Nostr Compass #7

Welcome back to Nostr Compass, your weekly guide to Nostr.

This week: Ridestr brings decentralized ridesharing to Nostr with Cashu payments and encrypted location sharing. Pomade introduces email-based recovery for multisig signers. Damus ships negentropy for reliable DM syncing. Amethyst's desktop app adds search, bookmarks, and zaps. Amber v4.1.1 displays relay trust scores. Marmot merges MIP-03 and builds a TypeScript reference chat app. diVine adds NIP-46 QR authentication and mentions support. New NIP proposals address community management, sequence-based sync, and encrypted file storage. We also take a look back at five years of Nostr Januaries, tracing the protocol's evolution from a handful of early adopters in 2021 through Damus's explosive App Store launch in 2023 to the maturing client ecosystem of 2025.

News

Ridestr Brings Decentralized Ridesharing to Nostr

Ridestr is developing a peer-to-peer rideshare application built entirely on Nostr, enabling direct driver-rider transactions with Bitcoin and Cashu payments. The protocol uses custom event kinds (30173, 3173-3175, 30180/30181) to coordinate rides while maintaining privacy through progressive location disclosure and NIP-44 encryption.

The system works through a carefully choreographed flow: drivers broadcast availability using geohash-encoded locations (~5km precision) via kind 30173 events, riders request rides with fare estimates through kind 3173, and payments are secured using HTLC escrow tokens before the ride begins. Location privacy is preserved through progressive disclosure, where pickup details are only revealed when drivers arrive and destinations are shared after PIN verification. All communication between parties uses NIP-44 encryption for privacy.

Ridestr implements payment security through HTLC escrow with P2PK signatures. When a rider accepts a driver's offer, they lock Cashu tokens with a payment hash that only the driver can claim after ride completion. The protocol currently operates with single-mint architecture, requiring riders and drivers to use the same Cashu mint. The project's Kotlin-based Android implementation handles proof verification and recovery of stale proofs through NUT-07 state checks.

Ridestr tackles challenges that most Nostr applications avoid: real-time location coordination, payment escrow with dispute resolution, and reputation systems for physical-world interactions. The project is in beta and demonstrates that Nostr's event model can support peer-to-peer service marketplaces, not just content sharing.

Pomade Launches Alpha Recovery System for Multisig Signers

Pomade, developed by hodlbod, builds on the existing FROSTR ecosystem to provide a recovery-focused threshold signing service. Using FROST (Flexible Round-Optimized Schnorr Threshold) signatures via the @frostr/bifrost library, Pomade adds email-based recovery flows on top of the threshold cryptography. The system shards a user's secret key using Shamir Secret Sharing, distributing shares across multiple independent signers with a configurable threshold (2-of-3, 3-of-5, etc.).

The protocol operates entirely over Nostr using a single event kind (28350) with NIP-44 encrypted payloads. When signing, the client requests partial signatures from at least threshold signers, then aggregates these into a valid Schnorr signature. For encryption, signers collaborate to derive shared secrets via ECDH without any single party learning the full key.

Recovery works through two authentication methods: password-based (using argon2id with the signer's pubkey as salt) or email OTP. To prevent MITM attacks during OTP recovery, each signer generates its own verification code with a client-provided prefix, requiring users to authenticate independently with each signer. The protocol requires proof-of-work on registration events (20+ bits per NIP-13) to prevent spam.

The trust model is explicit: if threshold signers collude, they can steal the key. Email providers are fully trusted since they can intercept OTPs. Users cannot independently recover their full secret key; doing so requires cooperation from threshold signers. The protocol is designed for onboarding new users unfamiliar with key management, with the explicit recommendation that users migrate to self-custody once comfortable. Pomade warns about potential "key loss, theft, denial of service, or metadata leakage" given its unaudited alpha status.

Releases

Damus Ships Negentropy for Reliable DM Syncing

Damus v1.13 ships the negentropy implementation we previewed as an open PR last week. PR #3536 adds base negentropy support to the networking layer, enabling set reconciliation with relays that support the protocol. A companion PR #3547 adds pull-to-refresh DM syncing that uses negentropy to recover missing messages when standard REQ subscriptions fail.

The implementation follows a conservative approach: normal DM loading continues unchanged, with negentropy available as a recovery mechanism when users manually refresh. Automated tests demonstrate the fix by generating a DM with an old timestamp that standard queries would miss, then using negentropy sync to successfully retrieve it. While negentropy support requires compatible relays, the implementation gracefully handles mixed relay environments by using the protocol where available.

Amber v4.1.1 - Relay Trust Scores

Amber v4.1.1 ships relay trust score display (PR #289), implementing the relay evaluation concepts discussed in last week's Trusted Relay Assertions NIP coverage. Trust scores now appear in the Relays page and for NostrConnect connection requests, helping users assess relay reliability before authorizing connections. The release also includes a redesigned login/events/permissions UI and support for the switch_relays method. Performance improvements cache keystore operations, addressing reports of 20+ second load times on older devices.

nak v0.18.2 - MCP Integration

fiatjaf's nak (Nostr Army Knife) v0.18.2 adds Model Context Protocol support via nak mcp, enabling AI agents to search for people on Nostr, publish notes, mention users, and read content using the outbox model. The release also introduces a one-line installer (curl -sSL https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh | sh) that downloads pre-built binaries, eliminating the Go toolchain requirement for end users. Bunker mode now supports Unix sockets and switch_relays.

Zeus v0.12.2 Beta - NWC Fixes

Zeus v0.12.2-beta1 ships multiple NWC fixes addressing issues covered in last week's Zeus coverage.

