Replies (114)
Yeah, it’s way to Twitter-ish
NIP-05 services are friendly username services. They’re more like DNS than any sort of verification.
I would still have them on the profile page, I’m just thinking about removing the check mark badge next to names. The profile page would become jb55@jb55.com with no pronounced color or iconography.
Please god, not more badges lolol 🙏. Toggle off badges loading on profiles would be good tho 🫡
Last week #[2] used his "verification" to alert people from been scammed by a fake profile named Derek Ross too.
What does damus currently display? Seems wild to have display name, username, npub, nip05, lightning address, a thousand badges waiting to load. Bit of a mess, really. Imo imo 🙏
maybe allow people to use their own domain ala that
I’m only thinking about removing the badge to reduce confusion. Not removing nip05
...other place that shall not be named 😏
Not removing nip05, removing the icon to reduce confusion.
honest question
@jb55 would removing the icon without another systemin place not introduce more confusion at this point?
Maybe remove the icon but leave the @domain? Also i like having different colors for people i follow vs people i dont
🤣🤣🤣 they get to decide, not you
Yah but I could have been a long term scammer…
I’m glad we finally came to the same conclusion
It's time everyone grows up then. Safety for the misinformed always leads to less freedom for the real people.
Really? Then what does all scams mean but social rapist?
Very interesting debate. I think it could be the start of a real authentication NIP on nostr.
It’s not about misinformed or informed. There are real people at risk through no fault of their own that require looking out for.
How are they at risk?
But in many cases it’s not some random domain—although it certainly can be. It’s a handful of recognizable domains and also sort of a group signifier. Not saying it’s the end all be all of nostr verification, but just some thoughts.
Lower cognitive function. But even before that you’ll have people clicking phishing links even if they are tech literate.
I really think domain names give a decent verification(proof you paid) while still preserving pseudonymity.
Current implementation definitely doesn’t work though
More in the way of looking at interaction between users, diversity of network, frequency, duration of formed links (especially this last one). Easier said than done… would probably be easier to apply in a commercial context.
Trust is a link maintained over time. There must be ways of looking at this that could provide meaningful insight.
(I got attracted by the concept of decentralized academic accreditation. It would mostly rely on multiple streams of human feedback, assessing the trustworthiness of the human giving the feedback is key and rather problematic)
You could still very well be… 🤔 is this « look this is my face » act just part of the long con
Exactly. You never know, I could be the bad guy.
When there is in writing that we shouldn’t but at best learn?!
I’m afraid arguing she was dressed slutty to rape in the shower is weak excuse when not supposed to be in the shower, no?!
Building the traps.
Us non dev plebs are fucked… Assessing trustworthiness is a bitch. Offline, online. The only way I know how to deal with it is to pretend to be stupid and naive and see if ppl try to take advantage of it.
… problem is, I am often truly stupid and naive.
Guess the corrupt and stereotyping see that as a time to go rape and piling.
Besides that issue, it would of been better to have the accounts in DNS and not need to point to a server at all. But yeah…
The ultimate question is how to verify simply for the masses. I’m not against paying some sats to do so but not sure of the overall mechanism…
This has been discussed multiple times. Web clients would not be able to verify in that case.
Anyone of prominence who cares about this should have their own domain one would think.
I do not disagree. We can make it easier for sure, but people need to learn to take domain names seriously 🤷♂️
Domain names won’t stop scammers anyway. It’s trivial to get one if you really wanted to rip people off.
But it’s also easy to remember and easier to verify what domain name someone noteworthy is actually using?
We can make it easier definitely but We can’t protect everyone.
Yeah, that might be the sanest route.
It’s really not verifying anything in the sense of how most people think of that term
Perhaps we'll have a single domain (nostr.org) that handles user lists so that duplicate users are impossible
That’s just proof of payment tho
Like a WoT solution ?
I knew it!
A single domain would cause centralization. I’m not for removing checkmarks unless there’s something else to replace it. Many of us who self-host them use them to link back to our domains. For example, I use mine to help promote the #Nodestrich community. They are part of our online identity here and we’ve put energy into building our individual brands.
You should remove it. Or at least probably change the name nip05 if you target the average user. But can’t lie, it gives you the feeling ‘oh I’m doing something cool’.
