Nostr

TL;DR

#

---

How we got here

#

A short history lesson.

First Jack Dorsey created Twitter. And like all social media at the time, Twitter was a centralized offering controlled by a single entity. We all know how that went. The End.

Ok ok, that is a bit too short. Let me flesh that out just a little…

While still at Twitter, Jack & co. began work on a new project internally: Bluesky. Created at Twitter, with Twitter providing initial funding, Bluesky was an initiative to explore the possibility of decentralizing Twitter.

Fast forward to late 2021, Bluesky Social formed as an independent entity. They developed the AT Protocol, “an open, decentralized network for building social applications.” Along with the likes of Mastodon and the Fediverse, Bluesky pitched itself as an answer to the dumpster fire that Twitter became after Elon Musk bought it.

It was during this period, in early 2023, that I simply stopped using Twitter. And later that year, having had enough of Elon’s foolishness, I gutted Twitter from all my devices and created my own Bluesky account. (Mind you, this long predates this man child’s behavior in recent months, back when the harm he caused was mostly to himself and his investors.) For myself, the final straw occurred once Twitter no longer provided an open microblogging platform. By “open” here I mean “public.”

Allow me to explain. For the longest time, if you had a Twitter account and configured it to be public, when you posted something, anyone could see your posts by simply visiting https://twitter.com/<yourusername> and scrolling through your posts. And anyone could share the URL of a specific post with others. No account required. Combined with Twitter’s enforced character limit¹, this was the definition of a microblog. This made it easy for folks to share tweets with anyone, even those who did not have Twitter accounts.

However, now when someone tries to share a tweet, besides being redirected to the idiotic X.com domain, Twitter also pops up a login page, requiring you to sign in simply to see someone’s (formerly public) tweets. This makes Twitter today no different than Facebook or any of the other closed “walled garden” chat apps such as Slack, Discord, MS Teams, or even iMessages.

Now during this time, Jack Dorsey encouraged folks to use Bluesky. Then, in May 2024, Jack Dorsey did a 180 degree pivot and bailed on Bluesky, claiming it was becoming another Twitter. And he began advocating for something called Nostr.

At the time, I wrote on Bluesky:

Not sure what to make of the “Meth Unabomber” (a.k.a., Jack Dorsey) leaving Bluesky board, encouraging folks to remain on X, and endorsing Nostr. Is every rich a_hole just losing their sh_t in different ways? www.businessinsider.com/jack-dorsey-… www.theguardian.com/technology/a… nostr.com

I had never heard of Nostr, and I thought maybe Jack Dorsey had really gone off the rails. But eventually I decided to go looking into this Nostr business out of curiosity.

While Nostr looked interesting, I still considered Bluesky a better option. I mean, their AT Protocol was open after all. And the architecture was decentralized, a bit like the XML-based XMPP and the JSON-based ActivityPub (Fediverse/Mastodon) and Matrix protocols are for chat. (Or, if you prefer, the perennial example of an open, decentralized, federated system: SMTP.)

This meant that Bluesky, like most open source projects, could withstand the takeover by a tyrant man-baby. How? At the extreme, Bluesky had the “red pill” option of the open-source world at its disposal: forking. If an open source project suddenly comes under less ideal management (e.g., OpenOffice, MySQL, Redis), people can simply “fork” the code and take their ball and go elsewhere (e.g., LibreOffice, MariaDB, Valkey). So Bluesky was immune to the risk that Twitter presented, right? Right?

Unfortunately, as I covered in another post here, that may not really be the case.

---

---

So what IS Nostr?

#

As defined at the beginning of this post, Nostr stands for “Notes and Other Stuff Transmitted by Relays.” That pretty much sums it up. But what are “notes”, “other stuff”, and “relays” in this context?

Well, while “notes” can be considered similar to “tweets” in Twitter, the “other stuff” implies that Nostr can do more. Much more. And “relays”? Think of them as servers. But more on that in a minute.

Video Explanations

#

If “a picture is worth a thousand words”, a properly edited video can convey even more in less time.

Here Jack Dorsey explains how Nostr works in 2 minutes on YouTube.

And the actual Nostr site covers this in writing as well as a short < 2 minute video.

That said, I found that this ~7 minute YouTube video covers the basics quickly and more visually:

And if that does not suffice, then this ~16 minute YouTube video (if you can get past the idiotic thumbnail) is probably the best single video I have found to date that explains Nostr and relays/etc.

Or to put it in words…

#

In short, Nostr can be seen as a Twitter alternative, though it can be so much more. Nostr was designed to be future-proofed against any single person/entity being able to take over its setup or to be able to silence its users. And in this respect Nostr takes the concept of “decentralized” to a whole different level.

