NostReport on Nostr: THE NOSTR REPORT 🏇The Relay Race 🏇 28 January 2023 774093 🎙Quote of the ...
THE NOSTR REPORT
🏇The Relay Race 🏇
28 January 2023
774093
🎙Quote of the Day🎙️
“You wouldn’t know her she uses a different relay” Matt (npub1whe…xev5)
🚨Headline Nostr News🚨
🚀 cameri (npub1qqq…n47m) launches Pay-to-Relay service (P2R) with spam blocking. For 5k sats, “Enjoy a *99.99% spam-free relay.”
🔐 Derek Ross (npub18am…p424) gives us a recap of his concern over an unauthorized change in his lightning address and concern over private key security
🤡 larry.btc (npub132w…2j8n) apologizes and promises to change Damus+ logo and name. Nostriches boom with powerful memes and #larrychain
🖊️Can we find a middle ground where markdown and client interoperability meet? fiatjaf (npub180c…h6w6) seems open to it.
✍️ KeithMukai (npub1tv8…7wn2) working on integrating Nostr features into SeedSigner.
🏝️Nostrica Update🏝️
mcshane (npub16vr…p2va) updates with 150 in-person Nostrica attendees. +10 vs yesterday
🫂Our sincere condolences to 👨💻 utxo 👨💻 (npub1utx…50e8) over the recent loss of his mother. The Nostr community is behind you 🫶
🙌Client Updates🙌
Damus update adds QR code for sharing your pub key, and fixes blocking. Support for troublesome markdown links removed.
Kieran (npub1v0l…qj49) testing 🧵’s?? Followers of NostReport and Derek Ross (npub18am…p424) breathe a sigh of relief over the thought of nested notes.
Mandrik (npub1qex…82qk) is matching up to 5MM sats for recently launched Android Nostr client, Amethyst.
🩺Nostr Health of the Network🩺
• Pubkeys = 359,522 [+4,301 from yesterday]
• Events = 1,546,723 [+50,990 from yesterday]
• Relays = 260 [+2 from yesterday]
🔥🔥Meme of the Day🔥🔥
And congrats to stump (npub1g8d…5jed) with ANOTHER 🔥 meme
Stay Classy Nostr.
🏇The Relay Race 🏇
28 January 2023
774093
🎙Quote of the Day🎙️
“You wouldn’t know her she uses a different relay” Matt (npub1whe…xev5)
quoting nevent1q…zy3d“You wouldn’t know her she uses a different relay”
🚨Headline Nostr News🚨
🚀 cameri (npub1qqq…n47m) launches Pay-to-Relay service (P2R) with spam blocking. For 5k sats, “Enjoy a *99.99% spam-free relay.”
This sparks a spirited discussion by lechiffre (npub167m…u25q) over how relay operators will define spam and manage their users.quoting nevent1q…guf3Pay-to-relay is here!
Follow these steps if you’d like to use it:
1. Add wss://eden.nostr.land to your relays.
2. Visit https://eden.nostr.land and follow the prompts to pay. Make sure you READ the Terms of Service CAREFULLY. If you don’t agree please let me know your thoughts.
3. Enjoy a *99.99% spam-free relay.
If you paid the invoice but the page did not update to let you know it was paid just check your DMs for a receipt from the relay. If it’s been a couple of minutes and you haven’t received a DM from the relay let me know.
I’ll be testing Pay-To-Relay with eden.nostr.land starting today and will be fixing any bugs that may arise.
Relay operators: Nostream with pay-to-relay will be released in a couple of days after I am satisfied that it works as expected.
quoting nevent1q…e53fOf course, but what algo (or who) determines when it "is sending spam" is the crux of my question? Is it posts of a commercial nature? Is it repetitive posting? is it dishonest posting? It is an important question. AFAICT, the definition of spam is solely cameri's determination
🔐 Derek Ross (npub18am…p424) gives us a recap of his concern over an unauthorized change in his lightning address and concern over private key security
quoting nevent1q…2fr5**What the fuck is going on with Derek's private key - A recap**
TL;DR - This is long so I wrote a short summary at the top in hopes to help new Nostriches and noob Nostriches alike. Please share. Thanks.
1) Read what events you are signing with your private key. Do not just authorize the event because you initiated it. The client may be doing something that you are not expecting.
2) Do not allow websites to use your signing extension forever. You don’t know what they’re doing in the background.
3) Maybe don’t use Nostr.com as it will overwrite your LUD06 Lighting address on your profile.
—
Yesterday, one of my followers DMed me, saying that they bought me some drinks for my upcoming trip to Costa Rica! Awesome! I checked my Lighting node and I saw that 50 sats came in an hour ago. That didn’t seem right to me, so I asked some questions. We ended up determining that they sent sats to the wrong Lightning invoice address somehow. I noticed that my profile on Astral.ninja and metadata.nostr.com both had an incorrect LUD06 LNURL address. It was an LNBits address. I do not use LNBits. Something was definitely wrong.
I had been careful with my private key, at least I thought. After my first day on Nostr, I started using the nos2x extension and used it for everything. I didn’t authorize sites “forever” as I wanted to see when they would request read/write data with my keys. I used burner keys when testing various Android clients. I was very confused how this happened. I doubt my private keys were burned. I kept telling myself that this has to be a misbehaving client!
I started tracing my steps back. I had just used a brand new client, Ananostr, yesterday morning. I thought, could this client have done something accidentally? I signed in with nos2x and authorized the transactions as normal. The developer was super helpful here. He offered to take down his site and retrace his tool set that he used, to make sure nothing fishy was being utilized in his application. Thank you for your help <3
Today, using the nostr.band search tool, I saw that I had numerous events from January 16th to January 27th that updated my profile and changed my LUD06 address to a different LNURL. Something or someone was changing my Lightning tips address on my profile and I had no clue what was doing it.
