nostr VS matrix-spec

Some resources if you're interested in learning more: https://nostr.com/ https://ron.stoner.com/nostr_Security_and_Privacy https://github.com/nostr-protocol/nostr/ https://nostorg.github.io/clients/

I think your best bet here is Nostr (Notes and Other Stuff Transmitted by Relays): https://nostr.com https://github.com/nostr-protocol/nostr

Nostr isn't a federated platform like Mastodon or Lemmy, it's more similar to the AT protocol created by Bluesky, whilst being far simpler to understand and write apps using it. The nostr protocol is defined by a series of NIPs (Nostr implementation possibilites https://github.com/nostr-protocol/nips), the most basic of which can be implemented in a client or a relay in 50-100 lines of code in any modern programming language.

Each user runs a client, anyone can write a relay or run any of hundreds of existing implementations, both clients and relays can choose to support a number of NIPs. Users have a public-private keypair, and distribute notes to relays signed with their private key, which are verified by relays. Clients subscribe via websockets to any number of relays (I usually have 20-30), and receive notes from all users on those relays' databases, or filtered by the public keys of the users you're following. Relays for the most part don't communicate with each other. If you're ever blocked or banned from a relay, you'll still be able to have your notes seen as long as you have at least one relay in common with anyone who wants to see them. I run my own as well for extra resiliency.

At the moment there's ~50 standardised NIPs, which add features like likes, zaps (bitcoin tips for notes), user status, post expiration, mentions, search, DMs, and public chats. Nearly all of these are supported by popular clients and relays. While nostr is primarily used for social media at the moment, it's already possible to build upon as a protocol for pretty much any online service.

The total active user count on most public relays I'd estimate is somewhere around 500k to a million, though the nature of the protocol makes it impossible to estimate its true size. The perceived community on most relays before following anyone frankly can get pretty cancerous, mainly due to a lot of clients sorting notes by new by default, so I can only hope to high heaven it'll improve as it grows.

Though like any new non-centralised platform, it's more difficult to get started on for most non-technical users as they have to pick one of hundreds of clients to install, and requires caution to never leak your private key and be very wary of which clients you trust it with.

I hope this was not too technical and all over the place. If you are interested in knowing more please ask me or check out https://github.com/nostr-protocol/nostr or https://nostr.com/get-started

Without movement on this [1] I can't see adoption.

[1] https://github.com/nostr-protocol/nostr/issues/97

I think the next stage is decentralized social media. Something like nostr (1) where there’s no centralized entity determining the algorithm to boost. It’s up to the individual to follow users.

Perhaps the next challenge would be human verification, even with this protocol we’d need something to index public people by to handle discovery.

Even before LLM’s became as mainstream as they are, most social media platforms were riddled with spam: affiliate marketing, drop shipping crap, and people who are running some sort of con.

1 - https://github.com/nostr-protocol/nostr already has 8k stars on github

Considering that Reddit might not be able to negotiate better pricing for API usage, it's worth considering a different approach. The future of social media seems to be moving towards protocols rather than specific platforms. This means that instead of relying on a single platform like Reddit, Apollo should focus on using a protocol called NOSTR (you can find more information at https://github.com/nostr-protocol/nostr).

Holding me back from posting updates of what I had for breakfast is the problem of private key sharing with services that I can use in order to post updates of what I had for breakfast.

A client or service will inevitably be compromised. And with it, the private keys of all using it whether stored by the service or logged on entry by a compromised system.

Private keys should be chained, master->subkey, with subkey the public key of the service __or a solution like that or that ends in the same result. When (not if) a service or key is compromised, the key can be blacklisted and/or any key co-signed by a compromised service blacklisted.

I'm confused by the oversight. It's also been raised here https://github.com/nostr-protocol/nostr/issues/97

Until then, I'll have to keep my updates of what I had for breakfast to myself.

ooh, mxrxtx sounds interesting - is this solving https://github.com/matrix-org/matrix-spec/issues/189?

Hi there! I'm the Managing Director of the Foundation. That owing balance is down to the many services for which we rely on Element.

