Nostr Archives

Took a bit of time to understand what you said in the quoted post, and I think I understand now where you're comming from regarding the design of NIP-29, where the best management and moderation flows happen on a centralized system, but when other protocols tried to do that but in a decentralized manner, they still end up with the flaws of centralization, but because of nostr's unique structure, it allows the possibility of migration from the original relay to another, in case it shuts down or starts censoring the group. Most other protocols (or all?) can't easily do this in comparison. I understand the logic of where you're coming from now, and I'm not against it, however... I guess I would be more of a fan of NIP-29 if there was a good flow for migration steps, and more so if there was less dependancy on one relay (so a group would post on 2-5 relays that enforce admin policies) and decoupling the relay address from the group address. I think at that point I'd be happy to use NIP-29. (and in regards to actual privacy, so not even the relay knows about the content of the group posts, we'd have that tree-based encryption, so i guess no worries there, it wouldn't be that high of a cost even at scale) Also, yes you're correct that what I thought of (or what Niel linked to) has high processing, where the bigger the group the bigger the procesing needs to be done on the client side and that is definitely an issue. I guess that's the cost of if we want to persue the core nostr flow that has been done for most NIPs and what most people love about it. (Moderation management with shared pseudo-powers can be done here, but yea, more client-side processing as a result, and full final actual moderation is done by the creator of the group) I'll explore and think about NIP-29, to understand it more properly but to also see how can it be adjust to improve the hiccups i see in it (addressing the part where i said "I would be more of a fan of NIP-29" in this same post). Basically lossening up NIP-29 a bit more (probably not the correct wording here but i'm hoping I'm understood) would probably make those that don't like it reverse their thoughts on it and embrace it.

💬 2 replies

Thread context

Root: c85bd26f4119…

Replying to: 0a1048e381b4…

Replies (2)

Niel Liesmons4d ago

With a relay that enforces (which bigger groups should def use) what we do is in no way more computationally expensive. Exact same requesting. All events of kind X with Y h tag. Only for non enforcing relays (smaller bootstrapping groups, or when main relay is offline) do you filter with the actual white list (authors in the req).

0000 sats

Freakoverse4d ago

So it seems like things could work with NIP-29 for me (and others?) to build on it, but a bit of changes would be needed in my opinion: I don't see how it's good not to have a link to the practical (actual) creator of a group. The relay can remain an 'action' authority, but the creator needs to act as the higher/'actual' authority as a link of sorts. Meaning I'd publish the creation event (mandetory, not optional, and if privacy is a concern then a deterministic derivation from the creator's pubkey can be used) and whatever i change with the rules, or who is allowed to change the rules (admins, moderators) is published by me, and the relay enforces them. This gives a proper view of who controls what, and it would be visible if a relay misbehaves / becomes malicious (if the relay changes the rules and does other enforcements that they creator did not publish, then it reveals for everyone that the relay is misbehaving / is malicious). Regarding the d tag, it shouldn't be <host>'<group-id> but rather <creator-pubkey>'<group-id> where relays must not create a group without seeing a creation event with that same d tag published by the same author as <creator-pubkey>, this prevents a malicious user(s) from preventing a creator from migrating their group from one relay to another because of d tag colision. The cost of doing this, however, is that it would not allow the functionality of forking a group, but that can easily happen fixed by adding a tag to tell relays "this is a forked group, so grab grab posts with this d tag as well". With that in mind, the h tag would also have to have the <creator-pubkey>'<group-id> value. Considering the removal of <host> from the d-tag, we'd utilize the order of the r tag to identify the current relay authority, if that even matters, where we can just have multiple authorities ("enforced") considering that we'd now have the 'actual' authority being the creator. That [private] part is a protection from the general public, but not from the relays, so the solution here is tree encryption / mls-ish (optional). No new kinds, just tweaking the flows and assumptions. This gives power to the user/creator, while complexity and processing remains with relays and enforcement remains on the relay side as well, and there wouldn't need to be a 'migration' because of this anymore, you'd just add/remove relays from the creation event and rebroadcast events. To me this seems like the best of both worlds, but perhaps i'm not seeing something or have misunderstood aspects of it. Thoughts @7fa56f5d…751ac194 @3bf0c63f…aefa459d @Niel Liesmons ?

0000 sats