• Reducing Custody is how Social Apps Win
• Leveraging Nostr to Reduce Custody
  • All Nostr apps should assure that :
  • Nostr “hybrid” apps should assure that :
• Not Possible B4 Nostr
  • As long as walled gardens continue to control user data :
• Nostr is 4 the Future

§Reducing Custody is how Social Apps Win

Control of user accounts and user data is a central issue for many Data Protection and ID Verification laws. By minimizing control of users and data, every app also minimizes their regulatory footprint.

The market space of “social networks with many apps” is being dominated by Big Socials. They are shutting down APIs, buying out competitors, developing apps in house, and pushing for increased regulations. Independent social apps, by definition, are at a HUGE disadvantage by not having a shared users base.

Inter-connectivity is the business advantage that Nostr provides for social apps. But this advantage depends “non-custody” being robustly defined and having legal precedence, for app companies to feel confident in. This is what I will be working on over the next few months.

Support this project on Geyser Fund. If Nostr developers and advocates are to encourage existing app companies to release control of user accounts and user data, they will need a clear and legally relevant definition of what it means to be “non custodial” and the business advantages of doing so.

§Leveraging Nostr to Reduce Custody

The Nostr protocol makes it easy for social apps to release control of user accounts and data without ever loosing access to them. By meeting these simple design criteria, any app that processes user data can leverage Nostr to become as non-custodial as they wish, minimizing their exposure to Data Protection and ID Verification laws while maximizing their (user centered) profit model.

§All Nostr apps should assure that :

1. Social apps never gain access to a user’s private key. Apps should never accept “nsec login”, and only allow users to sign events using third party “signing apps”. This assures private keys are never stored in or exposed to the app, and (crucially for GDPR compliance) allows users to review each event separately before being signed and sent back to the app.

2. Social apps do not create new user accounts. The entry point to ID verification is account creation. Nsec generation (even locally) should be handled exclusively by dedicated “third party” apps that do not process or store any user data.

3. User data is written to user signed events. Apps should store as much data in user signed events as possible, including user generated content as well as app generated usage data and metadata.

4. User signed events have not been modified. Apps should verify event signatures by default, allowing users to verify for themselves with third party tools and only opting out of verification on request by the user.

5. User signed events are only processed by user specified services. Apps should avoid hidden defaults for app specific relays or other cloud services (caching, filtering, ect…) that might process user data being sent to or received from Nostr.

6. Users have the resources, and are prompted, to learn about self custody. Apps should publish or provide links to educational material, for users to learn about Nostr and best practices for controlling their own data.

§Nostr “hybrid” apps should assure that :

1. If “non identifying” app generated data is collected privately … Apps should anonymize these data “client side” before storing online or processing privately, allow the user to verify anonymity, and NOT mix these data with signed Nostr event data.

2. If user generated data is collected and held privately … Apps should store and process these data wholly on their own private infrastructure and ONLY mix these “in app” (client side) with signed event data from Nostr.

3. To minimize regulatory exposure … All apps should reduce their business requirements for private data handling or processing, and be transparent about (and stand by) the remaining requirements and their data handling practices.

§Not Possible B4 Nostr

The ability for ANY app to implement a social layer without controlling OR loosing access to user accounts or user data AND to access unlimited new users and novel user data from a shared network, all while REDUCING pressure from big social and government regulations, simply has NEVER been possible before Nostr. This single fact will disrupt the entire industry.

§As long as walled gardens continue to control user data :

• Apps running Nostr will thrive as more apps join the network, providing even more ways for users to upload data that Nostr apps can make use of.
• Apps running Nostr (being cheaper to build and to operate and to retain users) will be more profitable, competing simply on user experience rather than ‘paying extra’ to exploit their users.
• Many users will be happier to PAY for tailored Nostr apps and services, as respected customers in a free market, rather than be trapped as data producing consumers in increasingly restrictive walled gardens.
• Freely accessible user data will loose its value, and information derived from these data will be made more affordably.
• Advanced and decentralized Webs of Trust powered recommendations will outperform centralized algorithms in ALL metrics of consumer privacy and safety, BECAUSE they can be updated in situ and shared in real time.
• Because users control access to their own identities and data at its source, consumer protection and ip laws will be amended to give preference to “non-custodial social apps“, even as Nostr still allows businesses to thrive.

These and other phenomenon ARE possible in the future that Nostr promises, but legal precedence has not yet been set to establish the advantage that “non-custodial social apps” will have. Current laws are written for an older paradigm, and it’s up to Nostr to pave the way for a new paradigm.

§Nostr is 4 the Future

Nostr4 is engaging with lawyers and industry professionals to document the pain points of having custody over user identities and user data, and how the availability of ”non custodial social apps” might address these. We are pioneering a path for B2B Nostr consultation, bringing everyday app companies closer to Nostr. We are looking for both financial and sweat support to create this documentation and the consulting services that will follow.

DM me or contribute on Geyser Fund to support this project.