. You are at the mercy of what server path and relay connection they have set up to get your communications from point A to point B.
Agreed but, as I said, I don't think this is really that much of a problem. In a grid-down scenario, you might have to find a logging-road to get from point-A to point-B in order to avoid the roadblocks. So be it. But most of the time, you can find someone in your group who is able to slip through the roadblock without issues. Could be a disabled vet that is making an "emergency" trip to the VA. Or whatever. They always put on a tough face that "YOU SHALL NOT PASS", but we need to think a little more cleverly than asking how to batter down the door with a battering-ram. In the same way, I'm not that worried about grid-down situations because I think the main way these will be used is as "area-of-effect" punishments against non-complying local regions. "Get with the Agenda, or no Internet for you." But once it's open, all channels are open and there's just not a lot they can do about it.

All you can choose is what form of communication transfer protocol you choose to utilize over this huge many point carrier infrastructure. Send and receive IP addresses give the illusion that it is going directly from one IP to the other when in reality it could be hopping through 20 carrier server relays to get to the other side of the world. Even if you have a personal peer hosted relay network it does not go around all this infrastructure. Everything is still stuck with using it all. The only way to do this is for the node relays to live close enough to each other to set up a wireless mesh network and bypass all carrier equipment.
So, I think it's important to distinguish between Clown World versus Red Dawn. In a Red Dawn situation, you're right, the mere act of communicating at all is a risk, because the two IPs are basically advertising that they're somehow linked. That's enough for a hostile foreign power to say "IP A is known-bad, and it just talked to IP B, so vector forces to IP B's geophysical location." While Clown World has that level of hostility in their intentions, the fact remains that they are shackled by the need to keep the mask on, to keep up the pretense that "everything is normal", even though it is not. So, I'm willing to run that Underground Railroad risk, to run the moonshine, so to speak. I'm fine with the fact that they can figure out who I'm talking to in a semi-grid-down situation. Keep in mind that, when they go operational, their attention will become scarce, and they will not be able to afford the leisurely lint-picking and navel-gazing they do in the current situation, endlessly combing through databases for pointless pet-projects.

But the difference is, qTox does use the onion layer protocol to strip layers in an attempt to hide the source IP address. From what this shows the Nostr protocol doesn't do that?
Nope, it's just nodes and relays. That's why I prefer it. You can set up a private relay and buy a static IP and then have clients point directly at that IP. Yes, you're still hopping through the Internet routers and, yes, they can monitor the traffic there. However, this becomes a "needle in the haystack" problem for them... they don't get to "auto-slurp" that kind of traffic as they do with all the Google crap.

By contrast, I don't believe that Tor ever achieved the level of concealment it was designed to achieve. Better than nothing, sure, but still nothing close to what a "true believer" might imagine. There is also the open question of just how compromised the endpoints are, especially in the US. For all we know, connecting to Tor is literally just dialing the NSA and ensuring they're 100% aware of everything you're doing. There are other protocols out there, but I trust them even less. I use Tor on occasion for very specific use-cases but, otherwise, I just stay away from that stuff.

Simple, plain node-to-relay is a perfect model. You can still encrypt your traffic, and the challenge to the backbone is that, to track the fact that you and Billy Bob are talking, they have to track potentially hundreds, thousands or millions of relays and an ocean of crud they don't actually care about. Yes, they were doing that with Twitter but keep in mind that Twitter was very much a sandbox that they had full control over. Much harder when you have this distributed network, including fully-private relays, and you have to somehow watch all backbone routers. It's just super-low ROI and so how would all that budget ever get approved? One of the most important and least-talked-about aspects of Snowden's disclosures is the insight it gives on how the government budgets these spying programs. Yes, the government is a wastrel overall, but inter-departmental competition forces these programs to actually be quite frugal in terms of achieve bang-for-buck. So, yes, they could in principle drop billions of dollars on the special project of just monitoring Nostr... but will they actually do that? Again, I'm willing to bet they won't, I'll run that moonshine.

