jb55's avatar
jb55 _@jb55.com 9 months ago
the clients do not read from relays. it reads from a single relay in a proprietary format. The clients don’t even verify the notes. Why call it a nostr client when it doesn’t even use nip01 for reading? The relay can censor notes, auto-follow and boost investor influencers, hide troublesome people (soon me im sure), something they have done in the past: (ralf, onyx, etc). It is completely against the ethos of a protocol where users are in control.
↑ Parent

Replies (4)

Dikaios1517's avatar
Dikaios1517 dikaios1517@nostrplebs.com 9 months ago
I am definitely with you on the issue with the client not verifying the signature on the notes locally, and you are absolutely correct that reading only from a single caching relay is a massive issue for censorship resistance, as has been seen in the past. What's it take to run the caching service? I imagine that it's more resource intensive than a standard public relay by an order of magnitude, but is it feasible to be done? Are the resources needed to do so the barrier for why we haven't seen any others in the wild, or is it just that Primal tends to attract non-technical users that aren't interested in running their own infrastructure? When it comes to NIP-01, surely the caching service must use NIP-01 to REQ from the relays it aggregates notes from, right? And the client is using NIP-01 to write events directly to the user's relays, unless they have the "enhanced privacy" feature turned on, so that the client writes to the caching relay, and the caching relay then uses NIP-01 to send EVENT write requests to the user's relays. Now, I absolutely agree that this SHOULD be happening directly from the client, rather than going through the caching relay, but I also don't consider it so egregious a deviation from how I think Nostr clients ought to operate so as to classify Primal as not a Nostr client. That said, due to the censorship opportunities and past real examples we have, I would never suggest anyone use Primal as their only client. At minimum use at least one other client, and preferably one that has fully implemented outbox.
Crusty 👨‍💻's avatar
Crusty 👨‍💻 9 months ago
If they can kill nostr doing this, then it was not censorship resistant on the first place. I think as usual, people are the weaklinks. We have to call these out of course. But the real winning would be if all users would call them out. Then it wouldnt even worth to develop such clients. But if normal users dont call them out, only devs. It could seem from a user perspective, that one client dev is attacking another. And it feels fishy. Is he trying to get more users? Also if they dont call these out, they will be fine using such clients, and will be controlled similarly by an algo as anywhere else.
2 replies ↓
Default avatar
Rand 9 months ago
*U* 'R'*****lfg'O'*****