At its core, Nostr has a client/server architecture (like everything in the TCP/IP world) that leverages two (2) things:

• public/private keys (i.e., how you identify someone in the Nostr world)
• relays (i.e., how information flows in the Nostr world)

Let us dig into each of these now.

Public/Private Key Pairs

#

At the core of Nostr is the public/private key pair. Public/private keys are nothing more than long binary patterns of 1s and 0s, often represented as hexadecimal strings made up of characters 0-9 and letters A-F.

But much as you do not need to understand internal combustion engines in order to drive a car, you also do not need to understand the underlying math and details here. Just remember there are two “keys” involved.

In the Nostr world, they typically convert and present these public/private keys as strings prefixed with npub and nsec, respectively. We will simply refer to these as your nsec (Nostr PRIVATE key) and npub (Nostr PUBLIC key) in this post.

Reusing an image above from my previous post on PKI, the nsec is your PRIVATE key, which you use to digitally sign any post/etc. Also, just like any private key, you must protect your nsec, as it is the key that proves “you are you.”

Much as you would not want the key to your house or your secure website’s private SSL key to be copied or compromised (allowing thieves to steal your stuff or hackers to pretend to be your website, respectively), you would not want your nsec falling into the wrong hands, where someone can then pretend to post on Nostr as you. So protect your nsec like you would anything important, such as your login credentials to your bank.

The npub is your matching PUBLIC key, which you provide to anyone/everyone so that they can confirm that a post was signed by your nsec (i.e., the post came from you). Your npub also acts as your Nostr identity. Think how a Twitter or Bluesky user is identified by their Twitter or Bluesky username/handle. It is that simple.

Of course, telling someone

Oh I am on Nostr, and you can find me as npub1yl6jx8u9ujmjj3sl6hkc5twr85y0k3lklanyxjwmpllg60a9hdkssansy7.

does not exactly roll off the tongue. Nor is such an npub easy to remember. But there are ways to help with this.

Much like

• Jabber/XMPP has JEPs (Jabber Enhancement Proposals), and
• the IETF (Internet Engineering Task Force) has RFCs (Request For Comments)

Nostr has NIPs (Nostr Implementation Possibilities). NIPs are optional features one can implement/utilize.

One of these is NIP-05 - Mapping Nostr keys to DNS-based internet identifiers. As its name implies, this lets you map something more human-readable to your npub, such as your email address. Then you can simply say

Oh I am on Nostr, and you can find me as me@myemaildomain.

Relays

#

The other key part of the Nostr ecosystem are relays. These are the servers to which you post your “notes and other stuff”. Relays are also where others can find your posts.

Relays are to Nostr as

• SMTP servers are to email for sending
• POP3/IMAP servers are to email for receiving
• Twitter’s servers are to Twitter users
• Matrix servers (e.g., Synapse or Dendrite) are to Matrix users
• Mastodon servers are to Mastodon users

But UNLIKE all of those examples, in the Nostr ecosystem you are not defined by the server your posts are hosted on. The only thing that matters to identify you is your npub.

Nor is your content constrained to a single server. Even with email, where you can, in theory, move your account (assuming that you own your email’s domain) from one server to another, this still requires a bit of work on your part. And at any given time, your email is only “living” on one server system.

You can think of relays as pipes that you push your posts into, where folks interested in following you will then attach to the other side of the pipe, looking for posts coming out with your npub.

However, unlike SMTP/POP3/IMAP, Twitter, Matrix, and Mastodon servers, Nostr clients are not limited to only posting to or receiving posts from a single relay.

To put this visually, here is an example:

flowchart LR
    u1([Alice])
    r1[(relay1)]
    r2[(relay2)]
    r3[(relay3)]
    u2([Bob])
    u1 --> r1
    u1 --> r2
    u1 --> r3
    r1 --> u2
    r3 --> u2
linkStyle default stroke-width:3px,stroke:white
linkStyle 0,1,2 stroke:green
style u1 color:#f00
style u2 color:#f00
  

• Alice has her Nostr client sending notes to three (3) different relays: relay1, relay2, and relay3
• Bob has his Nostr client taking in feeds from two (2) of those relays: relay1 and relay3

If Bob “follows” Alice, his client will check those two relays for Nostr posts with Alice’s npub. And Bob’s client will make sure he sees her posts in his feed, removing duplicates (since his client may well receive the same post from both relays).

The real power of Nostr here lies in the fact that even if relay1 goes down, Bob will still get Alice’s posts. In fact, Bob could adjust his client to then add in relay2 to provide yet another way to get Alice’s posts. And keep in mind that these relays can be located anywhere on the Internet, each maintained by entirely different folks.

Why is this so important? Unlike most services, what makes this so incredible is that anyone can spin up and host a Nostr relay. And anyone can post to a public relay. (Beyond this, it is also possible to setup relays that offer posting for a fee, providing a potentially financially sustainable model for those doing so.) This is all incredibly powerful.