It doesn't strip layers to hide the originating IP address? So at that point I have to ask why add all this extra carrier infrastructure and 3rd party peer nodes if there is actually no practical advantage or effective purpose to have all those middlemen? It still doesn't remove the dependency on carrier server infrastructure either, in fact it adds even more to supply each of those peer relay nodes.
Having worked at two of the biggest chipmakers, as an engineer, on their flagship products, I have to emphasize that the level of corporate inefficiency and "dont-give-a-damn" is hard to exaggerate. Back in the 80's, the conservatives used to say that the inefficiency of government is its one saving grace, and that's true. But since government has gone multi-trillion, many private corporations are as big (in terms of revenue) as a large city, or a small state. You cannot imagine how inefficient these companies really are. "Cisco/Oracle/IBM see all." I mean, yeah, I guess, the data is probably all siphoned and stored somewhere, but don't bet that anybody will ever be able to figure out how to actually access it for any useful purpose. It's all much more haphazard than outsiders realize. I don't mean to downplay the dangers and risks because, when they do focus their full attention on something, they can be brutally efficient. That's why I'm more focused on Snowden-related stuff because that is the hardcore "kick down the front-door" type of mass-surveillance, that's the stuff where you really need to worry. But as I noted, it's also very expensive, and very targeted, despite being done on a mass scale.

if someone is pegged for illegal activity and they are relaying through your carrier server and local box you are now associated with them. Content going through encrypted or not has absolutely no bearing on the situation, just piping their stuff through your stuff can drag you into their guilt.
Sure, but this is the same case that was being made against Bitcoin in the early days and it just hasn't turned out to be true. Yeah, they do take down bad guys and, to be honest, I don't really have any sympathy for those who get caught in those nets. But at the same time, there is so much honest activity going over Bitcoin that we're talking about less than 1% of 1%... the amount of transactions that get pulled into that kind of stuff is extremely tiny. For now, I think the best rule-of-thumb is don't do illegal stuff and you're probably fine. That's not watertight, of course, but I think it's a good rule-of-thumb and I think those who are following it will be safe.

But I also think that it is important to share what the difference between the two actually is. Gemini is not a message/chat/ file sharing app/client. It is a whole "internet" of it's own. If one wants community forum style communications then they build a BBS site within that "internet". It is simply an internet/browser situation. And everyone can build and host all kinds of different websites within that private internet. Each can host their own blog, BBS, Image Gallery, whatever in that independent internet.
Nostr is absolutely capable of becoming its own "Internet". I think it could probably run Gemini on top of it, you'd probably need some glue-code to make it work. The problems that Gemini is trying to solve are perverse, meaning, they are trying to solve politico-legal problems with technological tools which, in my view, is always a waste of energy. I saw a pair of shoes from back in the Prohibition days... they were regular flat shoes fitted with cow's hooves on the bottom. The person wearing them would leave footprints that essentially looked like a cow had been walking along there, and so that would throw off the sheriff or whoever, since they would not try to send the dogs searching down a cow trail. While those shoes are a cool idea, and I respect whoever thought those up, they were never going to be a robust solution to the actual problem, which is that the Law is coming down on people running shine. Instead, you have to use more robust methods of evasion (mainly just good OPSEC) and risk-management and, at the end of the day, somebody's gotta be willing to put their skin on the line and run the moonshine. There will never be a "zero risk" solution to any of these problems. So, the best you can do is provide an honest solution to the actual technological problem -- an excellent tool in its own right -- and hope that people start adopting it. That is what Bitcoin has done, to great success. It's the right model to use.

Well of course there will never be a "zero risk". Especially if you do any file downloading. But that is from anywhere. Here is my motto about not doing anything illegal. Don't associate or take the chance of associating with anyone who might be doing something illegal. And in these days where device ID detection is utilized and records are maintained in carrier services, that can be a problem if you deal with any risky association you are not sure of. Hence the less associated connections the safer you can be. Device ID is a real thing.

If they raid one of those relay boxes for manufacturing child porn, the connections going through that box can be traced right back to your device by ID number using carrier records. You don't know who or what you are associating with when you are depending on an unknown peer node and have no clue what else he is doing with his box. So IP address and device ID is all the evidence authorities need to drag you into it. Even if your traffic through that box wasn't illegal.

