Replies (45)
Is there anyone who has succerded in building a client that uses web of trust or is it still a theoretical concept?
Does it work without centralization? I know about the vertex search engine and the follow graph in Iris.
@Martti Malmi does the graph work well and do you think it's useful?
I recommend the good old school way for starters, a quick and easy way to mute/ignore. I think we also need some kind of flood protection (limit/filter max messages/second)
Yep, that's already built in.
We are looking for an investor who can loan our holding company 237,000 US dollars.
With this money, we will open a farm in Baku, Azerbaijan to produce animal-based food.
We will also make our own animal feed, so our products will be healthier, better quality, and cheaper.
Because we sell quality products for less and have strong advertising, we will sell more worldwide and make big profits.
Why Azerbaijan? Because animal farming makes a lot of money there, but few people do it. That’s why we will earn more by starting in Azerbaijan.
Additionally, by producing our own animal feed, we will be able to sell healthier, higher quality animal products at a lower price.
Since we can sell quality products cheaply and thanks to our strong advertising network, we will be able to sell more internationally and make huge profits.
The reason for establishing the business in Azerbaijan is that animal husbandry is a very profitable business in Azerbaijan, but since there are very few people doing animal husbandry, establishing the farm in Azerbaijan will provide us with more income.
Your profit:
You will lend 237,000 US dollars to our holding company and when 22.03.2026 comes, you will receive your money back as 953,000 US dollars.
Your earnings will be great. When 22.03.2026 comes, you will get your money back as 953.00 US dollars.
You will lend 237,000 US dollars to our holding company and when 22.03.2026 comes, you will receive your money back as 953,000 US dollars.
When 22.03.2026 comes, I will give you back your money in the amount of 953,000 US dollars.
That means you will earn 716,000 US dollars profit in just 9 months.
If you like this project and want to loan us money, message me on WhatsApp or Telegram for more details.
If our project is suitable for you and you would like to lend money to our holding, send a message to my WhatsApp number or Telegram username below and I will give you detailed information.
For detailed information and to lend money to our holding, send a message to my whatsapp number or telegram username below and I will give you detailed information.
My WhatsApp phone number:
+44 7842 572711
My telegram username:
@adenholding
Waiting for release.
I think, locality is the key here. Back to the roots of bitchat. But other than "chat only with who's in reach of your antenna", use the antenna to collect and broadcast keys. And then use these keys to limit the chat with encryption! Key leaking will still be a problem sometimes but at least it would work for some time for most locations. My street chat would remain private but some "Pub-key Bar" chat would probably get spammed and would have to rotate keys often.
What you have now is perfect. The code is perfect . I think people need to be informed on more use cases.
As you said, i think this project has different goals and tradeoffs. I would consider adding an option to filter out teleported users and their messages from a channel. The more local, the more abuse gets solved by proof of punch. Its not a solution but might help.
So every user could pick their own deterministic symmetric key to encrypt messages while broadcasting the key locally and collecting other keys, too. When messages are received with other known keys, these keys can also be used for own messages, so maybe a location will end up using just one key, making it easier for people living at the far extreme of the locality to be able to read all messages.
It's very anonymous. Teleportation cannot be filtered out as people use ephemeral keys already. Teleporters can use the same plain-text nickname in different locales but count the "jack"s - those are not all the same Jack.
Some of my content dvms use wot. They are highly centralized and don't have to handle anon chat identities.
It's a toy and I bet it was done before a million times. Jack promoted it, so now there's some 100 users but spam already arrived as was to be expected, too. If they would stop improving it now, the project would die within a week.
You do realize that messages are plain text public? And people read and write to whatever channel is busy but only to channels that are far from their actual street address to not dox themselves just in case? That won't change unless we improve the project.
I just slap the spammers. Others need a hug
this is also my assumption
Time outs? I think you would need to look at what works on game chats. Maybe reduce the length of what can be postes to “build” trust.
Ah, so location is only being used to determine your geohashes? Is the channel using one of the groups nips?
