Nostr notes by fruordf

#naddr1qq…vq7c

2025-12-19T12:26:51Z

quoting
naddr1qq…vq7c

The Parallel Phone

In February 2014, Apple removed Blockchain's Bitcoin wallet from the App Store without warning. The company offered no real explanation beyond "an unresolved issue." This was the last remaining native Bitcoin wallet for iOS users. Coinbase, CoinJar, and Gliph had already been purged in the preceding months.

Apple's position was monopolistic. If you had purchased an iPhone, you had precisely zero options for using Bitcoin on your device unless you trusted a web application. The "crazy ones" who once claimed to show "no respect for the status quo" had become the status quo, and they did not care to have their payment ambitions challenged by peer-to-peer electronic cash.

The cryptocurrency community responded with predictable outrage and some memorable videos of iPhones being destroyed. But outrage is not strategy. The real response took a decade to mature, and it required building something rather than merely complaining about something. That something is now operational.

Consider what happens when you install GrapheneOS on a Pixel device, then acquire your applications through Zapstore, manage your cryptographic identity with Amber, run a local Nostr relay using Citrine, publish your thoughts through Amethyst, and conduct private group conversations via White Noise. You have constructed a phone where no corporation can prevent you from installing software, no government can easily compel the seizure of your communication history, and no central authority controls your identity. Each component eliminates a specific chokepoint that centralized systems use to maintain control over users.

This is not theoretical. This is not aspirational. This is available today for anyone willing to spend an afternoon setting up their device.

The Operating System: GrapheneOS

GrapheneOS is a hardened mobile operating system with security improvements that exceed what Google provides on stock Pixel devices. The memory allocator is fortified against entire classes of exploitation. The kernel includes mitigations that Google has not implemented. The browser, Vanadium, disables just-in-time compilation by default, eliminating the attack surface that enables most browser-based exploits.

The crucial feature for our purposes is the ability to sandbox Google Play Services if you need them, while keeping them entirely absent from profiles where you do not. This is not an all-or-nothing proposition. You can maintain a profile for legacy applications that require Google's infrastructure while keeping your freedom technology stack completely separate, with no data leakage between the two.

GrapheneOS currently runs only on Pixel devices, which creates an irony that critics never tire of mentioning: you must buy a Google phone to run the most Google-free mobile operating system available. The irony dissolves when you understand the reasoning. Pixels are the only devices with unlockable bootloaders that also support proper verified boot after installing an alternative operating system. Security requires specific hardware support, and Google, whatever its other sins, builds phones that do not fight against user modification.

The App Store: Zapstore

The fundamental problem with centralized app distribution is not that Apple and Google are unusually malicious. The problem is that any entity capable of deciding what software you can install will eventually face pressure to make decisions you disagree with. Sometimes this pressure comes from governments demanding censorship. Sometimes it comes from internal commercial interests. Sometimes it comes from regulators who believe that non-custodial Bitcoin wallets should require money transmitter licenses even though they do not custody funds.

In August 2025, Google Play announced licensing requirements that would have effectively banned most non-custodial wallet applications from fifteen jurisdictions. The company reversed course after intense criticism, but the reversal came with no guarantee of permanence. The lesson is clear: the final obstacle for Bitcoin is no longer hostile regulators but the platform monopolists who control app distribution channels.

Zapstore eliminates this dependency. Built on the Nostr protocol, Zapstore allows developers to cryptographically sign their releases using their Nostr keys. Users verify these signatures automatically. Applications spread through a web of trust: you discover software because people you follow have recommended it or because developers you trust have published it. There is no central authority that can delist an application. If one relay refuses to host a particular release, other relays remain available.

The Key Manager: Amber

The average person manages authentication through passwords that are either memorable and weak or generated and forgotten. They outsource key management to corporations that can be compelled to surrender access, or they simply accept that their accounts exist at the pleasure of platform operators who can disable them without appeal.

Nostr introduces a different model. Your identity is a cryptographic key pair. Your private key, your nsec, proves you are who you claim to be. Every message you publish is signed with this key. No server can impersonate you because no server possesses your key. No platform can lock you out because your key exists independently of any platform.

This architecture creates an obvious problem: if you paste your private key into every Nostr client you try, you multiply the attack surface exponentially. Each application becomes a potential point of compromise. One poorly coded client, one malicious update, one successful phishing attempt, and your identity is stolen permanently.