At least with Gemini I know that the connection and packages are coming/going directly from/to the person on the other end with no added association risk in between. And if you don't trust them on the other end you don't have to entertain their box at all. It is dead, and it did not go through any other personal boxes on the way there or back. True direct P2P and no middle men risk at all. And same thing, no central servers are needed either if you don't want any.

Thing is, even if you trust the person at the other end, you can't trust the people relaying it in between you and that person you do trust. In fact as it explains, those relays can even ban you from going through their relays. No one can stop anything in Gemini except point A or point B. There are no referees in between. That third party control option bothers me. They are even discussing implementing toll charges to go through their relays?

Clayton · Post by **Clayton** » Tue Oct 24, 2023 6:33 pm

Atruepatriot wrote: ↑Tue Oct 24, 2023 5:35 pm At least with Gemini I know that the connection and packages are coming/going directly from/to the person on the other end with no added association risk in between. And if you don't trust them on the other end you don't have to entertain their box at all. It is dead, and it did not go through any other personal boxes on the way there or back. True direct P2P and no middle men risk at all. And same thing, no central servers are needed either if you don't want any.

Just going online, you run that risk anyway. The CIA has tools to implant digital evidence of "Russian hackers", and the like. So you can always be raided on any pretext... if they need a pretext, they will make one. No one is immune.

those relays can even ban you from going through their relays. No one can stop anything in Gemini except point A or point B. There are no referees in between. That third party control option bothers me. They are even discussing implementing toll charges to go through their relays?

You're misunderstanding. You think it's: Client X -> Relay A -> Relay B -> Relay C -> Client Y

Actually, it's:

Client X -> {any of Relay A, Relay B, Relay C}

Client Y -> {any of Relay B, Relay C, Relay D}

Etc.

Any client can associate to any relay. Any relay can associate to any client or refuse any client. Relays do not directly connect to other relays (but you can connect as a client, and then relay traffic to your own relay). There is never a multi-hop connection in Nostr. It's only ever Client -> Relay. It just uses vanilla TCP/IP to connect. Traffic is end-to-end encrypted, however. If I am sending you a message, it will be encrypted with your key, so the relay cannot read it. It's the most dead-simple possible protocol that you can have and still do secure communication. This is the best model I have seen yet and, in many ways, this is the nightmare scenario for the FBI, what they call "going dark". They are creating the very thing they fear the most...

PS: As for tolls, again, that's just a question of whether you want to pay to connect to a particular relay. For example, someone could theoretically set up a private game-server and charge to connect to it. Nothing stopping that. But the Twitter-like network they are running would never be paid because anyone could just set up a free relay and copy all traffic coming over the feed... there's no way to "fence" the public feed, thus, no way to make it paid.

Atruepatriot · Post by **Atruepatriot** » Wed Oct 25, 2023 3:57 am

Clayton wrote: ↑Tue Oct 24, 2023 6:33 pm
Atruepatriot wrote: ↑Tue Oct 24, 2023 5:35 pm At least with Gemini I know that the connection and packages are coming/going directly from/to the person on the other end with no added association risk in between. And if you don't trust them on the other end you don't have to entertain their box at all. It is dead, and it did not go through any other personal boxes on the way there or back. True direct P2P and no middle men risk at all. And same thing, no central servers are needed either if you don't want any.
Just going online, you run that risk anyway. The CIA has tools to implant digital evidence of "Russian hackers", and the like. So you can always be raided on any pretext... if they need a pretext, they will make one. No one is immune.

those relays can even ban you from going through their relays. No one can stop anything in Gemini except point A or point B. There are no referees in between. That third party control option bothers me. They are even discussing implementing toll charges to go through their relays?
You're misunderstanding. You think it's: Client X -> Relay A -> Relay B -> Relay C -> Client Y

Actually, it's:

Client X -> {any of Relay A, Relay B, Relay C}

Client Y -> {any of Relay B, Relay C, Relay D}

Etc.

