Discussion on the power of key reputation systems and webs of trust using nostr in front of a live audience at Nostriga in Riga.
Video: https://www.youtube.com/watch?v=LE731vXoUOU
ODELL on Nostr: https://primal.net/odell
Pablo on Nostr: https://primal.net/pablof7z
Stuart Bowman on Nostr: https://primal.net/p/npub1lunaq893u4hmtpvqxpk8hfmtkqmm7ggutdtnc4hyuux2skr4ttcqr827lj
hzrd on Nostr: https://primal.net/p/npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr
pip on Nostr: https://primal.net/p/npub176p7sup477k5738qhxx0hk2n0cty2k5je5uvalzvkvwmw4tltmeqw7vgup
website: https://citadeldispatch.com
nostr live chat: https://citadeldispatch.com/stream
nostr account: https://primal.net/odell
youtube: https://www.youtube.com/@citadeldispatch
stream sats to the show: https://www.fountain.fm/
(00:00) Introduction and Setting the Stage
(00:41) Webs of Trust: Concept and Importance
(04:02) Social Graph vs. Web of Trust
(10:12) Challenges and Practical Applications
(18:03) Building Trust in Nostr Clients
(24:02) Bootstrapping Trust for New Users
(29:08) Blossom and Media Authenticity
(37:01) Final Thoughts and Future Outlook
[00:00:00]
Unknown:
Thanks. Preston. Yo. Let's get this energy up in here. It's just me and Pablo. Hazard, Stuart, where are you? Oh, there you go.
[00:00:17] Unknown:
How does the team is coming to? Who's joining us? It's the guy who wrote the,
[00:00:23] Unknown:
Do we need another chair? Yeah. Can someone get us another chair and a beer? I've been told there's no beer in this venue right now, which is a miss. Awesome. So guys, we're gonna be talking about webs of trust. Something that I'm particularly pretty excited about. I think everyone on stage is is pretty excited about this element of Noster. Before we start, we got a nice packed house here and a beer walking up to me, which is all can you open it for me? I don't have a bottle opener. Does anyone have a bottle opener they could bring me? Thank you, guys.
It's still very, we're very early days in this conference. We're working on the logistics here. Can I get a show of hands of anybody in this room that did not use Nostra before this week? Okay. So we got a couple new people here. I think Miles just did that with his bare hands, by the way, over there. Thanks, Miles. I think we're gonna keep this it's gonna it's gonna be a more technical conversation, I think. I was trying to decide if we should go high level or not. So, I mean, we can start with high level. Pablo, what is webs of trust? Why should people care?
[00:01:43] Unknown:
Alright. So web of trust is basically the concept of, inferring who should you be listening to, from activity from the network. So if you like, I'm friends with Matt. So Yes. That's awesome. Alright. Good. So I'm friends with Matt. And maybe Matt is having a conversation with someone that I don't know. But the fact that Matt follows them, the fact that Matt is having a conversation with them, then that means that maybe this person is is definitely not not spam. There would be probably no reason for for for Matt to follow a spam account. So I can infer, without knowing anything from this pub key, I can infer that, that it's not spam that I should listen to what this pub key is saying, at least briefly, and maybe consider following them. So traditionally, we've had a top down approach to, who should you listen to?
What is spam and what is not? And web of trust particularly becomes very, very useful to discern what is not spam and what is spam, or what likely is spam. And typically, it's been, Elon Musk just KYC ing people, and just letting in a bunch of bots anyway. But it's been very top down. You ask API. Twitter.com what content should I get from searching for something, or if you go to global, what content should I receive. But, but it's a very top down approach. World of Trust has a very interesting feature, which is very similar to cryptography in which it's very easy to compute world of trust, but it's really expensive to to cheat a way of trust. It it was very hard for, a spam account to get Matt and myself and Sue and a bunch of other people to follow that account.
It's very, very hard to to to do that. But, but me seeing, okay, who does Matt follow? Who does does the do the people that I follow? Who do they follow? It's super cheap. It's super easy to to to that. Do we only have 2 mics up here? Really? Do you guys not have mics?
[00:03:59] Unknown:
Can we have some mics?
[00:04:01] Unknown:
You wanna expand? Thanks, Preston.
[00:04:04] Unknown:
And I think there's one right behind you, Preston. Yeah. Awesome. That was turned on. This was fine.
[00:04:10] Unknown:
Yeah. I mean, as far as an overview, I don't think I have anything to add what you could Maybe maybe you wanna add something? Yeah. You got some?
[00:04:18] Unknown:
Yeah. Just to so everyone can follow along, I think it's good to give some initial definitions. So, I often talk about social graph instead of web of trust just because when we talk about web of trust, it's obvious that it's you're talking about trusting some other people. But social graph is more general terms, which just use how people are connected on, and then you can use that for many different things. One thing is what Pablo mentioned, which is anti spam measures or anti denial of service attacks measures, for example. Just to give a brief definition, like, okay, what is a social graph? 1st, the second part graph is a mathematical structure, which is pretty simple.
It's just nodes, and then how they are connected by edges. So a social graph is a graph where, nodes and edges represent social things. So for example, social entities like people and social relationship like who follows who. And just by looking those simple things, you can pretty easily discern, what is not spam because it's very expensive, as Pablo said. It's very expensive or difficult to get follows from people, from real people, from people that have a reputation. And, yeah, you can I prefer to talk about the social graph instead of web of trust because the context is do matter a lot? So it's not necessary that we talk about trust. So for example, when you can use social graph to do recommendation, but that doesn't necessarily mean that there is trust involved other than you trust that the recommendation are not impersonating. So, like, I get Lee Holden as a recommendation.
The only trust is that Lee that is the is not an impersonator, is the real Lee Holden. But other than that, there is not much to it.
[00:06:23] Unknown:
So Yeah. That's that's a good, I like that name versus, like, web of trust because it's not really a trust relationship, especially since, like, a lot of trust isn't like this thing you can easily measure and put into a graph, whereas the, kind of social graph is a lot more because It's more open. Yeah. Yeah. Yeah. Web of trust prescribes how you you should use it whereas whereas social graph is is like a tool that you can use in multiple ways.
[00:06:50] Unknown:
And I would argue that, it can it can be used for to improve or solve many different problems. 1 is anti spam. Another is, like, recommendation and content discovery. Another could be, anti impersonation. So how do you know that Matt Odell is the real Matt Odell, or is that m pub not another m pub? How do you know from 50 different Czech m pub which is the real one? Well, the impersonators haven't started using caps yet. I noticed that. That's very easy. They're all still lowercase.
