hodlbod

hodlbod · 3d ago

@hodlbod

Nostr was mentioned on my favorite cryptography podcast today, Security, Cryptography, Whatever — they didn't spend a lot of time on it, but here are some highlights: > It’s federated and it’s European. I bet it sucks. > It’s some Ayahuasca inspired initiative from. From Messrs. Dorsey et al. > Yeah, sure, it’s decentralized and federated, but like their proposal for encrypted end to end encrypted DMs was just bad by itself. > When I reviewed this, my description of this was it looks almost exactly like Nebuchadnezzar [ https://nebuchadnezzar-megolm.github.io/] , which is like a fractal of things that could have gone wrong with like a complete ecosystem of like a secure messaging system. They found flaws in almost every component of that system and then tried to leverage them as far as they could. You can read/listen here: https://securitycryptographywhatever.com/2025/07/29/vegas-baby/ They also mentioned a talk that's going to be delivered at blackhat on August 9th which sounds super interesting: > In this session, we unveil the first comprehensive security study of Nostr and its popular client applications, demonstrating how subtle flaws in cryptographic design, event verification, and link previews allow an attacker to forge "encrypted" direct messages (DMs), impersonate user profiles, and even leak the confidential message from "encrypted" DMs. Here's the link to the agenda entry for the talk: https://www.blackhat.com/us-25/briefings/schedule/#not-sealed-practical-attacks-on-nostr-a-decentralized-censorship-resistant-protocol-45726 I'm looking forward to learning how we've screwed up — there aren't a lot of cryptographers here, and I know that open protocols make security even harder to maintain. Maybe we've screwed up irretrievably, but I'd rather know now than later.

hodlbod · 7d ago

@hodlbod

Remember how I was writing a book? Well, I gave up on it. But then I wrote a different one: https://building-nostr.coracle.social/ This book is both practical and philosophical. It ellides a lot of the details you can otherwise get by reading Nostr NIPs, focusing instead on all the things I've learned over three years working on nostr. It includes a number of contrarian opinions which may be partially or completely wrong. Feel free to disagree, or even tell me where I'm wrong. I'll be releasing updates to the book as I have time and inclination to repent of my mistakes and omissions. The book is free, with epub and pdf versions available for your reading pleasure. If you like the book, you can send me bitcoin via nostr or at https://geyser.fund/project/buildingnostr , and if people like it enough I may publish a version that you can touch with your fingers.

hodlbod · 21d ago

@hodlbod

"The more I thought about it, the harder it became not to view the so-called creator economy as a blatant pyramid scheme underwritten by some of the worst corporations in the world. The way to succeed is to get in early, then become an aspirational figure to those who come along later." https://www.carolinecrampton.com/im-done-with-social-media/