Why encrypt keys on disk?
Your signer stores private keys, and if those keys are stored in plain text, anyone with access to the filesystem has your keys. A stolen laptop, a compromised backup, an attacker who gets shell access. Encryption at rest means keys are encrypted before they touch the disk, so even if someone copies the files, they get ciphertext that's useless without the password.
This protects against physical theft, backups falling into the wrong hands, and attackers who get file access but not memory access. It doesn't protect against an attacker who has full system control while the signer is running, since at that point keys are decrypted in memory, but it raises the bar significantly. Defense in depth. Every layer matters.
Connecting Signet to Primal:
Generate a bunker URL in Signet. On Primal's login screen, look for the remote signer or NIP-46 option and paste your bunker URL. Approve the connection request in Signet when it appears.
Primal will use your signer for all key operations including posting, liking, and zapping, which all go through Signet. Primal is a polished client with good NIP-46 support, so the experience should feel seamless once connected.
Remember to set up auto-approve policies in Signet if you want routine actions to happen without manual approval each time.
Quick client comparison:
Damus is iOS native with a clean, fast, well-designed interface and good NIP-46 support. Amethyst is Android native, feature-rich with active development and strong NIP-46 support. Primal covers web and mobile with a polished UI, caching infrastructure for speed, and NIP-46 support.
For web-based options, Snort is fast and minimalist, good for quick access. Nostrudel is power-user focused with lots of features, great for digging into the protocol. Coracle focuses on relay management and discovery.
This isn't exhaustive since new clients appear regularly, so check what's current. The best client is subjective, so start with one that matches your platform and priorities.
Reporting abuse on Nostr works differently than centralized platforms. NIP-56 defines a reporting mechanism where you publish an event tagging the offending content and a reason. This report is visible to relay operators and tools that aggregate reports.
But reports don't guarantee action. There's no central moderation team, and each relay decides its own policies. Some relays ignore reports while some take action quickly. Community relays might have stricter moderation while public relays might have none.
Reporting is a signal, not a command. It informs those who want to moderate but doesn't force anything. Combined with muting, you can curate your experience even if nobody else acts.
Scheduling posts on Nostr requires external tooling. The protocol doesn't have a "schedule" concept. An event is published when you send it.
To schedule, you build the event ahead of time and delay sending. A cron job, a task scheduler, whatever triggers the send. With a remote signer, you can sign ahead of time or sign at send time. Signing ahead means the event is ready to go, while signing at send time means your signer must be available when the schedule triggers.
Herald is an example. GitHub Actions runs on a schedule, builds an event, signs with Signet, and broadcasts. Scheduled educational posts without manual intervention.
NIP-59 introduces gift wrapping for private messages. The idea is to wrap your encrypted message inside another layer of encryption. The outer layer is addressed to the recipient, and the inner layer is the actual content.
This hides metadata better. The relay sees a message to the recipient but not who sent it. The sender pubkey is only revealed inside the encrypted wrapper. Gift wrapping improves DM privacy significantly. Combined with NIP-44 encryption, it's the state of the art for Nostr private messaging.
Client support is growing. Check if your client uses NIP-59 for DMs if privacy matters to you.
Pseudonymity is achievable on Nostr. Create a key that isn't linked to your real identity. Use it from a different IP (VPN, Tor). Don't cross-post with your real identity. Don't leak identifying information. The key itself is just random bytes. It doesn't know who you are.
But maintaining pseudonymity takes discipline. One slip links your pseudonym to your real identity. Posted from your home IP once? Connected. Mentioned a detail only you know? Connected.
Pseudonymity is a practice, not a setting. Nostr enables it, but you have to maintain it.
Signet is a self-hosted remote signer for Nostr.
It keeps your private keys encrypted on your own hardware. When an app needs to sign something, it asks Signet. You approve or deny through the web dashboard or Android app.
Your keys never leave your control. That's the point.
A private relay only serves specific users. Maybe it's for your family, maybe for a small community, maybe just for yourself. You control who can read and write.
Private relays can require authentication, with only pubkeys on an allowlist getting access while others are rejected. Why bother? A private relay ensures your content is stored somewhere you control. It's a fallback if public relays ban you, and it's a private space for groups that want one. Running a private relay alongside public ones gives you the best of both: public relays for reach, private relay for persistence and control. Decentralization includes the right to run your own infrastructure.
