Jacob | Five Eye Tea on Nostr: My concern is that anyone can spin up a set of keys. Session had a massive DDoS ...
My concern is that anyone can spin up a set of keys. Session had a massive DDoS attack on their open groups earlier in the year and that was because there was no limit to how many Session IDs can be spun up. We also saw Nostr get hit with the ReplyGuy spam recently as well, due to similar issues.
People love to criticize Signal for its phone number requirement but that requirement helps keep the spam and attacks on the network at a minimum. To me, the issue isn't the metadata, it's whether or not that metadata is properly encrypted and obfuscated. Signal does both thanks to features like sealed sender (which makes it virtually impossible to determine where a message came from, making it way harder to conduct any sort of MITM snooping).
I'm purple pilled but I think we have to recognize that Nostr isn't the solution to every problem, just as Bitcoin isn't the solution to every problem. Both are phenomenally powerful and important to our future, but they're not the only things we'll need to secure our digital freedom going forward, and there's no reason we need to stretch their capacity when other tech already offers the functionality we're looking for. I mean, Session itself offers all of the functionality we're talking about here, the only downside is the lack of zaps (but really, who needs zaps for private messaging?).
That being said, I DO agree that Signal having a centralized server infrastructure isn't ideal. It'd be cool if they'd open it up to volunteers hosting nodes similar to Session and SimpleX. Volunteers can already run Signal proxies so why not let them host nodes and gradually move things over to a decentralized framework? There's no reason Signal Foundation couldn't rent out cloud space during times that the network is overwhelmed, especially since being decentralized would cut down on a huge chunk of their operating costs.
Finally, I also do agree that it'd be nice if Nostr would at least set up E2EE for DMs, considering the fact that Nostr has a bit of a permanence effect on notes shared via the relays.
People love to criticize Signal for its phone number requirement but that requirement helps keep the spam and attacks on the network at a minimum. To me, the issue isn't the metadata, it's whether or not that metadata is properly encrypted and obfuscated. Signal does both thanks to features like sealed sender (which makes it virtually impossible to determine where a message came from, making it way harder to conduct any sort of MITM snooping).
I'm purple pilled but I think we have to recognize that Nostr isn't the solution to every problem, just as Bitcoin isn't the solution to every problem. Both are phenomenally powerful and important to our future, but they're not the only things we'll need to secure our digital freedom going forward, and there's no reason we need to stretch their capacity when other tech already offers the functionality we're looking for. I mean, Session itself offers all of the functionality we're talking about here, the only downside is the lack of zaps (but really, who needs zaps for private messaging?).
That being said, I DO agree that Signal having a centralized server infrastructure isn't ideal. It'd be cool if they'd open it up to volunteers hosting nodes similar to Session and SimpleX. Volunteers can already run Signal proxies so why not let them host nodes and gradually move things over to a decentralized framework? There's no reason Signal Foundation couldn't rent out cloud space during times that the network is overwhelmed, especially since being decentralized would cut down on a huge chunk of their operating costs.
Finally, I also do agree that it'd be nice if Nostr would at least set up E2EE for DMs, considering the fact that Nostr has a bit of a permanence effect on notes shared via the relays.