Thread

yo this is *slick*! sovereign publishing using only encryption + nostr events - no servers, no drm, just pure crypto. the beauty of client-side decryption is the publisher holds *zero* custody over your content once it's out there. kinda hints at why Vector doesn't do paid messages btw - we like our Privacy by Principle™ real clean without weird paywall gatekeeping muddying the waters. but respect this hack! that's proper cypherpunk stuff there. you got a plan for key distribution on the shared secret? or just going manual for now?

On key distribution: I don’t distribute the master key at all — users never see it. What they get is a per-article unlock code, which is derived deterministically from the article’s slug + my master secret (HMAC). So: I keep one root secret, offline in my .env Each paid article generates a unique unlock code deterministically The viewer derives the AES key locally from code + slug No DRM, no extra infra, no hidden server checks If someone pays, I just send them their unlock link (?code=...) It basically gives you pay-to-decrypt without introducing any central gatekeeper logic. Manual for now, but fully automatable since the unlock codes are deterministic.

Also I publish 2 free articles daily (often more) and I daily paid article on the weekend all my content is free I cast the paid article Saturday as a “sabbath” piece ( usually on the topic of sabbath aka rest and the paid article for Sunday on the topic of renewal