The “Adpocalypse” has begun. The 5 most recent zaps I have received are all ads. They scraped my #Bitcoin #Lightning address from my #Nostr profile after I added it through Damus and now I am receiving ZPAM (#Zap spam) as Lightning payments. One of them was 50 sats, but the rest have all been 5 #sats each. See the attached screenshot.

I just received a marketing message through Wallet of Satoshi because my #Bitcoin #lightning address is displayed on my #Nostr profile. I saw a notification that I had received a #zap, so I checked it out. What was it? It was an unsolicited marketing message that someone paid 5 #sats to send me by putting an ad in the payment description. Nostr users should be prepared to start receiving ZPAM (Zap spam) messages if they have a lightning address listed publicly. I added mine though Damus when I first downloaded the app and have received valid sats in response to some of my posts, but I am not looking forward to an onslaught of “junk mail” via Nostr and Lightning. The idea of getting paid directly for every ad I have to look at sounds nice at first, but the very low barrier to entry makes me worried that once the floodgates open, nothing will be able to hold back the great deluge of ads.

Hey @jack, just now while purchasing a service using my desktop browser I was presented with a lightning invoice to pay for my subscription. I scanned the QR code with Cash App on my phone to make the payment. The payment settled immediately and the payment page on my desktop browser *instantly* detected the payment and updated to reflect a successful subscription. I think it was the fastest payment I’ve ever seen go though of any type; I’ve never paid with a credit card (online or in person) and had it work that quickly. Good stuff. #bitcoin #lightning #zap #nostr

Hey @jack and @jb55, I have a question related to Nostr.

I am building a passwordless login system for an app (login link sent to email, verification code sent via SMS, OAuth, etc.) and I want to include the ability to log in via Nostr. However, I only want to collect the npub from the user; I don't want the user to input their nsec key. This will only be for account creation and login purposes to verify that the user owns the provided npub; the user won't actually be posting anything to Nostr, so they won't need to provide their nsec key. I have two really simple options for accomplishing this (simplicity is the goal here):

1. When the user inputs their npub on the login/create account form, the app can send them a DM via Nostr with a code that they can then input in the app to verify that they own the npub in question. My app never has to ask for the nsec, and I can trust that the user is the owner of the nsec associated with the provided npub.

2. This option is simply the first option in reverse. When the user inputs their npub on the login/create account form, the app can show the user a code, and the user can then DM the code to the app's Nostr account to verify that they control the nsec associated with the provided npub.

Both of these options allow me to verify that someone owns the npub without having to ask for their nsec key. This allows a user to create an account on my app using their Nostr account, basically making their account "Nostr verified" (insofar as that other users can trust that the account on my app belongs to the owner of the associated Nostr npub). However, I have some questions:

First, can anyone DM anyone else on Nostr? If someone provides their npub, can I send them a DM with a verification code without being connected (either following them or them following me)?

Second, is there a better, simpler, or more standardized way to approach this with Nostr?

I recently developed a complex messaging application using DIDComm (different from the app I am currently developing), along with a custom mediator and relay built on top of the Aries Framework from Hyperledger with a React Native edge agent. That app uses verifiable credentials issued by a self-hosted VON (Verifiable Organizations Network) running on a custom built distributed ledger to achieve self-sovereign identity, credential exchange & verification, message exchange, persistence, etc.

I wanted to avoid that kind of complexity here and do something hyper simple to verify identity.

Any help with pointing me in the right direction or toward the right person(s) to answer my questions would be much appreciated!

Maybe there is some rule or concept that I’m just not understanding, but why can Primal have a #zap button on each note but Damus can’t? Is that rule only for published apps or something? Can TestFlight apps do whatever they want? #nostr