zap.store on Nostr: It's early days for Zapstore so there are still single points of failure: 1) single ...
It's early days for Zapstore so there are still single points of failure:
1) single hardcoded apps relay
2) few hardcoded social relays (profiles and social notes)
3) single hardcoded web of trust service
The app relay has two different risk profiles:
- for developer-signed apps: censorship risk, just like with any regular nostr relay
- for external apps signed by Zapstore (the ones picked up by our indexer): censorship and man in the middle attack risks.
My goal for the first half of 2025 is to fix or mitigate these issues:
1) offer app relay management, prepare for community-based relays, and another distinct app relay for external apps; as well as working on some additional form of app vouching, either by users or vendors
2) use all social relays with outbox model
3) offer WoT DVM management to choose your preferred provider
In an ideal world, all developers self-sign their apps. To get there we have to keep hustling and make the best product possible, and work hard on our outreach, to entice more and more developers to join.
Just like a better Twitter won't fix social media, no centralized app store, no matter how well intentioned, will be able to fix app distribution at a global scale.
1) single hardcoded apps relay
2) few hardcoded social relays (profiles and social notes)
3) single hardcoded web of trust service
The app relay has two different risk profiles:
- for developer-signed apps: censorship risk, just like with any regular nostr relay
- for external apps signed by Zapstore (the ones picked up by our indexer): censorship and man in the middle attack risks.
My goal for the first half of 2025 is to fix or mitigate these issues:
1) offer app relay management, prepare for community-based relays, and another distinct app relay for external apps; as well as working on some additional form of app vouching, either by users or vendors
2) use all social relays with outbox model
3) offer WoT DVM management to choose your preferred provider
In an ideal world, all developers self-sign their apps. To get there we have to keep hustling and make the best product possible, and work hard on our outreach, to entice more and more developers to join.
Just like a better Twitter won't fix social media, no centralized app store, no matter how well intentioned, will be able to fix app distribution at a global scale.