[00:07:24] Unknown:
Stuart, do you have anything to add? Yeah. I I really like that distinction between the web of trust and social graph. I think that's really important to keep in mind because, like, the web of trust is a web of trust. Or, like, it will okay. Let's say the following list of Nostra, who you're paying attention to is it's it is a web of trust, but it's it's like a narrower web of trust that you're trusting them not to spam you. You're trusting them with your attention. And I think it gets down to a really, practical question of, like, temptation to wanna be like, a web of trust for following, a web of trust for hosting your data, a web of trust for couch surfing, a web of trust for, you know, all these different use cases. But I feel like that leads it it just makes things really complicated. And so I think there's some it's important to realize that, like, the web of not spam is a foundational web of trust because it is the thing that collapses the infinite space of pub keys into a finite reality of pub keys that are real. Because in your you're, you know, paying attention to them in some sense, and so they're not they're not bots. They're not real.
So, yeah. It's I think there's something very kind of poetic almost about the idea that asymmetric key crypto can be used to obfuscate and encrypt or sign and verify, and that maps directly onto the concept of a private sphere and a public sphere. You can't have a private sphere without encryption, without privacy, and you can't have a public sphere without, you know, some type of notion of authenticity, which is digital signatures. So the web of trust is like the web of not spam is sort of like the base asset. The foundational pool of social capital that is sort of like necessary to construct more, you know, like like more niche like ideas about who to trust for what thing and that kinda gets into social graph territory. But anyways, I just think that distinction is, like, super brilliant and good to keep in mind. So Yeah. I like what you say there about,
[00:09:31] Unknown:
the like, not fragmenting the social graph, because there's a temptation there, like, fragmenting. Let's say, like, this is the a social graph for stores that I trust, for vendors that I trust, for restaurants I trust, and whatnot, or even banks I trust. And that would be useful in, like, many contexts, but one thing we have to we can't forget is that that data never becomes stale. It never gets constantly updated. And one benefit we have with the, kind of you might say, like, nostril social web of trust or social graph, whatever it is we're calling it, is that at least, has some kind of cadence to getting updated. Like, if the the user's browsing their social media app and they see something they don't like, they unfollow the person, or they remove them from that thing.
And if the the users if we don't have a mechanism for the user to regularly, you might say, prune their social graph, then all we're doing is kind of building up bad data. And so that as far as, like, not fragmenting it, like, I think that's a commonly overlooked thing. It's like, not only do you have to build the social graph, but you also have to make sure the social graph is pruned. Yeah. Because there has to be, like, a common denominator between use cases,
[00:10:44] Unknown:
and not spam is that common denominator. Right?
[00:10:48] Unknown:
But don't you trust different people for different things? Like, is it inherently fragmented, though? Well, I think the the not spam part is not necessarily fragmented.
[00:10:57] Unknown:
It's that the social graph is a kind of that's where the, like, the annotation sort of should take place of
[00:11:04] Unknown:
the the groups. Yeah. I I I think there's, there's a belief that you can have, a very explicit fragmentation where you say, I explicitly trust Matt with regards to the Bitcoin topic on a scale of 0.97, and that's just not how people work. Like, our brains don't work that way. So you can you can infer kind of weights in this way, on on certain topics by analyzing activity. Like, I listen to our HR. So, like, that that could be an activity that can go into, okay, how much do I trust Mari and Matt with regards to to the Bitcoin topic? So I I think that's where the fragmentation idea comes from where people are not going to go out of their way to create all these attestations of and and wait on on on topics because, yeah, they'll go stale. Like, maybe I'll say, yeah, I try stew on this topic this amount, and that changes, but I never update my my attestation.
[00:12:06] Unknown:
Yeah. That's the I think that's exactly what to remember. It's like the best example of this would be like a, attestation or a web of trust for something like journalism. Like, how much do I think this person is truthful? Or do do I think they're lying or something like that? And it sounds really useful. But we just have to be careful of the fact that if we make that any explicit data, we can definitely you know, you can create apps to generate that those, social graphs and generate those trust scores. But we also have to be careful that we those things have to be updated or maintained. Otherwise, we just generate everyone gets a 5 star rating, and it never, you know,
[00:12:41] Unknown:
the review never gets updated. That that's why those of the station must be the byproduct of actual interaction. It it it's gotta be inferred from something that I'm doing on my daily life, not going out of my way to score my friends on how much I like them that day.
[00:12:56] Unknown:
Yeah. Exactly. And it becomes extremely complex as if you were to do this trust at the station. I think there is a NIP, like NIP Yeah. NIP 87, 89. Don't remember. And, yeah, if you do it once, like, okay. Trust Pablo about inclining on a scale from 1 to 100, like, 89 or something. But then once I do this for 100 people, then it becomes difficult because, I want those ratings to be, like, consistent with each other because I trust him more than Odell in climbing. It becomes super complex. So, yeah, I totally agree that it should be a byproduct of user actions. Which one is, like, follow? Another is mute. Another is zap. With zap, it's a is a bit tricky because you to to say that it it is a signal, you have to be sure that the sender and the recipient are not colluding, for example. They are not the same person. Otherwise, there is no economic value moving. Or aren't zaps just not verifiable? So
[00:13:57] Unknown:
we shouldn't have really put too much stock in them anyway. Not subs are, though. Very true. Such subs are. I mean, I guess you could use, like, a web of trust to decide if zaps are worth it or not to count just webs on top. Like, there is no web of trust. Right? It's webs. There's many different webs. Right. 1 there is just one mempool. It's Wiz's mempool. But okay. I mean, where do you guys wanna go with this conversation? I'm I'm you guys are like prolific here. I'm just I I feel like the entertainer. I feel like this graph,
[00:14:31] Unknown:
whatever we're calling it, is like maybe the most important, kind of thingy that's being sort of the art it's like an artifact that's being precipitated by all the activity on the Gnostr network. Like, like which I think that's what you like that what you said just a second ago about, like, demonstrating trust. I think it's actually kind of like a pretty deep point because you you actually have to like do stuff to demonstrate trust. Otherwise, like like what does it mean to trust someone? Like, you you like if if we were not all like scrolling on our phones experiencing the possibility of getting spam, why would we follow anyone? Or what do we mean? Or we can take a survey but then like like you're saying like it just is static at that point. So like if the trust is kind of like a reflection of some type of action. So all this action that's occurring, it is precipitating this type of web of trust in the world which is like, I I think it's I I sometimes I say I think I don't know if this I think this makes sense to say that the web of trust is deflationary in a sense, where like if you have an artifact like perfect example of this is the ogcowsurfing.org, which is now being built on No Striff, fun fact, which I'm like excited about but, that was a perfect example of a bunch of people who did a bunch of stuff that was risky, which was stayed at each other's houses and then they created like a digital representation of that and it was this big data set and it was economically deflationary because people could go to a city and stay for free.
