Nostr: Overcoming the digital challenge of social network mapping

Metadata Leakage

It is well known that Nostr’s NIP 04 direct messages leak metadata. This seems to be an obvious flaw and has been pointed out multiple times. After all, how private is your communication if anyone can see who you are messaging, how often, at what times, the message size, who else is mentioned, and correlate multiple different conversations with each other?

For those “in the know” about Nostr (myself included), a common rebuttal is “this is not a bug, it’s a feature.” This brings to mind the early days of the internet, where internet security was almost an afterthought and social platforms flourished with various variants of anonymous confession-type apps. It was so much fun to brag to friends about how frequently you were private messaging with whom! Most conversations don’t actually need to be truly confidential, so let’s turn it into a game. Entertainment is what Nostr is all about.

However, all joking aside, metadata leakage is a problem. To some extent, direct messages on Nostr are a vast improvement compared to traditional private messages (the platform can no longer rat you out to the FBI), but they are also a huge step back (anyone can rat you out to the FBI). I fully believe we will be able to address this issue with direct messages, but addressing the issue with other data types within Nostr may be more difficult.

Social Content

For the past few months, I’ve been thinking about a use case for Nostr: trusted network commenting and recommendations. Sybil attacks that allow bots to threaten social networks have also been used as marketing tools by unethical sellers. Purchased reviews, platform collusion, and more have destroyed the credibility of online product reviews, much like keyword-stuffed content destroyed Google search results. Proof of work is ineffective against these attacks because the problem is not quantity, but false credibility. The correct tool to combat false credibility is a trust network – a verifiable credibility related to the end user’s own social graph.

This is a huge opportunity for Nostr, and I’m very excited about it. Imagine you want to know if the Vibration Recomposition Impactor (VRSF) can give you visible abs in less than 6 days. It has over 4,000 five-star reviews on Amazon, and all of the one-star reviews are filled with misspellings and illogical comments. So it must work, and it can make you smarter! But unfortunately, visible abs are actually an illusion given to you by the “large gym”. Now imagine you could find three gullible friends and ask them their thoughts – you might get a lower average rating, and you would definitely be more certain that the vibrating foam you’re not worth spending on.

This query can be done for any product, service, or cultural experience. And you are not limited to asking opinions to your entire social network, you can easily plan a list of foodies to help you choose a restaurant or trusted bookworms to help you decide on your next read.

Currently, large tech companies cannot do this because Facebook will not share its social graph with Google and Google will not share its business data with Facebook. However, if an open personnel and business database exists on Nostr, anyone can creatively recombine these data islands.

But let’s consider the drawbacks.

An open social graph plus recommendations means that you can not only ask your friends for their opinion on a given product, but also ask:

  • What someone’s friends think of a product

  • What kind of people like certain products

  • How products and personnel cluster

The last one is particularly interesting because it means you can find reasonable answers to some interesting questions:

  • Does an area have a fertility problem?

  • What is the political leaning of a specific group?

  • How effective are specific ads for specific groups?

This is a social experiment, and Facebook has been criticized for it in the past. Democratizing this data does not prevent its relevance from being a personal privacy violation, especially when conducting complex analysis that requires a lot of computing resources and whose results can be kept private. It should be noted that this issue goes far beyond the combination of social information and public comments. This is just one example of many similar problems that may arise in open databases of user behavior.

Frankly speaking, we may be giving the potential overlords an all-seeing panopticon without reservation. Just as closed gardens have managed and marketed by manipulating opinions or interests in the past.

How to solve it?

So what can we do? I hope there is a rating system based on my social graph, but not at the expense of sacrificing our collective privacy. When building Nostr to solve novel use cases, we need to keep this threat in mind. Zero-knowledge proofs may be used here, or we can solve this problem by simply reconfiguring data storage. In the future, users can post information to a small number of relays they trust, which will not forward their data, similar to @fiatjaf’s NIP-29 chat proposal. Then, these relays can support more complex query interfaces so as not to reveal too much information when answering questions. One interesting aspect of this approach is that it may push relays towards the PWN model used by BlueSky. Not all data needs to be treated in the same way, which gives us flexibility in implementing these heuristic algorithms. Just like a note can be broadcast to everyone or sent to an individual or group, some comments or other activities may only be made public to people who have been verified in some way.

Like what you're reading? Subscribe to our top stories.

We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!

Follow us on Twitter, Facebook, YouTube, and TikTok.


Was this article helpful?

93 out of 132 found this helpful

Gambling Chain Logo
Digital Asset Investment
Real world, Metaverse and Network.
Build Daos that bring Decentralized finance to more and more persons Who love Web3.
Website and other Media Daos

Products used

GC Wallet

Send targeted currencies to the right people at the right time.