This is basically the architecture of contact tracing apps, right? I think this could work!
With the above, local chats would be encrypted but sometimes we want proof of locality for local plain text reports - reports/live footage/fotos/... known to have emerged from a specific location. Crypto can certainly help there, too. So some key hashes could be published for a geohash ahead of time but only the group members know the keys - again, only transmitted via local radio. Now, reports signed with those keys would have a high assurance of emerging from that location but other group members would have to check on those and confirm/deny having seen them on local radio.
{
content: "\"early here\" yeah like what 5 am ",
created_at: 1756027640,
id: "7734b860e3e52380c326e3d59fad9014634e57ae0601c08e128b908a30311183",
kind: 20000,
pubkey: "10fa849a2d521b853b0f3d3d92218b8fb1fa785f880e407246631e56140cb68c",
sig: "2a1257c3f68ca3aa2ab4220057532b4fab955a1d7fc7ad6be719ae31b136930c328d54648124fd23dc8eb5439d16780844ccebf800e4365488020218680c7e3d",
tags:[
["g", "u0"],
["n", "MikaMisonoIsMyWife"]
]
}
Basically kind:1 events.
Yes to both.
Initial load of all the follow lists is just heavy. Need to use graph snapshots instead, at least on web & mobile, so there's that centralization. But you can always locally recrawl when you feel bandwidth-rich.
Negentropy or "send only matching event ids, I'll request those that I don't already have" would help with bandwidth
Love Bitchat. 🔥❤️
This is why i propose, aside from all the other stuff you can use, to also start creating musig handshake events. Still need to do the write up, and i have a rather specific usecase in mind, but:
Constant
TL:DR, using musig events as association proofs to base WoT and identity analyses on in order to facilitate key migration.
Been struggeling with a write up, so il have ass a post on it first:
Figuring out which npub is the correct npub in terms of the person/identity/thing you are looking for is a hard problem, especially if you take people migrating to a different npub (because of loss or compromise) into account.
For many reasons i wont go into i would posit that the only real way is to leverage contextual understanding, or what we broadly call 'web of trust'. This type of analyses looks at behavior, posts, mentions, reactions, follows etc. and through interconnectivity in associations you can start to make sense of things.
My idea is to add a thing, which could serve as a relatively simple efficient abstraction of these associations into single events. So instead of for example trying to look for mutual follows (bob follows alice; alice follows bob, so we infer association of some kind) , Bob and alice create a musig abstract handshake event together. This can be done between two or more people.
This way, "association" (whatever that may mean) is abstracted into easily traceable compact data.
Easy to trace because this musig interaction creates an Npub specific to the combination of the two or more participating npubs. And compact because one event represents two or more associations.
The idea is to put experation dates on these things, this way signals 'die out' the moment association stops between Npubs; this could be cause to look for other association events, and perhaps finding someone posting under a new Npub within otherwise the same 'network of associations' with the same name (indication some switched keypairs).
To be clear, this type of analyses is probably still somewhat complex, but hopefully massively simplifying the queries and comparisons.
To be clear i am not suggesting to do this with everyone, on the contrary: you are in controll of what this 'association' means, and you effectively tie your identity to it. The events themselves are just evidence of appearently a concious decision to interact in a particular moment in time. What leads up to that is up to the participants themselves. Some super fancy procedures for really important people;
just the fact your bro joined the voicechat during the weekly gaming sessions;
Or because....you live in the same house.
Bottomline is that 'you' are defined by what you do as much as who you associate with; and what npub your using is expressed in both, may change over time, and this way we have a method of keeping track of that.
Not a watertight superdeterministic objective binary perfect system, but a...practical approach.
Anyway, better write up is comming, maybe.
Any questions?
View quoted note →
Oh sorry, missed the bitchat context, nvm
Maybe muting words would help too
I think nostr needs to rethink identity. We need to give user the option to veify their key pair belongs to a human in a privacy preserving way. Weirdly I think this actually is possible through location doxing. The concept works on the premise that humans can only physically be in one place at one point in time.