And like what's really optimistic about Nostra is that this web of trust that's being precipitated is similarly deflationary but it is unkillable. It's like a ratchet. It just keeps growing. So like, you know, I you you can probably apply that notion of deflation to like social stuff too, like you don't have to be as worried that people are gonna rip you off. So you could, you know, so so I think that's like that's what worried that people are gonna rip you off. So you could, you know, so so I think that's like that's what Nostra is doing is like this web of trust is exportable from Nostra. It is not something that is only relevant to Nostra. It's relevant to the world, you know. It's quite quite interesting. I mean I feel like that's the key. Right? Is like webs of trust is not a new
[00:16:38] Unknown:
concept. No. 1000 years ago. The the biggest issue historically has been creating a robust, distributed, censorship resistant one. Like, all the successful ones have always been incredibly centralized. Things like eBay reviews or Airbnb reviews or Uber. Right? But actually having it distributed and not controlled by a single entity is the key here, and Nasr unlocks that. And I think what a lot of people, fail to realize is there's a lot of it it kind of feels like blocked like the whole blockchain thing all over again. I mean, I I know a lot of us are Bitcoiners, so we look at things with a bias, but it's like, I don't like Bitcoin, I like Blockchain. Right? And it's like you need the token. The token needs to exist for the Bitcoin system to work. And with Nasr, like, everyone's like not everyone, but there's a lot of people that fade the social media aspect, but say I will want the other stuff.
And the social media aspect is the bootstrapping mechanism that even makes this possible because it's incredibly boring to, like, build out a distributed web of trust or multiple webs of trust just to do that. But it's not boring to shitpost or post memes or, you know, rage at someone online. Like, that's the cool part. So in practice, let's let's try and take, like, pull back a little bit. Let's let's go to, like, how how this would actually work, practically speaking. And and that I mean, we've we've already kind of mentioned it with with spam. We've already kind of mentioned it with impersonators. But, like, if you were we'll we'll go to you, Pablo. Like, if you if you were gonna, like, build a client, that tried to stop spam from happening and you were gonna use a web of trust, how how does that look on the user side? Like, how does the user interact with that, and how do you remove yourself from the equation of being the developer choosing, you know, having too much control? Because one man's spam could be another man's censorship. Right?
[00:18:42] Unknown:
I mean, the what I what I include in every single client that I that I build is, when you log in, it fetches the people that you follow. It fetches your the people that you mute, and it fetches the follows of the people that you follow and the mute of people that you mute. And I then just compute a score. For all the puppies that I know, it typically, like, a normal account ends up with, like, between 20, 25, 30,000 puppies that that I've scored in some way. And then I can just go to global and and I can look at all the notes, all the events that are coming in. I I can just filter out the ones that fall off of this way of trust. So for example, one of of the clients that I wrote where this was super relevant was, WikiPhreeda, which is like a Wikipedia, implementation of of Nostr, where for ideological reasons but also for technical reasons, there cannot be a canonical entry. You cannot go to what is the entry for Riga, because who should I ask? What where is the entry for Riga?
You have competing entries for Riga. So there might be 20, 50 different, entries for Riga, and I sort them by by the proximity of the of the people that have written the the entry. And there can be explicit at the stations because I have the concept of forks. So maybe I go and I see that Matt wrote something, Audriga, and I want to make a modification. I fork his entry, and I can change it. So maybe he says, oh, Pablo's entry is better. So I'm going to point my entry to Pablo's. So now my entry would have my score and Matt's score. So if you follow both of us, it's it it might rank higher because of that.
But someone else might come in. They are whatever, into Cardano or whatever, and they will have a very different world of trust. And they might see a different view of of Riga, and they might see a different view of of all these different entries. So as a developer, I don't have a say on what content you're going to see, how things are going to to look, what things are going to be spam. It's it's all going to be from your point of view.
[00:21:11] Unknown:
Yeah. I don't like, honestly, that score. Is it correct me if I'm wrong, but it is is it is similar to the the.
[00:21:19] Unknown:
Right? It's Kinda similar. You you mean the the display?
[00:21:23] Unknown:
The the score behind,
[00:21:25] Unknown:
left next to the entry in Wiki Free. Yeah. Yeah. The the score is displayed for dividing reasons, but I I disagree, and I actually also told to Huddl about that. I don't think scores because they are you see a number next to an entry, and that number means
[00:21:42] Unknown:
basically nothing. So And how should you display it? What's that? How how what's a better way to display it? Yeah. I would dis because a number is,
[00:21:50] Unknown:
summarizing that people to a number, and it is a bit prescriptive and not descriptive. So it's it is simpler to view my, my mind in another example, which is like anti impersonation. So I click on the profile. It it is, Lynn Alden, or that that's a display name. And then I would like to see the faces of the people I follow that also follow that AMP hub. And not But it's, like, a bunch of impersonators
[00:22:19] Unknown:
of the people you follow are all following the impersonator. Like, it's just impersonators following impersonators.
[00:22:25] Unknown:
No. No. Because it's, it's based on on me, basically. So I follow you, and you follow that and Pub, and so I see your profile there. Oh, okay. And this this way so, this is, I think, better because in some context, your opinion might be worth more or less than some other opinion. So for example, we might be talking instead of profiles. We might be talking about apps. For example, a great example is Zapstore, and Zapstore shows faces of the people you follow that also follow the signer of the app. So for example, if from those faces I see, let's say, MBK, and we are talking about, or Craig Roe, and we are talking about, Bitcoin Wallet, his opinion, in my mind, will wait more. But there is no way to, like, quantify that with a number or at least the client that doesn't know which opinion I have of those people.
But there is no need to summarize that. We can just show the faces, and I intuitively would know who to look for without having to summarize that into one number. You just have to see faces, and I think it's more natural. And, also, it ties more in what people are used to do, like, in mid space. So, for example, when you don't know nothing about something, maybe about cars, you have no idea, like, yeah, maybe it comes to your mind that you have 3 friends that know about cars more than you do, but you don't think any numbers. You're thinking, what people should I ask for better advice or better, yeah, information about the topic.
[00:23:59] Unknown:
And so, yeah, that makes sense to me. I mean, we see that in a lot of centralized apps do the like, Twitter has that where you see the little pictures, and it's very intuitive. What are your thoughts on I it's kinda interesting. Right? Because there's there's and maybe it's also a product of the fact that Noster is so early, and it's so young in it in its life, but, there's a balance between how do you technically make something possible, how do you give a user sovereignty and and power over their own, situation, and then how do you display it to them in a relatively little friction way? Because if you add any kind of friction, if you add power user things right in front of someone's face in the beginning, they probably just won't even use the tool in the first place.
But I'm curious. So what's your opinion on you know, in a perfect world and we're way down the line, it's like everyone already has, like, their social graph and stuff on Noster, and and it's a different situation. But as new people are joining, how do you how do we attempt to mitigate the impersonator problem, for that new person who's joining? Like, they they don't have a social graph yet.