Amber solves this problem. The application stores your private key in a single dedicated location. Other applications request signing operations through the NIP-55 interface. The key never leaves Amber. A compromised client can do no worse than display incorrect information; it cannot steal your ability to prove who you are.

The comparison to hardware wallets for Bitcoin is apt. Your Bitcoin private keys should live on a device that does nothing except sign transactions. Your Nostr private keys should live in an application that does nothing except sign events. Amber provides this functionality without requiring additional hardware, turning your existing smartphone into a signing device.

Amber supports multiple accounts with precise permission controls, allowing you to authorize specific applications for specific operations while denying others. It works offline for local signing and supports NIP-46 remote signing for browser-based clients.

The Local Relay: Citrine

In the Nostr protocol, relays are servers that store and distribute messages. Most users connect to public relays operated by third parties. This is convenient but introduces familiar problems: the relay operator can see what you post, what you request, and when you are online. They can sell this information, censor your content, or comply with government demands for your data.

Citrine runs a Nostr relay directly on your Android device. Your private notes, drafts, bookmarks, application settings, and encrypted messages can be stored locally where no third party can access them. Every post you publish can be backed up to your local relay, ensuring you retain a complete archive of your own writing regardless of what happens to public relays. Combined with Orbot, you can expose your Citrine relay as a Tor hidden service, allowing contacts to reach your relay over the Tor network while revealing nothing about your physical location or network identity.

Consider a journalist maintaining source communications. The standard operational security advice is complex: use Signal, but understand that Signal's servers can see metadata. Use encrypted email, but understand that email headers leak information. With Citrine, you run your own communications infrastructure on a device you carry. There is no server to subpoena because the server is in your pocket.

Citrine supports database export and import for backup purposes, allows restoration of contact lists if client applications malfunction, and provides user management for controlling who can post to your relay.

The Client: Amethyst

Amethyst is the interface through which most users interact with Nostr on Android. It is the most feature-complete Nostr client available for the platform, supporting social networking, group chats, direct messages, media feeds, marketplaces, live streaming, and Lightning Network payments through zaps.

The application integrates with Amber for signing, with Citrine for local relay functionality, and with Zapstore for updates. It routes traffic through Tor via Orbot for users who require network anonymity. It supports the outbox model for censorship resistance, ensuring that your posts can reach followers even if specific relays refuse to carry them.

Amethyst functions as a laboratory for Nostr development. Features that prove successful here often appear in other clients. With over fifty thousand downloads and thirty-five thousand active users, the application demonstrates that decentralized social networking works at scale.

The Secure Messenger: White Noise

Nostr's existing direct message implementations are inadequate. NIP-04 and NIP-17 provide encryption, but past messages become vulnerable if current keys are compromised. Group conversations scale poorly. Adding a hundred participants to a chat degrades performance to the point of unusability.

White Noise fixes this by implementing Messaging Layer Security, the IETF-standardized encryption protocol, on top of Nostr's decentralized transport.

What matters is metadata protection. Signal encrypts message contents but operates through centralized servers that observe who communicates with whom and when. Nostr's public relays similarly leak metadata even when message contents are encrypted. White Noise obfuscates these communication patterns, hiding not just what you say but who you talk to.

MLS provides forward secrecy and post-compromise security. If an attacker compromises your current keys, past messages remain protected. The protocol scales to groups of thousands without choking.

The architecture includes no centralized backend. The developers publish open source code and operate no servers. When the European Union proposed Chat Control 2.0, mandating backdoor access to encrypted communications, the response writes itself: there is no server to backdoor, no client under central control, and no mechanism by which messages could be intercepted even under legal compulsion.

White Noise implements the Marmot Protocol for interoperability. Other Nostr clients can integrate MLS support and communicate with White Noise users directly. The protocol is a contribution to the commons, not a proprietary silo.

White Noise is still early. The alpha released in July 2025, and the application is not yet feature complete. But the architecture is sound, the cryptography is standardized, and the code is open for inspection. What exists today works.

The Complete Stack

Each component is valuable independently. Together, they constitute something more significant: a phone where every major corporate or governmental chokepoint has been eliminated.

Your operating system does not report to Google. Your applications come from a decentralized store that cannot be shut down. Your identity exists independently of any platform. Your data lives on infrastructure you control. Your publications cannot be stopped since your apps distribute it on many relays. Your group conversations are encrypted with forward secrecy and metadata protection that even the developers cannot circumvent.

