@taylanb by "sovereignty" you mean that it simply doesn't do anything to verify identity and leaves the user up shit creek without a paddle? There is nothing in the protocol preventing me from pretending to be you. I can simply began posting to a relay as you, with a separate key. If I mirror most of your posts you wouldn't even notice unless you went ahead and manually compared fingerprints.
You wouldn't know unless you manually compared fingerprints... so do that?
In Nostr users are identified by public key, right? So if you're posting with a separate key then you're not pretending to be a the user, you're identifying yourself as a different user mirroring all the posts.
I don't think this criticism is especially valid since it seems to be saying Nostr offers no protection except the one it offers.
@taylanb@mstdn.social
@volkris and in the end that makes Nostr neither safe nor private. Even if I have an unbroken chain of conversation with my counterpart I can never be sure that I'm not being duped. There is no alternative verification scheme.
I don't think the distinction is quite as stark as you make it sound.
After all, I could start mirroring all your content as JustusWingert-at-mastodon.hacker and it would get to the same result: to paraphrase, it wouldn't be noticed unless someone went ahead and manually compared domain names.
Domain names which are often enough clipped off the screen.
In the end I think the advantages of the relay model over the instance model might make this marginal increase in userfriendliness not really worth it.
@taylanb@mstdn.social
@volkris except if such an instance were to exist I could actively take down the copycat. There is no taking down a public key. So I have a way to prevent and verify it for myself and all my followers. And to be frank: The "Advantages" of the relay model are borderline lies. Relays would basically have to coordinate blocking keys, otherwise documentations of child abuse and similar stuff would run rampant. In other words: Get banned once and you're done. There also isn't any kind of persistence.
COULD you actively take down the copycat, if it wasn't your instance? You could certainly try, IF you knew about the copycat, with no guarantee of success.
Again, the advantages you're speculating about are really not as great as you present.
@volkris I'm not speculating. Everytime I use a hash tag I would see any copycat because by the nature of #activitypub the copycat server would be federated with mine. Since I read hashtags that I post to that makes it incredibly unlikely that this could go unnoticed. There is no comparable mechanism in #nostr. Additionally the copycat has to operate from a server, either their own or someone else's. Meaning if identity theft was going on there would be legal venues for me.
Yeah. Legal venues. Not quite the simple matter of your actively quashing the copycat :)
This is exactly what I'm saying.
Once you start talking about having to resort to external legal venues to stop a copycat, it's suddenly not so simple, and arguably, it shows that ActivityPub doesn't have the protections you claim.
Even if AP lets you identify the hosting instance, AP doesn't actually let you stop the copycat.
It just helps you begin the process of hiring a lawyer.
@volkris if the instance is actively protecting scammers it will be defederated quickly. Leave aside the fact that legal venues are highly effective in this case. We're literally talking copyright infringement. They can ignore a dmca, sure. Good luck to them. I wouldn't even need a lawyer to get an injunction and then their hoster will literally have to hand me the keys... The internet isn't some imaginary wild west, kid.
Firstly, an instance doesn't have to be actively protecting scammers to nullify your efforts to have a scammer shut down. Its lack of action is all it takes: inaction. If the instance operator is on vacation you're out of luck.
Secondly, plenty of misbehaving instances remain federated, so that claim about being defederated quickly is also not quite true.
And thirdly, once again, if you have to rely on instance owners defederating instances, that means ActivityPub itself doesn't protect you.
Once again you're pointing out that you have to go beyond ActivityPub to get the protection you claim it provides.
@volkris there is a process. You may find that process tedious, onerous, whatever, but it exists and it functions. nostr does. not. have. that. process.
Right, there is a process *outside of ActivityPub because ActivityPub can't do what you say.*
Nostr doesn't have this process, but neither does ActivityPub!
@volkris nostr does not contain anything to deal with spam, illegal content, other unwanted content, etc. and simply offloads the burden to the enduser. It's a prime example of doing the easy part, then claiming everyone else is dumb and make a lot of noise. Typical cryptobro scam. Again, they're literally selling snakeoil on their main page...
You keep talking about offloading the burden to the end user, but I'd see it as allowing the end user control over they experience!
Unwanted content? Who's wants? I'd say the end user's wants are what matters most there, so YES, I want the end user to have say over the content he sees.
It's fine if you don't personally value that, but you seem really against this system for reasons that range from differences without distinction through your own personal preferences.
@volkris that's the problem. ActivityPub uses the individual servers as foundation for a web of trust. Nostr rejects that notion. There is no mechanism that positively identifies one random number from the other. Systems like Threema have a complex verification scheme for that very purpose. PGP does too. Mastodon/AP doesn't need that, since it's not trying to be private. Nostr simply doesn't give a shit and leaves the User without any tools to be safe. @taylanb