[00:25:13] Unknown:
Yeah. This is a good question. Like, the bootstrapping problem if you're new and you come in and you don't know who to trust at the beginning at first. What you can use is some well, obviously, you're never going to use, followers count because that can be faked. So there can be for I I like the idea, for example, of proof of work keys as a first introductory step, but not necessarily in that way because proof of work keys are, the UX around them is terrible because you have identity creation. You have to commit energy to create that key that starts with a certain number of zeros.
So that UX is terrible, but what it shows is that there are certain AMP apps that have more skin in the game, that verifiable skin in the game, and that is a good place for initial bootstrapping. So if you know nothing about who to trust, you can start, assigning some low level of trust of people that have skin verifiable skin in the game in in terms of these proof of work keys, for example.
[00:26:22] Unknown:
I I have a very pragmatic approach. I just use my pub key. It's, like, literally
[00:26:27] Unknown:
You use someone else's pub key? No. Literally mine.
[00:26:30] Unknown:
Like But I mean, obviously, you do. So if someone creates a new pub key They use your They pub. They it doesn't it doesn't have any followers. Yeah. So it just fetches my word of trust and uses my word of trust. Because I, like, I know that, like, they're already using my software. I know that I'm not fake. Like, I'm not spamming.
[00:26:51] Unknown:
So just that. It's it's, like, a very, very trivial approach. You know what'd be cool? Is is if you could create an invite link to Nostr that was based on your social graph. So you could be like, hey, like, Nostr, that you should join Nostr, and then you just send them a link and it's like it imports your followers.
[00:27:10] Unknown:
That'd be cool. I think isn't like Manny working on something like that? Meet Me on Nostr?
[00:27:16] Unknown:
Yeah. There are there are 2 two projects that I know of that are working on that. That's that's 1, Nostr dot me. It's it's also has like the same idea where, like, you set up the profile for Right. And you can, like, leave You even pick the relays and everything. Everything. Yeah. Yeah. The cool part with, like, the invite idea is that,
[00:27:37] Unknown:
you only need one connection before you start building your own social graph. Like, it is a little bit further removed. But if I only followed like Pablo, then at least when I compute my social graph, it will be one person, Pablo, plus all of his followers. So it scales really quickly, even with just one person. And then, so maybe that's like maybe that one person is just a friend that introduces you to Noester and they have at least a few followers. And, like, at least you start you just have to go a few more layers out on the web of trust to get a decent number of, like, reputable people, you might say, or not
[00:28:13] Unknown:
spammers. Yeah. That makes sense to me. So, Stewart and Hazard, you guys have been working on Blossom. Right? So Blossom is this this idea of of of trying to, tackle the the media problem from different angles, whether that's it could be any file, but, like, video, photos. We we're we're entering this world where you're gonna have more and more AI deep fakes, where you have more and more situations where, you don't know what's real. We're already kinda there in just like this post truth environment. So, I mean, I guess we'll we'll throw it over, to you, Stuart.
The like, how do you think about webs of trust mixed in with something like blossom in terms of people because I think that's something that people can actually tangibly realize as a benefit early on, like, in the next 6 months to 12 months. Like, how is this is it is this video of Donald Trump real or not?
[00:29:13] Unknown:
Yeah. So so I think that, like, Nostra is a very weird, special, exceptional, instance where we have the opportunity to build data infrastructure on top of a social graph, and that's very backwards to normally how it goes when you try to create some type of network, particularly a peer to peer network, is you usually start with, like, you know, like, data infrastructure, like IPFS. But the problem with IPFS is that it's not a social network. There's no notion of identity of, like, credibility. And so it doesn't work because everyone connects to everyone, and and it's just slow, and it's unworkable. So noster is a weird thing where we've kind of, like, memed into existence a social graph sort of thing. So, like, it's enough now that we can build we can kind of leverage that to decide or, like, you know, to make possible certain things such as, like, if you want to host and precache people's data. Like so the thing that me and satellite, me and Hazard have been working on is I'm gonna I don't wanna just tell you guys. So we we've been building this, like, like, satellite.earth has just been a web client for a long time, but we're doing, like, a new thing that's like a desktop app. So the idea is is a bunch of edge devices that act as kind of like a deep web of Nostra, and each person's node, as it were, pulls in, scrapes and caches the data that you care about which is by default the data that's in your that you the people you follow. So blobs and events.
So the kind of the high level view of this is you have clients the way I'm thinking about is you have like clients like, you know, like mobile apps or whatever like, Oracle or Primal or something. They are, clients of relays and their clients of Blossom servers for events and blobs respectively. But the question is, I think, is worth asking, what are Relay's clients of? What are blossom servers clients of? Like, where do they get data from? It would be cool if they could be a client of a deeper layer because right now the only the only the only way like, CDN blossom servers or events or relays get events is the only way they get data is if people blast data at them. So that kind of works, but it would be real it would be really nice if you could sort of, like, pull data up from a deeper layer and put it on a Relay or a blossom server to blast it to clients. And that way clients don't have to do with crazy peer to peer stuff. But that wouldn't have been possible to do that without this web of trust because if you didn't have a notion of people who weren't spam, you couldn't have this nice thing of edge nodes that automatically pulled stuff in because you'd be pulling in giga terabytes of garbage constantly.
[00:31:59] Unknown:
So that's a very concrete example, actually, I think. And, yeah. Blossom is you you talk about it, Hazard. You know more than me. I mean, there's, like, implementation side of it, which is more technical, but I'd say, like, the core of the Blossom idea or the idea of my my goal with Blossom was just, when you start signing hashes of the files. But the file no matter how the file gets to you, like, it can come over HTTP. It can come over torrents. It can come over IPFS. It can come over anything. But we need a unified hash, and we need to sign the hash in the note. Because otherwise, if you don't sign it, you don't know what you're getting. Yeah. And that that that unified hash is effectively an interface.
[00:32:38] Unknown:
It's an interface to blobs that apps that encapsulates the insane complexity of peer to peer stuff. And that is why, like, it's, like, super smart not to start with the peer to peer stuff, but, like, some notion of federation like Mastodon has is pretty cool as long as clients don't have to interact with it. You know? As long as it's like hidden under this little layer of the blossom spec and no and in IP01.
[00:33:00] Unknown:
Yeah. And the cool part is like to bring it back to, like, Webber Trust is it's kind of the same thing with a Webber Trust and a social graph is because you can't connect to the entire Internet, because you can't plug into the entire Internet, you need a starting point to know, like, what do I actually not what do I want to plug into, because that's the user's decision. But what do I plug into for the user? What is the user's starting point for what they find valuable? And that maps onto a whole bunch of stuff, like event transmission, or like blob storage, file storage, or even just like recommendations or anything else like that. So where do you if you can't plug into the entire internet, where do you start?