Hard Agree. Verify yourself through proof of work.
There actually is another system (WoT). You can see it in action when your remove your nip05. I don’t want to encourage removing nip05 though, I just want the badge gone.
Can you elaborate on this with some screenshots and more detail?
It's not verification. It's an online identifier. Read the spec 😁 Damus and every client that calls it verified or mentions verification is wrong. Your Nostr address is akin to an email address. That's it.
You should keep it NIP, change the field to Nostr address, and remove the word verify throughout the client 🤙🏻
你自己不喜欢也没必要删除吧?之前不喜欢 #Likes 点赞,直接开发个 #OnlyZaps 而这次不喜欢 #NIP58 徽章,又想要怎么办?其实可以宽容大度一些,你不喜欢,不代表别人也不喜欢。
lightning:cndx@btcdv.com 🐇ᥬ[🐕]᭄🌿
I’m on board with that. We are making things too technical by talking in NIPs. Users aren’t scouring GitHub to figure out what’s going on. They just want stuff that works without reading all the documentation.
Sure. There are two icons: one means you’re following them and one means someone you follow is following them.
You actually have the power to make NIP-05 mean something… Just start treating the relays that are listed in NIP-05 as mandatory. That would serve a variety of purposes…
1) The user can make sure the relays they pay for never accidentally get dropped from use if they get them listed in the NIP-05 relay list.
2) Organizations/companies that use NIP-05 to validate that the person is part of their organization can mandate their relays be used so they can monitor what's said using their official accounts. (If you don't like that - don't get verified with them - or temporarily switch or disable your NIP-05).
When you think about it the NIP-05 relays can't be changed by the user (unless the user controls the domain). So it was written to give the domain owner, not the user, control over that particular relay list (whether it was intentional or not). That's actually it's advantage over NIP-65.
I did! It's an online identifier. Self verification, at best, but I've always hated calling it verification because the spec never mentions verification and only mentions an identity. Your Nostr address is like an email address.
Me searching nostrplebs.com looking for the word verify. Wtf is wrong with me…
So it’s really there to share our npub without scaring people with the format, and improving searchability? maybe I am not that stupid after all.
NIP05 is for branding and vanity just like domain names.
Good branding makes it easier for others to find you.
What does jb55 even mean?
Why not?
What about linking it somehow with a pgp signature?
are we gonna do what bluesky is doing ; domain usernames?
Is it right to say that if someone has nip05 icon then we can’t know whether he is followed by someone we follow?
Do we need both icons displayed?
Me hunting for Nela as she’s a filmmaker. Info flow on Nostr is weird, thanks for the recommendation.
Would be interesting if clients provided an indication as to the number of pubkeys a domain is mapping in that nostr.json file.
To me, If it's thousands, it carries far less weight then one only serving for say, a dozen or so.
Right now I just consider well known ones (nostrplebs, nostrverified, iris.to, nostrcheck, etc) as being a pretty much free for all pay to play.
Anyone that's able to pay for relays, support developers and such should be able to spend about $10/year on their own domain and setup their own managed nip05. It's not rocket science. It's more work to setup a VPS, or a typical Site ground website or woocommerce or Shopify store.
Wouldn’t it be better not to have something like “I’m verified” and for everyone to be free to decide whether to do it or not? The idea in #nostr of your being able to communicate anon but that there is something that guarantees others that you are human writing and not a bot is wonderful.
But it wouldn’t be better to be able to identify the bots and force them in some way to verify themselves as bots. This way, the rest of us will be able to know who we interact with.
Crazy idea.
keyoxide looks pretty cool
Yeah I kind of agree. I went out and figured out a way to get it because it looked cool. I’m not sure it serves an actually purpose l, but if it does, I would love to know how!
Yes. That's why I've been calling it a human readable format for your public key for 5 months now. We don't call it verification because the spec never once mentions it. I only mention a verified checkmark because clients mention that and because of that, people search for it. 😉
Exactly!
I've been asking clients to adopt this for a while now. Two clients call NIP-05 a Nostr address now. Snort and Current.
it's unrealistic to think that if nostr gets as big as we hope, that we're going to have millions or even billions of individual domain names being registered. could you image? LMAO! people haven't done this for the 40 years that email has been around. they're not going to do it for a nostr address if they didn't do it for an email address.
that's what they are. nostr addresses are exactly this.
please remove it! or at least change the wording to Nostr address instead of verified/verification.
