• Identity
• Money
• Content
• Access
• Visibility
• Summary

In our last article, “How censorship-resistant is Nostr?”, we analyzed that Nostr is significantly more censorship-resistant than platforms such as Substack, but not absolutely censorship-resistant per se. The level of security depends on numerous user settings, and today we want to examine in more detail how it can be increased towards 100%. Every system design is based on principles, so let’s discuss those first.

The English term “permissionless” is used for the desired goal, for which the synonym “self-determination” can also be used. It is about complete control of all aspects relevant to the result, i.e., content, identity, money, and system access. All “single points of failure” in the system must be eliminated for this.

Permissionless means no use of accounts (username / password). Accounts are externally managed identities; they can be restricted, blocked, and hacked. Nostr offers a self-managed identity (SSI) with a key pair (nsec / npub). The use of accounts is a “single point of failure” and contradicts the Nostr philosophy.

Openness means using only open source software, whether client, signer, or relay. This is the only way to ensure that the software does not cause unwanted activities during data processing.

Redundancy creates optionality and reliability, but this requires strict adherence to standards (Nostr, Blossom, Lightning, Cashu, RSS, Podcasting 2.0, etc.). All data is stored redundantly, and various apps can be used to process it. In contrast to BigTech silos, Nostr takes a data-centric approach. Instead of an “everything app,” it follows the principle of numerous mini-apps that focus on specific areas of application (chat, groups, blog, image, audio, video, etc.).

§Identity

The public key (@Roland) is the unique identifier for each Nostr profile; all assets are linked to it, and it can be found via search. However, since it is somewhat impractical for exchange and memory, you can assign one or MORE!!! readable Nostr names (NIP-05 identifiers) to the npub (roland@pareto.space). A quick test demonstrates the principle:

GET https://pareto.town/.well-known/nostr.json?name=michael_meyen {“names”:{“michael_meyen”:“044da3442a54bd55202b66ca0c4f5fd58cbb158b67f2fb067cc0467c073a8a0e”},“relays”:{“044da3442a54bd55202b66ca0c4f5fd58cbb158b67f2fb067cc0467c073a8a0e”:[“wss://nostr.pareto.space”,“wss://pareto.nostr1.com”]}}

We see the npub (in hex format) and outbox relays with the user’s data (there should be a few more). Since the user usually does not have control over the domain server, a lot of unpleasant things can happen with the identity (see attack vectors). In general, it is important to avoid cluster risks, i.e., bundling Nostr addresses, Lightning addresses, media data, etc. with one provider.

Recommendation:

a. for owners of their own domain, self-administration is the most secure option and is relatively easy to set up. Simply enter your name (e.g., Michael) in the file https://freie-medienakademie.de/.well-known/nostr.json and your identity is complete.

More details here: https://thebitcoinmanual.com/articles/nostr-account-nip-05-verified/

b. if you don’t have your own domain, redundancy helps, i.e., create several names and switch between them in case of problems. Here are some suitable providers for this; the name then carries the respective provider suffix (some offer several options)

https://zaps.lol free, with additional Lightning address → therefore my favorite https://nostradress.com free
https://nostrplebs.com paid (15k sats)

§Money

Paying for services with fiat money is neither secure nor anonymous, and the same applies to receiving donations (zaps). That’s why innovative payment methods using Lightning and eCash are an integral part of Nostr. Real-time micro-payments at virtually no cost are only possible with these methods, as are zap splits, zap streaming, subscriptions, and (antiquated) paywalls. Lightning and eCash are programmable internet money, so nothing is impossible, and we are only at the beginning of development. To use Nostr, you need a Lightning wallet and a wallet address (LUD-16), which only a few wallets offer.

Recommendation:

• WalletofSatoshi is a simple and secure wallet (if you choose the self-custody option)

• https://zaps.lol provides the same address for Nostr and Lightning, which is convenient
  (as a redirect to WoS)

• The Lightning address (LUD-16) in your profile enables you to receive donations (zaps)

• Nostr Wallet Connect (NWC) is recommended for using (payments) a wallet in various apps

  
  NO-GO!! Use of integrated wallets in Primal, Yakihonne, Damus, Iris, etc.

