For two decades, we accepted a bargain: let Apple and Google verify every developer with government papers, and they will keep us safe from malware. The bargain was always a lie. Fake apps still steal millions while real developers get banned at the whim of bureaucrats in Cupertino and authoritarian censors in Moscow. @Zapstore, a Nostr-based app store, offers a different model: one where developers sign their own releases, users verify through social trust, and no passport is required to publish code. This is not a feature request. It is a return to the original promise of the internet. And nobody can stop us building it. View article →

Replies (8)

Does the social trust scale though? Once you get to a point of say millions of users, there will be many cases where none of your friends or web of trust even uses the apps you want to try. And then you’re back to square 1 - blindly installing whatever and hope you don’t get taken advantage of.
Then in the worst case we're back where we are now, 500+ 5 star reviews from random strangers. But with the benefit of an open WoT graph your client can analyze and take out the bots. And most likely there will be some celebrity you trust in that group. It already works great now with our tiny community and I think it will work better with more users and a more interconnected graph.
I dunno. I think it works great because of our tiny community and once you get the masses it breaks down. It’s so easy to go under the radar when no one is technically competent to evaluate your software. And at scale that could mean many victims before it’s ever noticed.
Mhhh, I'll have to do more thinking about this, but intuitively it feels like a larger network means stronger WoT. You're right that we need to be careful tho.
Probably need to look at hybrid models - trusted clients that offer some verification. Or some organizations that audit. Maybe some economic penalty (worked into the UX somehow). Even then, at scale there will likely be gaps where no one is watching and people are installing carelessly.