This is useful for anyone who has watched a bank freeze accounts without explanation, a social media platform ban users without appeal, or an app store remove software for "policy violations" that change quarterly. The freedom technology stack provides exit from a system where your ability to communicate and transact exists at the pleasure of corporations who do not particularly care about you.

They are ready now.

Conclusion

The Bitcoin community spent years complaining about app store censorship before building alternatives. The Nostr community learned from this experience and prioritized infrastructure from the beginning. GrapheneOS developers understood that security is meaningless without sovereignty over your own device. These parallel efforts have converged into a stack that ships with strong defaults and requires no technical expertise to configure.

You can continue requesting permission from Apple and Google for the software you run, the people you communicate with, and the transactions you make. The permission can always be revoked. The alternative cannot.

This gives me Hope ...

2025-11-09T15:21:55Z

This gives me Hope
https://fountain.fm/episode/CTEdPAIkL85f8jr87sL6

Wow! More people than ever are feeling safe in the streets at ...

2025-10-16T06:56:59Z

Wow!
More people than ever are feeling safe in the streets at night. https://www.warpnews.se/manskliga-framsteg/rekordhog-trygghet-i-varlden-fler-kanner-sig-sakra-an-nagonsin/

Jag har läst på lite och mediterat över sociala medier. Hur de ...

2025-10-06T11:58:00Z

Jag har läst på lite och mediterat över sociala medier. Hur de fungerar och vilka konsekvenser de får för världen och individen. Påverkan på mänskligheten är enorm.

Företagen bakom plattformarna har ett enda mål: att tjäna så mycket pengar som möjligt. Till sin hjälp har de enorm datainsamling och algoritmer som är optimerade för att stjäla så mycket av vår tid som de bara kan. Vår tid på jorden. Olyckligt nog visar det sig att vi fastnar lättare om vi får se saker som upprör eller skämmer oss. Fake news sprids därför mycket fortare än vanliga tråkiga fakta. Och med hjälp av allt insamlat data individanpassas flödet. Jag matas med saker som upprör just mig och polariseringen i samhället ökar. I ljuset av detta känns t.ex. stormningen av Kapitolium i Washington 2021 inte alls konstig.

Algoritmerna gör oss beroende av dopaminkickar och konstant bekräftelse. När bekräftelsen uteblir blir vi ängsliga, vi mår dåligt. Unga människor är extra sårbara. Ångest, självskadebeteende, hemmasittande, ätstörningar blir vanligare och vanligare. Hade du ens hört talas om hemmasittare eller panikångestattack för 15 år sedan?

Företagen är inte onda, inte heller människorna som jobbar där. Men konsekvenserna råkar ändå bli ondska. Diabolos, som är ett annat namn för djävulen betyder exakt detta: förtala, kasta isär, söndra och splittra. Ondska förklädd i gulliga kattfilmer och hjärt-smileys.

Facebook och de andra säljer inte reklamplats, de tar betalt för att manipulera vårt beteende. Och de är mycket framgångsrika. Detta är ofattbart starka krafter som påverkar demokratiska val och orsakar enorma lidanden; både globalt och på individnivå. Det handlar om små förändringar, som kan upplevas som ofarliga eller harmlösa. Men över tid ackumuleras de till betydande steg i en destruktiv riktning. Speciellt sårbara är individer med låg utbildning och/eller en otrygg uppväx. Än mer utsatt läge blir det om du är uppvuxen i ett land utan fri media som kan nyansera din världsbild. Facebook har tre miljarder användare; TikTok snart två. För varje dag som går ökar misstänksamheten och och misstron mot det som är annorlunda. Allt blir någon annans fel. De som äter kött, de som röstar på Sverigedemokraterna, de med annan hudfärg, de som är muslimer, de som tillhör det andra könet, de som äter kokt ägg med den toppiga sidan upp, etc, etc... Världen slits isär i tusen bitar.

https://www.amnesty.se/aktuellt/facebooks-algoritmer-framjade-vald-mot-rohingyer-i-myanmar/

Det viktigaste här på jorden, mina relationer till andra människor, vill jag inte odla i dessa grumliga vatten. Därför kommer jag avsluta de konton jag har på bl.a. Facebook, Messenger, WhatsApp, X, Insta, TikTok och YouTube (rekommendationerna). Våga du också!