Any client can associate to any relay. Any relay can associate to any client or refuse any client. Relays do not directly connect to other relays (but you can connect as a client, and then relay traffic to your own relay). There is never a multi-hop connection in Nostr. It's only ever Client -> Relay. It just uses vanilla TCP/IP to connect. Traffic is end-to-end encrypted, however. If I am sending you a message, it will be encrypted with your key, so the relay cannot read it. It's the most dead-simple possible protocol that you can have and still do secure communication. This is the best model I have seen yet and, in many ways, this is the nightmare scenario for the FBI, what they call "going dark". They are creating the very thing they fear the most...

PS: As for tolls, again, that's just a question of whether you want to pay to connect to a particular relay. For example, someone could theoretically set up a private game-server and charge to connect to it. Nothing stopping that. But the Twitter-like network they are running would never be paid because anyone could just set up a free relay and copy all traffic coming over the feed... there's no way to "fence" the public feed, thus, no way to make it paid.

I'm understanding, it is like a mesh network. Traffic can go through any number of relays connected. But my concerns are still there with having third parties connected.

Gemini:

Client directly to server.
Server directly to client.

"1.1 Gemini transactions
There is one kind of Gemini transaction, roughly equivalent to a gopher request or a HTTP "GET" request. Transactions happen as follows:

C: Opens connection S: Accepts connection C/S: Complete TLS handshake (see section 4) C: Validates server certificate (see 4.2) C: Sends request (one CRLF terminated line) (see section 2) S: Sends response header (one CRLF terminated line), closes connection under non-success conditions (see 3.1 and 3.2) S: Sends response body (text or binary data) (see 3.3) S: Closes connection C: Handles response (see 3.4)

3.1 Response headers
Gemini response headers look like this:

<STATUS><SPACE><META><CR><LF>

<STATUS> is a two-digit numeric status code, as described below in 3.2 and in Appendix 1.

<SPACE> is a single space character, i.e. the byte 0x20.

<META> is a UTF-8 encoded string of maximum length 1024 bytes, whose meaning is <STATUS> dependent.

<STATUS> and <META> are separated by a single space character.

If <STATUS> does not belong to the "SUCCESS" range of codes, then the server MUST close the connection after sending the header and MUST NOT send a response body.

If a server sends a <STATUS> which is not a two-digit number or a <META> which exceeds 1024 bytes in length, the client SHOULD close the connection and disregard the response header, informing the user of an error.

## 3.2 Status codes
Gemini uses two-digit numeric status codes. Related status codes share the same first digit. Importantly, the first digit of Gemini status codes do not group codes into vague categories like "client error" and "server error" as per HTTP. Instead, the first digit alone provides enough information for a client to determine how to handle the response. By design, it is possible to write a simple but feature complete client which only looks at the first digit. The second digit provides more fine-grained information, for unambiguous server logging, to allow writing comfier interactive clients which provide a slightly more streamlined user interface, and to allow writing more robust and intelligent automated clients like content aggregators, search engine crawlers, etc.

The first digit of a response code unambiguously places the response into one of six categories, which define the semantics of the <META> line."

Simple and straight forward with less moving parts. TLS certificates checked, data transferred, then connection closed and client goes idle with zero running or auto-refreshing in the background until you submit another get request. Transactions are an average of 10-20 Kb or less unless you choose to open an image or something similar. It can be compared to simply sending an encrypted email from one local desktop client to another local desktop client but it checks certificates at both ends first.

If the connection is compromised the connection just goes dead. And if the personal server on the other end happens to be off you get (from a page that moved):

Screenshot from 2023-10-25 04-20-38.png

Clayton · Post by **Clayton** » Wed Oct 25, 2023 8:51 am

Atruepatriot wrote: ↑Wed Oct 25, 2023 3:57 am But my concerns are still there with having third parties connected.

If you just want a private relay with Nostr, you can do that. Simply stand up your relay, and configure "Client A, Client B, Client C can connect, and no one else." So, you're either on the white-list, or you can't connect. Paid private relays, for example, are just requiring their clients to pay to get on the white-list. But you could also operate it no-charge, similar to a website login (eg this site).

Nostr: open protocol for a truly censorship-resistant and global social network

Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network

Re: Nostr: open protocol for a truly censorship-resistant and global social network