Project Updates

Amethyst Desktop - Phase 2A Ships

Amethyst rolled out Phase 2A of its desktop app, adding Search, Bookmarks, Zaps, Thread views, and long-form content (Reads) to the desktop experience. A companion PR #1683 adds transparent event broadcasting feedback so users now see real-time per-relay status as their events propagate across the network, making it easier to diagnose connectivity issues.

Notedeck Progress: Calendar App and UX Polish

The Damus team's Notedeck desktop client merged auto-hide toolbar behavior (PR #1268) that responds to scroll velocity for more screen space on mobile views. A draft PR #1271 adds a full NIP-52 Calendar app with month/week/day/agenda views, RSVP support, and NIP-22 comments on calendar events, currently feature-flagged for testing.

Jumble Adds Community Mode

Jumble, the relay-focused web client, added community mode and support for relay set presets via environment variables, making it easier to deploy themed instances like nostr.moe.

Shopstr Orders Dashboard

Shopstr replaced its chat-based order management with a dedicated Orders Dashboard. The new interface provides a centralized view for merchants to track order status, mark messages as read, and manage fulfillment without scrolling through chat threads. The update deprecates IndexedDB caching in favor of server-side order status APIs and revises how order DMs are tagged for better filtering.

Formstr Adds Grid Questions

Formstr, the Nostr-native forms app, added grid questions and rewrote its SDK with embed support. A fix for non-NIP-07 signers resolved issues for users with bunker or local signers trying to submit forms with their identity.

nostr-tools Upgrades Crypto Dependencies

nostr-tools, the core JavaScript library, upgraded to @noble/curves v2.0.1, addressing breaking API changes across 27 files and adopting the latest audited noble libraries. fiatjaf also added switch_relays support to NIP-46, enabling bunker clients to dynamically change relay connections.

Zeus Working on NIP-87 Mint Reviews

Zeus has an open PR for NIP-87 mint reviews, allowing users to discover and review Cashu mints filtered by Nostr follows. Reviews include star ratings and can be submitted anonymously or with a user's nsec.

Camelus Ships Full DM Support

Camelus, a Flutter-based Android client built with Dart NDK for battery-efficient mobile performance, added comprehensive direct messaging with 20+ commits this week. The update includes chat categories, message dates, optimistic send UI, note-to-self functionality, and proper DM relay handling.

Marmot Protocol Updates

The MIP-03 deterministic commit resolution we covered as an open PR last week has now merged. MDK PR #152 ensures all MLS-based group chats converge on the same state when multiple valid commits arrive for the same epoch.

A companion spec PR #28 adds init_key lifecycle requirements addressing gaps from implementation audits: private key material from Welcome messages must be securely deleted after processing (zeroization, storage cleanup), and new members must perform self-updates within 24 hours for forward secrecy.

The TypeScript SDK (marmot-ts) is building a reference chat application. PR #37 adds group creation/listing, key package management with publish/broadcast/delete flows, and QR code invitations. An open PR #38 by hzrd149 implements message history persistence with pagination. The whitenoise-rs backend merged 15 PRs this week including multi-language support (PR #455) and MIP-04 v2 media references (PR #450).

diVine Adds Nostr Integration Features

diVine, the short-form video app, continues rapid Nostr integration.

Recent merges include NIP-46 QR code authentication (PR #1019) and NIP-17 encrypted direct messaging (PR #834). This week's activity focused on mentions support converting nostr: URIs and @mentions to clickable profile links, Classic Viners avatar fallbacks using Nostr profiles, and video editing tools including drawing, filters, and stickers.

NIP Updates

Recent changes to the NIPs repository:

Open PRs and Discussions:

• Trusted Relay Assertions - The draft proposal for standardizing relay trust scoring we covered last week continues discussion. The core debate centers on whether trust scores should be "global" (computed once for all users) or "personalized" (relative to each observer's social graph). PageRank-style algorithms like nostr.band's Trust Rank and GrapeRank resist sybil attacks by dividing any rank passed through fake accounts by the size of the bot farm. Critics argue that truly personalized scores are more accurate but require expensive per-user computation. The discussion also explores whether to use DVMs for on-demand scoring versus pre-computed kind 30382 attestation events that clients can cache.

• Communikeys - A comprehensive proposal for community management that uses existing npubs as community identifiers instead of relay-based approaches. Any npub can become a community by publishing a kind 10222 event; publications target communities via kind 30222 events. Access control uses NIP-58 badges, enabling delegated membership management with cold storage for community keys.

• NIP-CF: Changes Feed - A draft proposing sequence-based event synchronization as an alternative to timestamp-based since filters. The problem: standard Nostr sync using since timestamps can miss events when multiple events share the same second-precision timestamp, client and relay clocks drift apart, or checkpointing is imprecise. NIP-CF solves this by having relays assign monotonically increasing sequence numbers to stored events, providing strict total ordering. Clients request changes since a specific sequence number and receive events in guaranteed order, with precise checkpointing that never misses events. The proposal also supports live/continuous mode where subscriptions stay open after initial sync for real-time updates.

• NIP-XX: Encrypted File Sync - A protocol defining kinds 30800 (encrypted files), 30801 (vault indices), and 30802 (shared documents) for syncing encrypted content across devices using Nostr relays. The protocol enables local-first note-taking apps to provide end-to-end encrypted sync without centralized servers. File contents, paths, names, and folder structure are all encrypted using NIP-44 self-encryption, so relays store blobs they cannot read. Binary attachments like images use Blossom servers with client-side encryption. Kind 30802 enables document sharing between users by encrypting to the recipient's public key.

---

Read the full newsletter with the Five Years of Nostr Januaries retrospective at: https://nostrcompass.org/en/newsletters/2026-01-28-newsletter/

Building something? Have news to share? Want us to cover your project? Reach out via NIP-17 DM or find us on Nostr.