Borde jag inte stanna och bekämpa det onda istället? Det splittrande har alltid övertaget på dessa plattformar, det är ingen bra plats att strida på. Dessutom blir jag inte immun mot manipulationen bara för att jag vet om att den sker, min hjärna och mitt beteende påverkas ändå.

Tänk om vi i framtiden kan förändra algoritmerna så att de leder oss i motsatt riktning; lockar fram det goda i oss. Det är inte omöjligt, men nödvändigt. Hur skulle en sådan värld se ut..? Tills dess finns jag på telefon (0734-402 602), sms, mail (linnea@rosenbaum.se), Signal och Nostr (npub1k2z5t8ctga4jte5hkna7cm7jtmtdulk3sz78k5247yzlejcc444qaudgrj).

Kolla gärna in https://thesocialdilemma.com/ (filmen finns även på Netflix) och lyssna på
https://www.ted.com/podcasts/your-undivided-attention (inte minst de allra första avsnitten).

But free reach is not #nevent1q…puls

2025-10-05T07:37:36Z

But free reach is not

quoting
nevent1q…puls
made this - deep imo.

free speech is a human right.

#nevent1q…85eg

2025-09-29T07:20:49Z

quoting
nevent1q…85eg
I don’t believe women need to be ‘empowered’. Simply being a woman is powerful enough. We’ve just largely forgotten how to be in our feminine energy. And society has forgotten how truly valuable feminine energy is. When women are not in their feminine energy, men can not be in their masculine energy and then everyone suffers. It’s up to us, women.

Well spoken! #nevent1q…mm05

2025-09-28T14:57:20Z

Well spoken!

quoting
nevent1q…mm05
This is a long post that hopefully bridges some gaps between technical people (devs) and non-technical users and how they look at spam prevention in Bitcoin. I hope that it clarifies why I think that there is such a huge misunderstanding between both camps.

I'll preface this post with first disqualifying any malicious attempts to misrepresent the motives of either camp. Everybody wants to improve Bitcoin as money. Money is Bitcoin's use case. It's not a data storage system. If you think otherwise, there are countless shitcoins to play with.

Alright, let's get into it.

I have worked on anonymous systems for over a decade. I have read tons of research on spam detection, rate-limiting, and I've implemented spam prevention techniques in the real world.

I am very confident to say that there is not a single known method to prevent spam in decentralized anonymous open networks other than proof of work.

This is what Satoshi realized when he designed Bitcoin and it's why only transaction fees can reliably fight spam without sacrificing any of Bitcoin's properties.

Let me explain.

Spam prevention is a cat and mouse game. As a system's architect, your goal is to make the life of a spammer harder (increase the friction). This is why, on the web, you see captchas, sign-ups, or anything that can artificially slow you down. Slowing down is key. This is why Satoshi turned to proof of work.

Let's contrast this to other methods for spam prevention. This is not an exhaustive list but it illustrates the design space of this problem, other methods are often derivatives of these:

CAPTCHAS are a centralized form of proof of work for humans: Google's servers give you a hard-to-solve task (select all bicycles) that will slow you down so that you can't bombard a website with millions of requests. It requires centralization: you need to prove Google that you're human so that you can use another website. If you could host your own CAPTCHA service, why would anyone believe you're not cheating?

LOGINS with email and passwords are most popular way to slow down users. Before you can sign up, you need to get an email address, and to get an email address, you often need a phone number today. The purpose of this is, again, to slow you down (and to track you to be honest). It only works well when emails are hard to get, i.e. in a centralized web where Google controls how hard it is to get an email account. If you could easily use your own email server, why would anyone believe you're not a bot?

The next one is the most relevant to Bitcoin:

AD BLOCK FILTERS are another form of spam prevention but this time the roles are reversed: you as a user fight against the spam from websites and advertising companies trying to invade your brain. Ad blocking works only under certain conditions: First you need to be able to "spell out" what the spam looks like, i.e. what the filter should filter out. Second, you need to update your filters every time someone circumvents them. Have you ever installed a youtube ad blocker and then noticed that it stops working after a few weeks? That's because you're playing cat-and-mouse with youtube. You block, they circumvent, you update your filters, repeat.

The fact that you need to update your filters is critical and that's where it ties back to Bitcoin: Suppose you have a mempool filter for transactions with a locktime of 21 because some stupid NFT project uses that. You maybe slow them down for a few weeks, but then they notice it and change their locktime to 22. You're back at zero, the spam filter doesn't work anymore. What do you do?