[00:33:41] Unknown:
But so you have with the with the hash, the hash is is to be able to validate integrity of a file, basically. Right? So you have this hash, and you're able to see if it's changed over time. The signature is essentially an attestation by a specific end pub or whatever saying, this is the file. And then on top of that, there is presumably, there could be many people that are just changing that file and then resigning it themselves with a different hash because they changed the file. So then you would you would need some kind of web of trust that's like,
[00:34:18] Unknown:
this is like the actual this one is the real one, and this one's the modified one. Right? The cool part with the hashes is, I mean, you can't unless you find a hash collision, you can't fake the hash. So Right. What you get, as long as you can get it, is what you're looking for. The way the web of trust were maps onto this is how do you get it? That's the difficult part. Because again, like, if you have this file identifier, if you have this this unknown file that you want, so let's say it's like a 10 gigabyte movie or something, like, how do you find it? It's on the Internet. You can't plug into the entire Internet.
So I found, like so if I it came from you or it came from a podcast or it came from somebody one of somebody I follow. As I mentioned before, like, the web of trust kind of signaling where you start plugging in, it can do the same for fetching data. Similar to how we fetch events where you just you're like, I'm looking for this file. I have no idea where it is. So instead of searching the entire world, I can start with my web of trust. And even better if I knew who the file was from, but I can start with my web of trust, and that narrows down, you might say, like, the search space for trying to find that one hash or that one file. It narrows it down considerably than trying to, like, you know, start pinging every single file server on the internet.
[00:35:35] Unknown:
So so just to give more perspective, this maps into the the outbox model because it's the same idea of, I want to see your Stu's notes, to which really should I talk to to get his notes. For this is, I know that that that has our published file with this hash ID. From what from what blossom server should I get it? I will query for the list of blossom servers that he uses. And now instead of having to just randomly query a bunch of different servers for this hash ID, I go to one of these 3, blossom servers that he uses. And one cool thing is, you uploaded, a file to to, one of your Blossom servers.
He wrote a blog post linking to that file, explicitly linking HTTP blah blah blah, linking to that file. And that that blossom server, he deleted the blossom server. So now that that that blog post that he wrote now has a missing file. It the the link is broken. But now you can query for the blossom list that he uses and you can fix the the link. And it it when you do it for the first time, it's like it's magical. Within a second, you see you get a 404 or whatever. Like, you cannot connect to the server. And you go to the next server, query for the same hash ID, and you get the file. And it's super magical.
[00:37:01] Unknown:
Beautiful. Guys, we have,
[00:37:04] Unknown:
a few minutes left. Let's, just wrap it up with some final thoughts. We'll start with you, Stuart, and move down this way. Well, to wrap it up, I I like to think of Nostra as like the hydra, like the mini headed snake. You know what I mean? Like, you chop off one head and like a 1,000 more just like pop up. I think that's what is kind of, you know, the model that we should use to think about resilience is that there has to be some sort of base level from which all these snakes spring up, like whack a mole. You know, so like like Pirate Bay in 2010 during the golden era of getting their domain name, deleted by the government over and over and over again was the fact that they just had a giant database of torrent files and those torrent files were just metadata that referred to a bunch of stuff. So as long as it exists on one person's computer, it can always, like, spring up and you can upload it very quickly to as many blossom servers and as many relays as you want. So, Yeah. Gnostr is fundamentally an unkillable, un undeletable medium and the rest the other problem is, just how to deliver that data. But fundamentally, I I'm extremely bullish on Gnostr because I sort of suspect that in, like, the kind of like, post truth era of not really being sure what's real, the ability just simply being able to digitally sign something at all and refer to some type of source of signal about whether or not this is real is going to move probably move the needle more than anything else. Especially, you know, like, when AI impersonation becomes like more widespread, you know, people are going to like can absolutely freak out when you see, like, a video of yourself or something on the Internet, and it's, like, how do you know? So, like, the this this digital signature thing is, like, a safe harbor in that storm, and, that that's probably gonna drive a lot of people in Austria, I think, personally.
Yeah.
[00:39:05] Unknown:
Yeah. Yeah. That that part is super important. Like, knowing not not what's real because that's too much, but knowing who said what. That that's good enough for most things, and I would say that the fact that we are moving towards I think we are moving towards a world in which, as Odell says often, like, the post truth world where you don't you don't have to have consensus of what's real. You kinda come to your, understanding of what is real, what is truth, what is coherent with your vision and that of your community. And, yeah, the social graph is is a tool that we can use, very, very powerful, and, we no one was able to use such a tool before because it was only developers of the comp of social companies that have the ability to use it. So, obviously, with the such a power comes also the responsibility that we can do and should do should build something which is better and more sane than the world we are living, and this comes from, establishing principle that makes sense in the context of the post truth world where you don't go out and tell others what they should believe, but you give them tools so that they can decide for themselves what to believe, what to think, what to what to, yeah, what to think.
[00:40:28] Unknown:
Yeah. Like, that's I don't think I can extend that. Like, the only thing I gotta say is is that, we built there has been a lot of crazy experimentation done in the past. I mean, I for me, I've only been here, like, a year or 2, but supposedly, there's a lot of crazy stuff being built before that. I remember the early clients, but there's a lot of crazy experimentation being done. There's a lot of even the cryptographic stuff will work that's being used on the network. It's crazy that users are actually using cryptographic keys on the Internet now. But I think the craziest part is, like, we we finally have an open social graph on the Internet.
We finally have data that nobody owns that is extremely valuable, and that applies to so much more than social. Like, maybe it's not a trust, as you said. Maybe it's not it's not strictly trust, but it's a starting point that can that can start like I said, in the era of where, like, the AI is just gonna start flooding the Internet with so much either misinformation or just noise, it's a starting point to start browsing the internet again instead of trying to filter all the noise out. And that's going to be it's going to be huge.
[00:41:36] Unknown:
Yeah. To to to that point, I I think the, navigating the Internet via will of trust will be it's kinda why it's titled like this, the the talk. It it will be the only way of making sense of things because as like, AI is such a perfect forcing forcing function to to adopt these, these schemes. It it it there will be no other way. It it simply will not make sense to consume data that is not signed. Like like, in 50 years, they would be like, what do you mean the Internet was not signed? Like, what the fuck are you talking about?
[00:42:11] Unknown:
Damn right. Thank you all. Can we get a huge round of applause for these gentlemen?
Thanks. Preston. Yo. Let's get this energy up in here. It's just me and Pablo. Hazard, Stuart, where are you? Oh, there you go.
[00:00:17] Unknown:
How does the team is coming to? Who's joining us? It's the guy who wrote the,
[00:00:23] Unknown:
Do we need another chair? Yeah. Can someone get us another chair and a beer? I've been told there's no beer in this venue right now, which is a miss. Awesome. So guys, we're gonna be talking about webs of trust. Something that I'm particularly pretty excited about. I think everyone on stage is is pretty excited about this element of Noster. Before we start, we got a nice packed house here and a beer walking up to me, which is all can you open it for me? I don't have a bottle opener. Does anyone have a bottle opener they could bring me? Thank you, guys.