I started looking at my Nostr post history and file download history. I had first tried Amethyst on January 16th. I had very little doubt in my mind that Amethyst could be causing the issue here, but you honestly just do not know. It’s scary entering your private key into brand new Android applications. Because of this fear, I used Amethyst originally with a burner account. Once I felt comfortable, I switched to my private key.
**After talking with numerous developers and plenty of Nostriches, I believe I have figured out what has been happening with my profile metadata and specifically, my Lighting LUD06 address. I also believe several mistakes were made on my part.**
About 10 days ago or so, I visited nostr.com and signed in with nos2x. I authorized the transactions and played around with the site for 10 minutes. I saw at the bottom that the site was built on Anigma. That freaked me out because Anigma was a site that was vulnerable to XSS attacks around December 20th. I immediately went into my local storage and nuked the storage for that site, deleted cookies and did not return to that site again.
Apparently, nostr.com automatically sets your LUD06 Lightning LNURL to an automatically generated lnbits.com Lighting wallet for you when you sign into this client. I did not know this. This overwrites any existing Lighting configuration on your profile.
**My first mistake was not reading the kind 0 event that popped up by nos2x**. I never read them. I always felt that if I was the one that clicked a button and generated the event, then it was safe to authorize it. If I had taken the time to read what was actually happening, then I would have seen that this client was making changes to my profile!
**My second mistake was then keeping nostr.com as an authorized forever entity inside the options of nos2x**. I remember adding it as authorize forever, because it kept popping up and annoying the fuck out of me and I wanted to get it off of my screen so that I could check out the client. I should have 1) not done this and 2) removed it after I cleared local storage for nostr.com.
One thing I do not understand though. How was this able to continue to happen over the last 10 days? Are relays just that slow to process events? Were these events re-broadcasted to new relays and that’s why this kept happening? If that’s the case, could someone go and re-broadcast an older profile metadata change event and change my LUD06 address back to this unwanted address?
I truly believe this is what happened and my private key is safe, I just do not understand how it continued after I stopped using that client. For now, I’m not abandoning this key pair. I think this is a large lesson for all of us.
A super special thank you to #[0] and #[1] <3
THANK YOU FOR HELPING ME FIGURE THIS OUT!
🤡 larry.btc (npub132w…2j8n) apologizes and promises to change Damus+ logo and name. Nostriches boom with powerful memes and #larrychain
quoting nevent1q…2cvzHi Will!
Huge fan!
Sure! Happy to change the logo and name!
My goal is to submit a pull request to you for your consideration for inclusion into Damus.
I only want to do that if it works and people find it useful. I don’t want to waste people’s time with pull requests that have no community interest, aren’t tested or don’t work.
I’ll hold off on distributing the fork for testing until I’ve thought of a new name and placeholder logo.
Apologies for any stress I’ve caused you. 🙏
quoting nevent1q…cqdr@jb55
Huge fan.
🖊️Can we find a middle ground where markdown and client interoperability meet? fiatjaf (npub180c…h6w6) seems open to it.
quoting nevent1q…9fs3Another victory for interoperability right here: https://github.com/v0l/snort/pull/153
Thank you, #[0]!
✍️ KeithMukai (npub1tv8…7wn2) working on integrating Nostr features into SeedSigner.
quoting nevent1q…ep5cMoar #[0] + Nostr previews!!
(getting close, y'all. Getting close)
🏝️Nostrica Update🏝️
mcshane (npub16vr…p2va) updates with 150 in-person Nostrica attendees. +10 vs yesterday
quoting nevent1q…wkdyupdate: 150 in-person #Nostrica attendees!
~10 more per day 🤙
🫂Our sincere condolences to 👨💻 utxo 👨💻 (npub1utx…50e8) over the recent loss of his mother. The Nostr community is behind you 🫶
quoting nevent1q…a4scIt's my mother's funeral today.
I hope to get some closure and peace after her very difficult 6 month fight with cancer.
I love you mom and I miss you.
🙌Client Updates🙌
Damus update adds QR code for sharing your pub key, and fixes blocking. Support for troublesome markdown links removed.
quoting nevent1q…je9rNew build is out! Blocking should work everywhere now.
### Added
- Added arabic and portugese translations (William Casarin)
- Add QRCode view for sharing your pubkey (ericholguin)
- Added nostr: uri handling (William Casarin)
### Changed
- Remove markdown link support from posts (Joel Klabo)
### Fixed
- Fixed crash on some SVG profile pictures (OlegAba)
- Localization fixes
- Don't allow blocking yourself (Terry)
- Hide muted users from global (William Casarin)
- Fixed profiles sometimes not loading from other clients (William Casarin)
- Fixed bug where `spam` was always the report type (William Casarin)
Kieran (npub1v0l…qj49) testing 🧵’s?? Followers of NostReport and Derek Ross (npub18am…p424) breathe a sigh of relief over the thought of nested notes.
quoting nevent1q…d9wx
Mandrik (npub1qex…82qk) is matching up to 5MM sats for recently launched Android Nostr client, Amethyst.
quoting nevent1q…gjyy100,007 sats worth of donations matched so far.
I'm matching up to 5 million sats - donate to Vitor if you're loving Amethyst on Android!
https://getalby.com/p/vitorpamplona
🩺Nostr Health of the Network🩺
• Pubkeys = 359,522 [+4,301 from yesterday]
• Events = 1,546,723 [+50,990 from yesterday]
• Relays = 260 [+2 from yesterday]
🔥🔥Meme of the Day🔥🔥
And congrats to stump (npub1g8d…5jed) with ANOTHER 🔥 meme
quoting nevent1q…a0cq
Stay Classy Nostr.