You update your filter! But where do you get your new filter from? You need a governing body, or some centralized entity that keeps updating these filters and you need to download their new rules every single day. That's what ad blockers in your web browser do. They trust a centralized authority to know what's best for you, and blindly accept their new filters. Every single day.

I hope you see the issue here. Nobody should even consider this idea of constantly updating filter rules in Bitcoin. This would give the filter providers a concerning level of power and trust. It would turn Bitcoin into a centrally planned system, the opposite of what makes Bitcoin special.

This is why filters do not work for decentralized anonymous systems. They require a central authority. Until now, these rules were determined by Bitcoin Core, but they have realized that these rules do not work anymore. Transactions bypass the filters easily and at some point, carrying them around became a burden to the node runners themselves. Imagine you're using an outdated ad blocker but instead of filtering out ads, it now also filters out legitimate content you might be interested in. That's what mempool filters do, and that's why Bitcoin Core is slowly relaxing these filters. This has been discussed for over two years, it's not a sudden decision.

The goal of this change is not to help transactions to slip through more easily. The goal is to improve your node's prediction of what is going to be in the next block. Most people misrepresent this part. They say "it's to turn Bitcoin into a shitcoin" but that is just a false statement at best, or a manipulation tactic at worst.

Let's tie it back to proof of work and why fees are the actual filter that keeps Bitcoin secure and prevents spam reasonably well: Satoshi realized that there is no technique that could slow down block production and prevent denial of service attacks in a decentralized system other than proof of work. Fees prevent you from filling blocks with an infinite number of transactions. All the other options would introduce some form of trust or open the door for censorship – nothing works other than proof of work.

He was smart enough to design a system where the proof of work that goes into block production is "minted" into the monetary unit of the system itself: You spend energy, you get sats (mining). This slows down block production. How do you slow down transactions within those blocks? You spend the sats themselves, original earned form block production, as fees for the transactions within the block!

This idea is truly genius and it's the only reason why Bitcoin can exist. All other attempts of creating decentralized money have failed to solve this step. Think about it: without knowing who you are, whether you're one person pretending to be a thousand, or a thousand people pretending to be one. Bitcoin defends itself (and anyone who runs nodes in the Bitcoin system) from spam by making you pay for your activity.

People sometimes counter this by saying: the economic demand for decentralized data storage is higher than the monetary use case. First of all, I think that's just wrong. There are way cheaper ways to store data (there are shitcoins for this), and the value of having decentralized neutral internet money is beyond comparison.

However, there's a much deeper concern here. If you truly believe this, I ask you: what is Bitcoin worth to you? If you think Bitcoin can't succeed as money (i.e. be competitive), why do you even care? If you're not willing to pay fees for the use case that we all believe Bitcoin is designed for (money), and you believe that no one is willing to pay for it, how can it even persist into the future?

You can't have it all. If Bitcoin is money (which I believe it is), then we need to pay the price to keep it alive. There is no free lunch.

Either we centralize, or we pay the price of decentralization. I know where I stand.

Peace.

Men nu så! 💪

2025-09-16T08:51:19Z

In reply to nevent1q…py2k
_________________________

Men nu så! 💪

Nostr event nevent1qqsyyxv4jhl7kqx3ucnp5snd03sd8ttlaevg4e07m3p6at37w7nna7czyzeg23vlpdrkkf0xj760hmr06f0ddhn76xqtc7632hcstlxtrzkk5zrgtq0

2025-09-10T09:08:46Z

https://www.meetup.com/swedish-bitcoin-meetups/events/310954584/?utm_medium=referral&utm_campaign=announce_event&utm_source=link&utm_version=v2

Hej! övar mig på nostr...

2025-08-25T09:52:05Z

In reply to nevent1q…4n8g
_________________________

Hej! övar mig på nostr...

Kom på Bitcoinsymposium i Stockholm 15-16 mars! För både ...

2025-02-26T13:42:54Z

Kom på Bitcoinsymposium i Stockholm 15-16 mars! För både nyfikna nybörjare och erfarna experter https://www.bitcoinforeningen.se/symposium-2025/

Nostr event nevent1qqsx9n8qh8pdtkvtn0wqehgw9a4s0qagux2ekjdljz9pwc88hvuxerczyzeg23vlpdrkkf0xj760hmr06f0ddhn76xqtc7632hcstlxtrzkk5vspwrt

2024-08-15T13:39:18Z

Hej