It's still very, we're very early days in this conference. We're working on the logistics here. Can I get a show of hands of anybody in this room that did not use Nostra before this week? Okay. So we got a couple new people here. I think Miles just did that with his bare hands, by the way, over there. Thanks, Miles. I think we're gonna keep this it's gonna it's gonna be a more technical conversation, I think. I was trying to decide if we should go high level or not. So, I mean, we can start with high level. Pablo, what is webs of trust? Why should people care?
[00:01:43] Unknown:
Alright. So web of trust is basically the concept of, inferring who should you be listening to, from activity from the network. So if you like, I'm friends with Matt. So Yes. That's awesome. Alright. Good. So I'm friends with Matt. And maybe Matt is having a conversation with someone that I don't know. But the fact that Matt follows them, the fact that Matt is having a conversation with them, then that means that maybe this person is is definitely not not spam. There would be probably no reason for for for Matt to follow a spam account. So I can infer, without knowing anything from this pub key, I can infer that, that it's not spam that I should listen to what this pub key is saying, at least briefly, and maybe consider following them. So traditionally, we've had a top down approach to, who should you listen to?
What is spam and what is not? And web of trust particularly becomes very, very useful to discern what is not spam and what is spam, or what likely is spam. And typically, it's been, Elon Musk just KYC ing people, and just letting in a bunch of bots anyway. But it's been very top down. You ask API. Twitter.com what content should I get from searching for something, or if you go to global, what content should I receive. But, but it's a very top down approach. World of Trust has a very interesting feature, which is very similar to cryptography in which it's very easy to compute world of trust, but it's really expensive to to cheat a way of trust. It it was very hard for, a spam account to get Matt and myself and Sue and a bunch of other people to follow that account.
It's very, very hard to to to do that. But, but me seeing, okay, who does Matt follow? Who does does the do the people that I follow? Who do they follow? It's super cheap. It's super easy to to to that. Do we only have 2 mics up here? Really? Do you guys not have mics?
[00:03:59] Unknown:
Can we have some mics?
[00:04:01] Unknown:
You wanna expand? Thanks, Preston.
[00:04:04] Unknown:
And I think there's one right behind you, Preston. Yeah. Awesome. That was turned on. This was fine.
[00:04:10] Unknown:
Yeah. I mean, as far as an overview, I don't think I have anything to add what you could Maybe maybe you wanna add something? Yeah. You got some?
[00:04:18] Unknown:
Yeah. Just to so everyone can follow along, I think it's good to give some initial definitions. So, I often talk about social graph instead of web of trust just because when we talk about web of trust, it's obvious that it's you're talking about trusting some other people. But social graph is more general terms, which just use how people are connected on, and then you can use that for many different things. One thing is what Pablo mentioned, which is anti spam measures or anti denial of service attacks measures, for example. Just to give a brief definition, like, okay, what is a social graph? 1st, the second part graph is a mathematical structure, which is pretty simple.
It's just nodes, and then how they are connected by edges. So a social graph is a graph where, nodes and edges represent social things. So for example, social entities like people and social relationship like who follows who. And just by looking those simple things, you can pretty easily discern, what is not spam because it's very expensive, as Pablo said. It's very expensive or difficult to get follows from people, from real people, from people that have a reputation. And, yeah, you can I prefer to talk about the social graph instead of web of trust because the context is do matter a lot? So it's not necessary that we talk about trust. So for example, when you can use social graph to do recommendation, but that doesn't necessarily mean that there is trust involved other than you trust that the recommendation are not impersonating. So, like, I get Lee Holden as a recommendation.
The only trust is that Lee that is the is not an impersonator, is the real Lee Holden. But other than that, there is not much to it.
[00:06:23] Unknown:
So Yeah. That's that's a good, I like that name versus, like, web of trust because it's not really a trust relationship, especially since, like, a lot of trust isn't like this thing you can easily measure and put into a graph, whereas the, kind of social graph is a lot more because It's more open. Yeah. Yeah. Yeah. Web of trust prescribes how you you should use it whereas whereas social graph is is like a tool that you can use in multiple ways.
[00:06:50] Unknown:
And I would argue that, it can it can be used for to improve or solve many different problems. 1 is anti spam. Another is, like, recommendation and content discovery. Another could be, anti impersonation. So how do you know that Matt Odell is the real Matt Odell, or is that m pub not another m pub? How do you know from 50 different Czech m pub which is the real one? Well, the impersonators haven't started using caps yet. I noticed that. That's very easy. They're all still lowercase.
[00:07:24] Unknown:
Stuart, do you have anything to add? Yeah. I I really like that distinction between the web of trust and social graph. I think that's really important to keep in mind because, like, the web of trust is a web of trust. Or, like, it will okay. Let's say the following list of Nostra, who you're paying attention to is it's it is a web of trust, but it's it's like a narrower web of trust that you're trusting them not to spam you. You're trusting them with your attention. And I think it gets down to a really, practical question of, like, temptation to wanna be like, a web of trust for following, a web of trust for hosting your data, a web of trust for couch surfing, a web of trust for, you know, all these different use cases. But I feel like that leads it it just makes things really complicated. And so I think there's some it's important to realize that, like, the web of not spam is a foundational web of trust because it is the thing that collapses the infinite space of pub keys into a finite reality of pub keys that are real. Because in your you're, you know, paying attention to them in some sense, and so they're not they're not bots. They're not real.
So, yeah. It's I think there's something very kind of poetic almost about the idea that asymmetric key crypto can be used to obfuscate and encrypt or sign and verify, and that maps directly onto the concept of a private sphere and a public sphere. You can't have a private sphere without encryption, without privacy, and you can't have a public sphere without, you know, some type of notion of authenticity, which is digital signatures. So the web of trust is like the web of not spam is sort of like the base asset. The foundational pool of social capital that is sort of like necessary to construct more, you know, like like more niche like ideas about who to trust for what thing and that kinda gets into social graph territory. But anyways, I just think that distinction is, like, super brilliant and good to keep in mind. So Yeah. I like what you say there about,
[00:09:31] Unknown:
the like, not fragmenting the social graph, because there's a temptation there, like, fragmenting. Let's say, like, this is the a social graph for stores that I trust, for vendors that I trust, for restaurants I trust, and whatnot, or even banks I trust. And that would be useful in, like, many contexts, but one thing we have to we can't forget is that that data never becomes stale. It never gets constantly updated. And one benefit we have with the, kind of you might say, like, nostril social web of trust or social graph, whatever it is we're calling it, is that at least, has some kind of cadence to getting updated. Like, if the the user's browsing their social media app and they see something they don't like, they unfollow the person, or they remove them from that thing.