§Content

The following content may be considered uncensorable

• Chats

• Blog article

• Comments

• Reactions (likes, reposts)

• Zaps (donations in sats)

• the social graph (follower, follows)

• the identity (with the exception of Nostr address and Lightning address)

All media data should be considered unsafe per se.

Images

Insecure: all images with a locator (URL)

More secure: all images with an identifier (URI) in accordance with the NIP-96 Blossom standard

Very secure: all images stored on multiple media stores → mirroring

(mirrors are automatically activated if the primary server fails)

Recommendation:
Storage, management + automated mirror
https://primal.net/settings/uploads with free Plan (1 GB Media storage)
Storage, management + manually mirror
https://nostria.app/collections/media ?? GB with free plan / 2 GB with premium for 10 USD per month
only storage
https://nostrmedia.com/#plan from 2,99 USD per month

Audio (Podcasts and Musik on demand → no live Radio)

uncertain: all audio files with a locator (URL)

more certain: all audio files with an identifier in the podcast index (4.6 million shows)

Radio München → instead of Soundcloud - https://podcastindex.org/podcast/2133609?episode=45439654626

RBM → instead of Podbean - https://podcastindex.org/podcast/5754941?episode=49654117072

(concept: multiple hosts with mirroring → fallback by changing entries in the podcast index)

safest: with Podcasting 2.0 https://podcasting2.org

(hosting at RSS.com, Fountain, Captivate, Spreaker)

Recommendation:

Step 1 - entry in the podcast index and redundant storage with at least 2 hosts

Step 2 - hosting with providers according to Podcasting 2.0 standard

Note: there are currently some interesting developments, so the topic will be explored in more depth in another article shortly (with live radio)

Video (on demand, no streaming)

Video is technically the most demanding and particularly difficult due to YouTube’s monopoly. That is why the majority of videos in Nostr are YouTube links and not censorship-proof.

Recommendation:

Step 1 - redundant storage on PeerTube, Rumble, or Odysee (there is an auto-sync with YouTube there)

Step 2 - testing the new Nostr video hosting services

https://zap.stream/ Audio, Shorts, Videos, Streams

https://plebs.app Shorts, Videos, Streams

Note: there are currently some interesting developments, so the topic will be explored in more depth in another article shortly (with streaming).

§Access

Access to Nostr, all apps, and services should only be done with the Nostr key, no accounts!! (repeat). Premium services, subscriptions, and the like should only be paid for with Lightning and used sparingly (expired subscriptions lead to restrictions or interruptions). Terms and conditions and terms of service should be carefully examined for restrictions on rights. The provider’s place of business should be chosen carefully, as censorship is increasingly being enforced through legal reprisals.

§Visibility

Publishing on Nostr does not automatically mean you will be noticed. Various fast lanes are therefore offered to quickly increase your reach:

• paid content is nice, but what happens without the doping?

• marketplaces offer promotion through whitelisting, but blacklisting is also possible.

Some very reputable apps also offer spam and content filters—for the safety of users! The algorithms are not transparent and tend toward overconfidence. In addition, they can be used to easily carry out censorship measures “under cover,” so keep your distance!

§Summary

Nostr is a great technology for self-determination and censorship resistance. But solutions are developed by people. CEOs want success and profits, and venture capital returns (there is VC at Nostr). Developers are comfortable and prefer the familiar to the new. Users are gullible and are fooled by marketing buzzwords. Centralization tendencies are ubiquitous—because they are convenient for users and good for business. That’s why there is no self-determination without personal responsibility—and no free lunch when it comes to censorship resistance.

In conclusion, I can recommend a valuable article, “Decentralize Social Media” by Ross Ulbricht (March 2021) “Whoever controls the URL controls everything behind it.” (that’s why we rely on URI)