This means that even if you post to multiple relays and some nefarious actor comes along and starts taking down those relays in an attempt to silence you, you can simply move to posting to yet other relays, and/or even spin up your own relays for followers to use. And the Nostr protocol includes mechanisms for notifying your followers which relays to check for your posts.

It is actually quite an ingenious solution. And I am only scratching the surface here.

(In fact, I am running a relay² myself that I have my own Nostr clients ³ posting to. I did this for testing purposes and just so that I have a copy of all my posts, should the public ones I currently send to ever go offline. However, my relay is configured to only allow me to post to it. So it is not a public relay in that sense.)

Current Affairs

#

At this point, I have pretty much given up on Twitter. While I technically still have accounts there, I simply do not use it anymore (and have not in over two years).

Instead, much as I have a Bluesky account these days, I also have a Nostr account. And I am posting to both, along with LinkedIn. (See the top of my site for links.)

While currently Bluesky looks to be the most popular alternative for Twitter refugees, long-term I believe a more truly open solution like Nostr is the way to go. Unfortunately, the best tech does not always “win”.

That said, it is still early days. Like many open/FLOSS⁴ offerings that lack the kind of financial backing that commercial services like Bluesky enjoy (keep in mind Bluesky was originally funded by Jack Dorsey/Twitter itself), Nostr does not have quite the “polish” that offerings such as Bluesky enjoy.

This “polish” is, in part, thanks to both having more money (which translates to more manpower/resources/etc.) and having an existing “business DNA” from Twitter. Bluesky used all this to do effective documentation and marketing, not to mention leveraging the experience from the existing UI/UX of their predecessor, Twitter. In short, Bluesky has gained a decent following because it very much “feels like Twitter.”

There is also the usual challenge that comes with FLOSS projects: fragmentation of effort. While Bluesky enjoys a singular entity focused on building a financially viable business model, the Nostr community is a bit more like the Linux community. That is, the “FL” in FLOSS stands for “Free/Libre”, as in “you have the freedom to do what you want with it.” And everyone has their own idea of how things should be done. So you end up with lots of projects, websites, etc., where total effort, manpower, and financial support is fragmented.

But as others note, this is not a bad thing. This is by design. The very fact that no one entity can control it is what makes Nostr so resilient.

Also, for good or ill, the “crypto bros” community has heavily leaned into using Nostr. This is likely due to both Nostr’s penchant for decentralized control, combined with using PKI. So it is a bit of a natural fit.

This, in turn, has influenced the perception of Nostr itself, as many tutorials/articles/etc. are written by folks in the cryptocurrency world. So, though far from the truth, some therefore misconstrue Nostr as something only those involved with cryptocurrency use.

This also explains why so many Nostr articles/tutorials reference things like Alby to store your nsec. Alby is a Bitcoin wallet / browser plugin that can also store things like your nsec. (I simply use my current password manager. My nsec is, after all, just another password of sorts.)

Unfortunately, the crypto community is populated by folks who often are not… well, effective in articulating points in a simple manner that is easily digestible by average users. (Hence my presentation and blog post on PKI.) A side effect is that Nostr has not seen the uptake it might otherwise enjoy.

Just the same, I believe in time things will get better. Already since starting to use Nostr I have seen improvements made to some sites.

Where To Begin

#

For those interested in tinkering with Nostr, it is quite easy once you grasp that it is really about nothing more than having your own public/private key pair that you use to identify yourself and sign your posts. Hopefully my explanation above makes some sense.

There are several websites such as iris.to that will help you create an “account”, which is really just an npub/nsec key pair. And they will typically tell you to backup/save/protect your nsec right away. This is because they can do nothing to help you if you lose your nsec. While an npub can be regenerated from an nsec, the same is not true the other way around. (This is another reason why the PRIVATE key needs to be protected.)

If you are not comfortable having your public/private key generated on a website that you don’t own/control (I know I am not), you can download a Nostr client for just about any OS (e.g., Linux, macOS, Windows, iOS, Android, etc.).

That client will also let you create your npub/nsec key pair. Once created, the key thing to note (no pun intended) is that you need your nsec for any Nostr clients that you use, just as you typically need a username/password for any service. So be sure to save your nsec immediately.

For more information, you can begin by visiting Nostr.org, Nostr.com, njump.me, Nostr Apps and iris.to. These are just a few websites out there. (Again, being an open project, lots of folks have jumped in.) Or you can search in your app store of choice for “Nostr” to see what clients you can find there.

If you are looking at Nostr to possibly replace your use of Twitter, once you have your Nostr “account” created, you can use a site like https://nostr.directory/ to find others who have gone from Twitter to Nostr, and/or you can post your npubkey along with your Twitter handle (so that they are linked together) on the site, so that other folks can find you on Nostr via your Twitter handle.

From there, the sky is the limit.