Spending $5 a year to get yourself “verified” is a big ask? Then why are you charging them 20,000 sats for the same thing! 😆
Just limit it to your own domain. If someone is willing to do the work to pay for a domain name so he won’t get impersonated, I don’t think he should get penalized.
1) i'm not. it's a one time fee.
2) the overwhelming majority of people will NEVER buy a domain name to host their email address or their nostr address. they just want to click a button and pay for a service that gives them what they want.
It could have some meaning for organizations, public figures, influencers and celebrities
If you make it the only way not to get impersonated on Nostr, they will. Your reputation means more than $5 a year.
You can't impersonate me. Only one derekross@nostrplebs.com will ever exist. Ever. Now, some clients don't check the validity of the Nostr address by calling the JSON to verify the ID matches the public key. However, they show an invalid indicator.
What is stopping someone from registering derekross.com and pointing your npub to derekross@derekross.com
My guess would be this guy.
😆
Someone could, but that's not the Nostr address that I've been using. My identity is derekross@nostrplebs.com. if you get a new email address, you email everyone and tell them hey this is my new email address. The same goes for your Nostr address. You'd post and say hey this is my new Nostr address. If it's not from the same npub that you've been following them you'd be suspicious. This would be harder for new users that were looking for the correct Derek Ross to follow, but a little bit of work helps to alleviate pain points.
Yeah it really only works for verifying folks at large recognizable brands since I doubt anyone could use @walmart.com or @amazon/apple/samsung etc without having the proper access to load a JSON file on their servers.
I think that was the old behavior back in december, at least on reposts
How about you make it so that it points to something that has to be verified by signing with your private key?
Was very worth it for me!
来也匆匆,去也匆匆。
If we remove the name= functionality and have the entire nostr.json every time, clients could disregard verifications from websites that have say more than 10 npubs?
can you just remove the symbol and keep the link? then maybe it can still be used for authentication without people treating it as a status symbol.
That’s the plan
sick 🤙
Make it an @ sign and truncate the name!
This makes more sense tbh. It makes more sense to connect it to what it really is, rather than a structure analogous to something in trad SM
I wish I could find it, some designer 4 months ago made a really great graphic explanation of how this would work.
it’s not ideal tho, iOS and many other digital environments see a @ sign in the middle of words and assume email address, which is a known complaint about mastodon so it’s been avoided here, some nip 05 providers even offer email forwarding 😅
maybe we need to take a hint from bluesky and change to a period so you would be @bob.nostrplebs.com instead of @carol@nostrplebs.com I’m not sure the double @ sign here is technically doing anything
This is what Bluesky does
Hello, what is your strategy for this app?
Bens better watch out
Double @ is confusing for sure.
Maybe something like @Name::site.com
bluesky uses a dot instead of a double @ sign
Where is the dot supposed to be? I just see it lists my domain
I agree
How about Damus Not a Bot verification? Find a way to verify who isn’t a bot, give user a badge in completion. You could make it one time and expensive payment, for example 20-50k sats or tier payment system with different color badges (dev support purple badge). This way we would have some new type of verification and you would get extra income.
build cool shit
Uncool shit can be nice too.
Reading this, there are some great comments on NIP badges use cases, such as verify owning a domain and other badges, like NIP-58 as community badges.
I like the concept of verifying domain ownership and affiliation to a domain owned verified account.
Similar to uses by agencies or individuals associated with an organisation.
Hope you will hold-off and let it rather play out. This is a new space in identity with how it’s separated in #nostr.
NIP05 has utility, it already helped form tribes and connections for new users. It helped launch nostrplebs and thus nests.
Saylor just made all microstrategy email addresses Lightning ⚡️.
We don’t know where this is going but this is a good solution with limitations today. Other areas might integrate later on and NIP05s role could change so please, keep it around.
Let’s see how things evolve a bit.
Not even a link to a discussion?
because the web can’t make dns queries
Am I in the web right now?
Obviously I was talking about the client making the request. Maybe it’s just a Damus limitation?
you would exclude web clients