Seems like a good idea.
But from a new user perspective. Without existing nostr connections, you are in the nostr slums.
Creates a fiefdom effect where you have to capture the favor of a high WOT Lord to be seen in their city-state.
A system running on mimetic attention grabbing, not work/merit/value?
Though, I can't offer a better solution to accomplish it's goals.
So maybe it is the best practical solution, for now.
i dont know how you would implement wot with ephemeral identities
adding a cost per message could work though, at least for some rooms, and would be an interesting way to sustainably fund development
Ì think it should be enbeded it the phone like Google apps. Works like OPA.
Unfortunately, WOT relies on mimetic influence circles.
Cost relies on capital.
Need some system that rewards Truth and Honor.
Some protocol to defend reputation in an objective way.
Using a polymarket system to earn/risk reputability?
Unpopular, Long-time horizons weighted.
that's my thinking. cost is a solution, Bitcoin is perfect for it but not many people have sats, sadly
could have some rooms be pay per message and others not
if you want to join a pay per message room you will figure out how to get coin
The answer is an ephemeral WoT. When you hug A, you give +1 trust to A. When you slap B, you give -1 trust to B. Then, the users trusted by A (ephemerally) form a WoT that can be used to collaboratively mute untrusted people. That is collaborative moderation. It is invented by
@ABH3PO, and I’m working on a topic-based feed.
spin up 2 people who hug each other and spam
Been thinking. reading the white paper with morning coffee. Calculations part. Gambler’s ruin problem - I think can relate to spam issue. For example, meeting someone in real life, you are less likely to spam them due to potential of repeated interaction -
@jack QR idea.
Assuming p(probability honest node finds the next block) > q (probability attacker finds the next block) and with law of large numbers (repeated interactions). The attacker should not be able to catch up with honest chain.
Or
Poisson distribution can be used to spot spam in bitchat, i think, by modeling through LLM the number of spam messages received within a fixed interval of time, such as a day or an hour, and identifying significant deviations from the expected average rate of spam. Those natural deviations from expected rate of spam, outliers, are your real people, becoming the expected value of honest blocks. Can filter without centralised bias maybe. P.S. love that you did not abbreviate WOT, i now know it means web of trust. I know pow is proof of work :)
Yeah I'm not sure this works in the ephemeral scenario, It works in a topic feed with persistent npubs, because you can choose your moderators and minimize the abuse, in an ephemeral scenario you can abuse the moderation mechanism and the user doesn't get an option to chose or the choice is meaningless since there's no PoW attached to it
Doesn't work on mine 🤷♂️
An idea would be zero knowledge sets or similar. You can prove you are one of the "reputable nostr users" (by some metric e.g. pagerank) without revealing who you are
If you can “favorite” a user and be alerted of their coming online then you can use your favorites and your favorites ^2 and your favorites ^3 etc to limit what messages you see.
I personally think adding geohash teleportation ruins bitchat. Mesh networking authenticates both proximity and identity (as someone geographically proximate) using actual physics. Abuse is still possible, but limited to people actually near you, which means you have recourse, or can mute peers without "scaling".
High-quality globally-accessible location-based chat *must* be curated, either using web of trust, or by using trusted relays.
One possible approach to creating a web of trust tailored to this use case would be to stack web of trust on top of mesh networking with location attestations. In other words, start with some root trusted accounts who are allowed to attest to other users' location (for example businesses known to be located in a particular location). After a certain number of attestations, users gain the ability to make attestations for other users. Attestations might expire after a while to account for people moving from place to place. You'd have to be careful about this, since attestations can be forged. As far as I know there's no way to do non-social "proof of location", although crypto land seems to have tried.
Coracle does it without relying on vertex. It works very well for vetting search results and spotting impersonators. I don't know if it's directly applicable to the geo use case though.
I think it's a good idea to remove the geohash teleportation once there's enough activity locally. and bluetooth mesh is still king.
Yeah, I get what you guys are trying to do with both bootstrapping the app and pushing people toward nostr