The Foundation has a Master Services Agreement (MSA) with Element which includes administrative services, operation of the matrix.org homeserver, and secondment of several personnel whose responsibilities include advocacy, program management, standards work, and trust and safety. The MSA also includes provisions for the Foundation to reimburse Element for any bills they pay on our behalf.

More details and context in my official reply: https://github.com/matrix-org/matrix-spec/issues/571#issueco...

Happy to address any other concerns or questions you may have.

AT proto has some significant similarities to Matrix:

* Both are work by self-authenticating git-style replication of Merkle trees/DAGs

* Both define strict data schemas for extensible sets of events (Matrix uses JSON schema - https://github.com/matrix-org/matrix-spec/tree/main/data/eve... and OpenAPI; AT uses Lexicons)

* Both use HTTPS for client-server and server-server traffic by default.

* Both are focused on decentralised composable reputation - e.g. https://matrix.org/blog/2020/10/19/combating-abuse-in-matrix... on the Matrix side, or https://paulfrazee.medium.com/the-anti-parler-principles-for... on the bluesky side, etc.

* Both are designed as big-world communication networks. You don't have the server balkanisation that affects ActivityPub.

* Both eschew cryptocurrency systems and incentives.

There are some significant differences too:

* Matrix aspires to be the secure communication layer for the open web.

* AT aspires (i think) to be an open decentralised social networking protocol for the internet.

* AT has portable identity by default. We've been working on this on Matrix (e.g. MSC1228 - https://github.com/matrix-org/matrix-spec-proposals/pull/122... and MSC2787 - https://github.com/matrix-org/matrix-spec-proposals/blob/nei...) and have a new MSC (and implementation on Dendrite) in progress right now which combines the best bits of MSC1228 & MSC2787 into something concrete, at last. In fact the proto-MSC is due to emerge today.

* AT is proposing a asymmetrical federation architecture where user data is stored on Personal Data Servers (PDS), but indexing/fan-out/etc is done by Big Graph Servers (BGS). Matrix is symmetrical and by default federates full-mesh between all servers participating in a conversation, which on one hand is arguably better from a self-sovereignty and resilience perspective - but empirically has created headaches where an underpowered server joins some massive public chatroom and then melts. Matrix has improved this by steady optimisation of both protocol and implementation (i.e. adding lazy loading everywhere - e.g. https://matrix-org.github.io/synapse/latest/development/syna...), but formalising an asymmetrical architecture is an interesting different approach :)

* AT is (today) focused on for public conversations (e.g. prioritising big-world search and indexing etc), whereas Matrix focuses both on private and public communication - whether that's public chatrooms with 100K users over 10K servers, or private encrypted group conversations. For instance, one of Matrix's big novelties is decentralised access control without finality (https://matrix.org/blog/2020/06/16/matrix-decomposition-an-i...) in order to enforce access control for private conversations.

* Matrix also provides end-to-end encryption for private conversations by default, today via Double Ratchet (Olm/Megolm) and in the nearish future MLS (https://arewemlsyet.com). We're also starting to work on post quantum crypto.

* Matrix is obviously ~7 years older, and has many more use cases fleshed out - whether that's native VoIP/Video a la Element Call (https://element.io/blog/introducing-native-matrix-voip-with-...) or virtual worlds like Third Room (https://thirdroom.io) or shared whiteboarding (https://github.com/toger5/TheBoard) etc.

* AT's lexicon approach looks to be a more modular to extend the protocol than Matrix's extensible event schemas - in that AT lexicons include both RPC definitions as well as the schemas for the underlying datatypes, whereas in Matrix the OpenAPI evolves separately to the message schemas.

* AT uses IPLD; Matrix uses Canonical JSON (for now)

* Matrix is perhaps more sophisticated on auth, in that we're switching to OpenID Connect for all authentication (and so get things like passkeys and MFA for free): https://areweoidcyet.com

* Matrix has an open governance model with >50% of spec proposals coming from the wider community these days: https://spec.matrix.org/proposals

* AT has done a much better job of getting mainstream uptake so far, perhaps thanks to building a flagship app from day one (before even finishing or opening up the protocol) - whereas Element coming relatively late to the picture has meant that Element development has been constantly slowed by dealing with existing protocol considerations (and even then we've had constant complaints about Element being too influential in driving Matrix development).