And if the the users if we don't have a mechanism for the user to regularly, you might say, prune their social graph, then all we're doing is kind of building up bad data. And so that as far as, like, not fragmenting it, like, I think that's a commonly overlooked thing. It's like, not only do you have to build the social graph, but you also have to make sure the social graph is pruned. Yeah. Because there has to be, like, a common denominator between use cases,
[00:10:44] Unknown:
and not spam is that common denominator. Right?
[00:10:48] Unknown:
But don't you trust different people for different things? Like, is it inherently fragmented, though? Well, I think the the not spam part is not necessarily fragmented.
[00:10:57] Unknown:
It's that the social graph is a kind of that's where the, like, the annotation sort of should take place of
[00:11:04] Unknown:
the the groups. Yeah. I I I think there's, there's a belief that you can have, a very explicit fragmentation where you say, I explicitly trust Matt with regards to the Bitcoin topic on a scale of 0.97, and that's just not how people work. Like, our brains don't work that way. So you can you can infer kind of weights in this way, on on certain topics by analyzing activity. Like, I listen to our HR. So, like, that that could be an activity that can go into, okay, how much do I trust Mari and Matt with regards to to the Bitcoin topic? So I I think that's where the fragmentation idea comes from where people are not going to go out of their way to create all these attestations of and and wait on on on topics because, yeah, they'll go stale. Like, maybe I'll say, yeah, I try stew on this topic this amount, and that changes, but I never update my my attestation.
[00:12:06] Unknown:
Yeah. That's the I think that's exactly what to remember. It's like the best example of this would be like a, attestation or a web of trust for something like journalism. Like, how much do I think this person is truthful? Or do do I think they're lying or something like that? And it sounds really useful. But we just have to be careful of the fact that if we make that any explicit data, we can definitely you know, you can create apps to generate that those, social graphs and generate those trust scores. But we also have to be careful that we those things have to be updated or maintained. Otherwise, we just generate everyone gets a 5 star rating, and it never, you know,
[00:12:41] Unknown:
the review never gets updated. That that's why those of the station must be the byproduct of actual interaction. It it it's gotta be inferred from something that I'm doing on my daily life, not going out of my way to score my friends on how much I like them that day.
[00:12:56] Unknown:
Yeah. Exactly. And it becomes extremely complex as if you were to do this trust at the station. I think there is a NIP, like NIP Yeah. NIP 87, 89. Don't remember. And, yeah, if you do it once, like, okay. Trust Pablo about inclining on a scale from 1 to 100, like, 89 or something. But then once I do this for 100 people, then it becomes difficult because, I want those ratings to be, like, consistent with each other because I trust him more than Odell in climbing. It becomes super complex. So, yeah, I totally agree that it should be a byproduct of user actions. Which one is, like, follow? Another is mute. Another is zap. With zap, it's a is a bit tricky because you to to say that it it is a signal, you have to be sure that the sender and the recipient are not colluding, for example. They are not the same person. Otherwise, there is no economic value moving. Or aren't zaps just not verifiable? So
[00:13:57] Unknown:
we shouldn't have really put too much stock in them anyway. Not subs are, though. Very true. Such subs are. I mean, I guess you could use, like, a web of trust to decide if zaps are worth it or not to count just webs on top. Like, there is no web of trust. Right? It's webs. There's many different webs. Right. 1 there is just one mempool. It's Wiz's mempool. But okay. I mean, where do you guys wanna go with this conversation? I'm I'm you guys are like prolific here. I'm just I I feel like the entertainer. I feel like this graph,
[00:14:31] Unknown:
whatever we're calling it, is like maybe the most important, kind of thingy that's being sort of the art it's like an artifact that's being precipitated by all the activity on the Gnostr network. Like, like which I think that's what you like that what you said just a second ago about, like, demonstrating trust. I think it's actually kind of like a pretty deep point because you you actually have to like do stuff to demonstrate trust. Otherwise, like like what does it mean to trust someone? Like, you you like if if we were not all like scrolling on our phones experiencing the possibility of getting spam, why would we follow anyone? Or what do we mean? Or we can take a survey but then like like you're saying like it just is static at that point. So like if the trust is kind of like a reflection of some type of action. So all this action that's occurring, it is precipitating this type of web of trust in the world which is like, I I think it's I I sometimes I say I think I don't know if this I think this makes sense to say that the web of trust is deflationary in a sense, where like if you have an artifact like perfect example of this is the ogcowsurfing.org, which is now being built on No Striff, fun fact, which I'm like excited about but, that was a perfect example of a bunch of people who did a bunch of stuff that was risky, which was stayed at each other's houses and then they created like a digital representation of that and it was this big data set and it was economically deflationary because people could go to a city and stay for free.
And like what's really optimistic about Nostra is that this web of trust that's being precipitated is similarly deflationary but it is unkillable. It's like a ratchet. It just keeps growing. So like, you know, I you you can probably apply that notion of deflation to like social stuff too, like you don't have to be as worried that people are gonna rip you off. So you could, you know, so so I think that's like that's what worried that people are gonna rip you off. So you could, you know, so so I think that's like that's what Nostra is doing is like this web of trust is exportable from Nostra. It is not something that is only relevant to Nostra. It's relevant to the world, you know. It's quite quite interesting. I mean I feel like that's the key. Right? Is like webs of trust is not a new
[00:16:38] Unknown:
concept. No. 1000 years ago. The the biggest issue historically has been creating a robust, distributed, censorship resistant one. Like, all the successful ones have always been incredibly centralized. Things like eBay reviews or Airbnb reviews or Uber. Right? But actually having it distributed and not controlled by a single entity is the key here, and Nasr unlocks that. And I think what a lot of people, fail to realize is there's a lot of it it kind of feels like blocked like the whole blockchain thing all over again. I mean, I I know a lot of us are Bitcoiners, so we look at things with a bias, but it's like, I don't like Bitcoin, I like Blockchain. Right? And it's like you need the token. The token needs to exist for the Bitcoin system to work. And with Nasr, like, everyone's like not everyone, but there's a lot of people that fade the social media aspect, but say I will want the other stuff.
And the social media aspect is the bootstrapping mechanism that even makes this possible because it's incredibly boring to, like, build out a distributed web of trust or multiple webs of trust just to do that. But it's not boring to shitpost or post memes or, you know, rage at someone online. Like, that's the cool part. So in practice, let's let's try and take, like, pull back a little bit. Let's let's go to, like, how how this would actually work, practically speaking. And and that I mean, we've we've already kind of mentioned it with with spam. We've already kind of mentioned it with impersonators. But, like, if you were we'll we'll go to you, Pablo. Like, if you if you were gonna, like, build a client, that tried to stop spam from happening and you were gonna use a web of trust, how how does that look on the user side? Like, how does the user interact with that, and how do you remove yourself from the equation of being the developer choosing, you know, having too much control? Because one man's spam could be another man's censorship. Right?