📦 Signet commit
Release 1.10.0: security hardening (auth/CSRF on approval, atomic approve/deny, JWT pinning, replay protection), live relay management UI, Docker bind + pnpm pin fixes (#45), and CI
34e2768
GitHub
Release 1.10.0: security hardening (auth/CSRF on approval, atomic app… · Letdown2491/signet@34e2768
…rove/deny, JWT pinning, replay protection), live relay management UI, Docker bind + pnpm pin fixes (#45), and CI
There's no single best Nostr client. Different clients optimize for different things: mobile or desktop, feature-rich or minimal, fast or comprehensive.
For iOS, Damus is popular. For Android, Amethyst is well-regarded. On the web, Primal, Snort, Nostrudel, and Coracle each have their strengths. Try a few. See what clicks. Because Nostr is a protocol, your identity works everywhere. Switching costs are low.
Important: check NIP-46 support before committing. If a client doesn't support remote signing and you use Signet, that's a dealbreaker. The right client is the one that fits how you use Nostr. You'll probably try several before settling.
Content moderation on Nostr is decentralized. No single entity decides what's allowed. Relays set their own policies, clients can filter, and users can mute.
Some see this as a feature since no central censor can silence you. Some see it as a bug since toxic content has fewer consequences. The reality is nuanced. Moderation still happens, just differently. Popular relays moderate to keep users, clients filter illegal content, and communities form around shared standards.
You can choose relays and clients that match your preferences. Want strict moderation? Use relays that provide it. Want minimal filtering? Those exist too. Decentralization means options, not absence of standards.
Mobile devices are convenient but risky for key storage. Your phone is always connected, always with you, and easy to lose or steal. Apps can have permissions you didn't realize, and the app store model means trusting gatekeepers.
If you use Nostr on mobile, remote signing makes sense. The Signet Android app lets you approve signing requests from your phone, but your keys live on your signer infrastructure, not the phone itself. If you must have keys on mobile, at least use a separate key for that device, something you can abandon if the phone is compromised without losing your main identity.
Convenience and security trade off. Know where you're drawing the line.
Clients request events from relays using filters. A filter is a JSON object specifying what you want: you can filter by event IDs, authors (pubkeys), kinds, tags, and time ranges. For example: give me all kind 1 events from this pubkey since yesterday. The relay returns matching events.
Filters can be broad or narrow. Request all posts from everyone you follow, or just one specific event by ID. Relays can limit what filters they support: some don't allow unrestricted queries, some limit how far back you can search. The protocol defines the syntax; relays decide what they'll actually process. Understanding filters helps you understand what clients are doing under the hood.
Which relays should you use? Start with a mix of large public relays and smaller community ones. Damus, nos.lol, and relay.nostr.band are common defaults.
Consider adding relays where people you want to follow publish. Check their relay lists. Add regional or topical relays if they fit, like Bitcoin-focused relays if that's your thing or local relays for your area. Paid relays often have better performance and less spam, worth considering for reliability.
Don't add too many since each relay is a connection to maintain. Five to ten is usually enough. Review periodically. Remove relays that are slow or down, and add new ones as you discover them.
Nostr supports content warnings through tags. Add a "content-warning" tag to your event with a reason, and clients that understand this will hide the content behind a click-through. Useful for spoilers, sensitive topics, or anything that needs context before viewing.
This is voluntary, and clients choose whether to respect it, though most do. It's a social convention backed by protocol. You're signaling to readers that they should have a choice before seeing this content. Good citizenship in a decentralized network. No one can force you to use content warnings, but they're a useful tool for being considerate while still posting freely.
How Signet protects your keys at rest:
Your private keys are encrypted using AES-256-GCM. This is the same encryption standard used by governments and financial institutions for classified and sensitive data. "256" refers to the key size. 2^256 possible keys makes brute force computationally infeasible.
The encryption key is derived from your password using PBKDF2 with 600,000 iterations. PBKDF2 is a key derivation function that intentionally slows down the process of turning a password into an encryption key. Each guess an attacker makes requires 600,000 rounds of computation. This makes dictionary attacks and brute force attempts expensive.
GCM mode provides authenticated encryption. It doesn't just encrypt the data, it also detects if the ciphertext has been tampered with. You can't flip bits without detection.
None of this helps if your password is "password123". Use a strong, unique password. The cryptography is only as good as the secret protecting it.
Nostr and Bluesky both aim to decentralize social media. Bluesky uses the AT Protocol, which is more complex, with DIDs, personal data servers, and algorithmic feeds. Currently more centralized in practice, though designed for federation.
Nostr is simpler with keys, events, and relays. Less infrastructure, less complexity, more decentralized today. Bluesky has a polished UI and Twitter-like feel, while Nostr has more variety in clients but less polish.
Both are exploring decentralization with different approaches and different tradeoffs. Some people use both. The key difference: Nostr works today without trusting any company. Bluesky's decentralization is still emerging.