* AT backs up all your personal data on your client (space allowing), to aid portability, whereas Matrix is typically thin-client.

* Architecturally, Matrix is increasingly experimenting with a hybrid P2P model (https://arewep2pyet.com) as our long-term solution - which effectively would end up with all your data being synced to your client. I'd assume bluesky is consciously avoiding P2P having been overextended on previous adventures with DAT/hypercore: https://github.com/beakerbrowser/beaker/blob/master/archive-.... Whereas we're playing the long game to slowly converge on P2P, even if that means building our own overlay networks etc: https://github.com/matrix-org/pinecone

I'm sure there are a bunch of other differences, but these are the ones which pop to the top of my head, plus I'm far from an expert in AT protocol.

It's worth noting that in the early days of bluesky, the Matrix team built out Cerulean (https://matrix.org/blog/2020/12/18/introducing-cerulean) as a demonstration to the bluesky team of how you could build big-world microblogging on top of Matrix, and that Matrix is not just for chat. We demoed it to Jack and Parag, but they opted to fund something entirely new in the form of AT proto. I'm guessing that the factors that went into this were: a) wanting to be able to optimise the architecture purely for social networking (although it's ironic that ATproto has ended up pretty generic too, similar to Matrix), b) wanting to be able to control the strategy and not have to follow Matrix's open governance model, c) wanting to create something new :)

From the Matrix side; we keep in touch with the bluesky team and wish them the best, and it's super depressing to see folks from ActivityPub and Nostr throwing their toys in this manner. It reminds me of the unpleasant behaviour we see from certain XMPP folks who resent the existence of Matrix (e.g. https://news.ycombinator.com/item?id=35874291). The reality is that the 'enemy' here, if anyone, are the centralised communication/social platforms - not other decentralisation projects. And even the centralised platforms have the option of seeing the light and becoming decentralised one day if we play our parts well.

What would be really cool, from my perspective, would be if Matrix ended up being able to help out with the private communication use cases for AT proto - as we obviously have a tonne of prior art now for efficient & audited E2EE private comms and decentralised access control. Moreover, I /think/ the lexicon approach in AT proto could let Matrix itself be expressed as an AT proto lexicon - providing interop with existing Matrix rooms (at least semantically), and supporting existing Matrix clients/SDKs, while using AT proto's ID model and storing data in PDSes etc. Coincidentally, this matches work we've been doing on the Matrix side as part of the MIMI IETF working group to figure out how to layer Matrix on top of other existing protocols: e.g. https://datatracker.ietf.org/doc/draft-ralston-mimi-matrix-t... and https://datatracker.ietf.org/doc/draft-ralston-mimi-matrix-m... - and if I had infinite time right now I'd certainly be trying to map Matrix's CS & SS APIs onto an AT proto lexicon to see what it looks like.

TL;DR: I think AT proto is cool, and I wish that open projects saw each other as fellow travellers rather than competitors.

About 4 (data backup): it's worth mentioning that Element web lets you export your chat history in a given room. Regarding account migration, it is on the roadmap and there has been work on it. The most relevant keywords to look for it would be 'portable identity' (see also this thread). Finally, there is this small tool to attempt an 'account migration'. I have not used it, I do not recommend it (use at your own risk etc.) but it exists.

I am watching this: https://github.com/matrix-org/matrix-spec/issues/246 Really want to see the roaming identity feature. Fully p2p stuff is imho just too cumbersome for 99% of the users. Or maybe someone could start selling RPI based appliance that runs a node 24/7.

More about it HERE

I think you could create a system that's resilient to such issues even with federation (not saying it's easy, though), and Matrix actually has a solution in the works for this – decentralised user accounts [1].

And all of this makes me wonder – maybe it's better to re-implement something like Mastodon on top of Matrix. If Matrix adopts decentralised user accounts, that would seemingly solve such issues automatically. There was a POC Matrix based Twitter clone demonstrating this, actually [2] (but without the decentralised accounts yet).

[1] https://github.com/matrix-org/matrix-spec/issues/246

Issue tracker for reactions encryption https://github.com/matrix-org/matrix-spec/issues/660