Nostr

Original Article ↗ Hacker News Discussion ↗

Illegal content, moderation & censorship

  • Multiple commenters report encountering child sexual abuse material or disturbing NSFW material on Nostr; others with long experience say they have never seen it and strongly doubt those accounts.
  • Explanations offered: choice of relays and follow lists, bridges from other networks (e.g., fediverse), and confusion between actual CSAM and sexualized anime. Disagreement over definitions is explicit and unresolved.
  • Some argue this is an inevitable consequence of a censorship‑resistant protocol; others point out that merely receiving such material can be illegal in many jurisdictions.
  • Proposed mitigations:
    • Using paid / invite‑only / whitelisted relays
    • Relay‑side filtering and quick deletion by media relays
    • Web‑of‑Trust (WoT)–based client filtering
    • Making relays “more whitelisted and less open,” which critics say undercuts the “open” goal.

Architecture, relays & comparison to other systems

  • Technically, Nostr is a simple JSON‑over‑WebSocket protocol: identities are public/private keypairs; “relays” are dumb servers that store/broadcast signed events.
  • It’s compared to email/Usenet/IRC “on steroids”: you can publish to many relays, and no single server can delete your identity; you can always move to other relays.
  • Key differences vs Mastodon/ActivityPub:
    • No account tied to a server; relays don’t “own” identities.
    • Federation between relays is optional and unspecified; clients often must read/write multiple relays.
    • This leads to complexity, slower queries, and confusion about discovery; some see NIPs as messy and evolving.

User experience, content mix & discoverability

  • New users often see mostly Bitcoin/crypto evangelism, Nostr meta‑discussion, and libertarian‑leaning content; many can’t find other niches.
  • Discoverability on a decentralized protocol is acknowledged as hard; hashtags exist, but richer search/recommendation is still experimental.
  • UX problems noted: confusing onboarding with keys and client choice, broken links, dead or NSFW-heavy feeds, and abandoned projects. Some say this limits mainstream adoption.

Payments & Lightning “zaps”

  • Big enthusiasm for “zaps” (Lightning micro‑payments) as an alternative to ads: tipping creators, bounties for code, paying for services.
  • Long subthread debates Lightning vs privacy coins (Monero):
    • Claims that Lightning’s privacy is weak vs Monero; counterclaims that newer features (blinded paths, trampoline) improve privacy.
    • Concerns about Lightning centralization via custodial hubs and operational complexity of running nodes vs convenience.
  • Some like that Nostr doesn’t have its own token; others worry about heavy Bitcoin‑maxi culture.

Security & cryptography concerns

  • A recent academic paper finds serious issues in earlier Nostr clients and DM schemes: unauthenticated CBC, clients not verifying signatures, link‑preview–style exfiltration, and lack of key separation.
  • Nostr developers respond that:
    • The paper largely targets old client versions and an early DM scheme (NIP‑04).
    • A newer standard (NIP‑44, ChaCha20‑AEAD) has been audited and is increasingly adopted.
    • Core protocol events are signed/verified; some implementation bugs have since been fixed.
  • Downgrade‑resistance and precise threat models remain points of technical debate.

Politics & “apolitical” branding

  • The homepage’s “apolitical communication commons” and “pro‑censorship” framing provokes strong reactions.
    • Some see “apolitical” as itself a political stance, often associated with right‑leaning or “free speech maximalist” communities.
    • Supporters say the protocol itself doesn’t enforce any ideology; anyone (across the political spectrum) can use it, and censorship‑resistance is the real point.
  • There’s concern that “apolitical” can mean ignoring how power, moderation, and harassment play out in practice.

Spam, identity & Web of Trust

  • Commenters worry about Sybil attacks: many keypairs plus LLM‑generated replies.
    • Proposed defenses: trusted/paid relays, WoT scoring, and relay‑ or client‑side spam rules.
    • PoW on notes exists (NIP‑13); some suggest PoW on identities (“self‑paid blue check”) as an additional spam cost.
  • Long‑time users say their feeds are mostly spam‑free thanks to WoT and curated relays.

Adoption, centralization & alternatives

  • Skeptics question whether most people even want alternatives to centralized platforms, and whether network effects will just recreate centralization around a few relays/clients.
  • Proponents argue Nostr gives “credible exit”: you can switch clients/relays without losing identity or graph, something centralized and even many federated systems don’t fully provide.
  • Several note that Nostr’s real strength may be as a general data/identity layer for many apps (chat, Q&A, streaming, app stores, P2P signaling) rather than just a Twitter clone.