[00:18:42] Unknown:
I mean, the what I what I include in every single client that I that I build is, when you log in, it fetches the people that you follow. It fetches your the people that you mute, and it fetches the follows of the people that you follow and the mute of people that you mute. And I then just compute a score. For all the puppies that I know, it typically, like, a normal account ends up with, like, between 20, 25, 30,000 puppies that that I've scored in some way. And then I can just go to global and and I can look at all the notes, all the events that are coming in. I I can just filter out the ones that fall off of this way of trust. So for example, one of of the clients that I wrote where this was super relevant was, WikiPhreeda, which is like a Wikipedia, implementation of of Nostr, where for ideological reasons but also for technical reasons, there cannot be a canonical entry. You cannot go to what is the entry for Riga, because who should I ask? What where is the entry for Riga?
You have competing entries for Riga. So there might be 20, 50 different, entries for Riga, and I sort them by by the proximity of the of the people that have written the the entry. And there can be explicit at the stations because I have the concept of forks. So maybe I go and I see that Matt wrote something, Audriga, and I want to make a modification. I fork his entry, and I can change it. So maybe he says, oh, Pablo's entry is better. So I'm going to point my entry to Pablo's. So now my entry would have my score and Matt's score. So if you follow both of us, it's it it might rank higher because of that.
But someone else might come in. They are whatever, into Cardano or whatever, and they will have a very different world of trust. And they might see a different view of of Riga, and they might see a different view of of all these different entries. So as a developer, I don't have a say on what content you're going to see, how things are going to to look, what things are going to be spam. It's it's all going to be from your point of view.
[00:21:11] Unknown:
Yeah. I don't like, honestly, that score. Is it correct me if I'm wrong, but it is is it is similar to the the.
[00:21:19] Unknown:
Right? It's Kinda similar. You you mean the the display?
[00:21:23] Unknown:
The the score behind,
[00:21:25] Unknown:
left next to the entry in Wiki Free. Yeah. Yeah. The the score is displayed for dividing reasons, but I I disagree, and I actually also told to Huddl about that. I don't think scores because they are you see a number next to an entry, and that number means
[00:21:42] Unknown:
basically nothing. So And how should you display it? What's that? How how what's a better way to display it? Yeah. I would dis because a number is,
[00:21:50] Unknown:
summarizing that people to a number, and it is a bit prescriptive and not descriptive. So it's it is simpler to view my, my mind in another example, which is like anti impersonation. So I click on the profile. It it is, Lynn Alden, or that that's a display name. And then I would like to see the faces of the people I follow that also follow that AMP hub. And not But it's, like, a bunch of impersonators
[00:22:19] Unknown:
of the people you follow are all following the impersonator. Like, it's just impersonators following impersonators.
[00:22:25] Unknown:
No. No. Because it's, it's based on on me, basically. So I follow you, and you follow that and Pub, and so I see your profile there. Oh, okay. And this this way so, this is, I think, better because in some context, your opinion might be worth more or less than some other opinion. So for example, we might be talking instead of profiles. We might be talking about apps. For example, a great example is Zapstore, and Zapstore shows faces of the people you follow that also follow the signer of the app. So for example, if from those faces I see, let's say, MBK, and we are talking about, or Craig Roe, and we are talking about, Bitcoin Wallet, his opinion, in my mind, will wait more. But there is no way to, like, quantify that with a number or at least the client that doesn't know which opinion I have of those people.
But there is no need to summarize that. We can just show the faces, and I intuitively would know who to look for without having to summarize that into one number. You just have to see faces, and I think it's more natural. And, also, it ties more in what people are used to do, like, in mid space. So, for example, when you don't know nothing about something, maybe about cars, you have no idea, like, yeah, maybe it comes to your mind that you have 3 friends that know about cars more than you do, but you don't think any numbers. You're thinking, what people should I ask for better advice or better, yeah, information about the topic.
[00:23:59] Unknown:
And so, yeah, that makes sense to me. I mean, we see that in a lot of centralized apps do the like, Twitter has that where you see the little pictures, and it's very intuitive. What are your thoughts on I it's kinda interesting. Right? Because there's there's and maybe it's also a product of the fact that Noster is so early, and it's so young in it in its life, but, there's a balance between how do you technically make something possible, how do you give a user sovereignty and and power over their own, situation, and then how do you display it to them in a relatively little friction way? Because if you add any kind of friction, if you add power user things right in front of someone's face in the beginning, they probably just won't even use the tool in the first place.
But I'm curious. So what's your opinion on you know, in a perfect world and we're way down the line, it's like everyone already has, like, their social graph and stuff on Noster, and and it's a different situation. But as new people are joining, how do you how do we attempt to mitigate the impersonator problem, for that new person who's joining? Like, they they don't have a social graph yet.
[00:25:13] Unknown:
Yeah. This is a good question. Like, the bootstrapping problem if you're new and you come in and you don't know who to trust at the beginning at first. What you can use is some well, obviously, you're never going to use, followers count because that can be faked. So there can be for I I like the idea, for example, of proof of work keys as a first introductory step, but not necessarily in that way because proof of work keys are, the UX around them is terrible because you have identity creation. You have to commit energy to create that key that starts with a certain number of zeros.
So that UX is terrible, but what it shows is that there are certain AMP apps that have more skin in the game, that verifiable skin in the game, and that is a good place for initial bootstrapping. So if you know nothing about who to trust, you can start, assigning some low level of trust of people that have skin verifiable skin in the game in in terms of these proof of work keys, for example.
[00:26:22] Unknown:
I I have a very pragmatic approach. I just use my pub key. It's, like, literally
[00:26:27] Unknown:
You use someone else's pub key? No. Literally mine.
[00:26:30] Unknown:
Like But I mean, obviously, you do. So if someone creates a new pub key They use your They pub. They it doesn't it doesn't have any followers. Yeah. So it just fetches my word of trust and uses my word of trust. Because I, like, I know that, like, they're already using my software. I know that I'm not fake. Like, I'm not spamming.
[00:26:51] Unknown:
So just that. It's it's, like, a very, very trivial approach. You know what'd be cool? Is is if you could create an invite link to Nostr that was based on your social graph. So you could be like, hey, like, Nostr, that you should join Nostr, and then you just send them a link and it's like it imports your followers.
[00:27:10] Unknown:
That'd be cool. I think isn't like Manny working on something like that? Meet Me on Nostr?
[00:27:16] Unknown:
Yeah. There are there are 2 two projects that I know of that are working on that. That's that's 1, Nostr dot me. It's it's also has like the same idea where, like, you set up the profile for Right. And you can, like, leave You even pick the relays and everything. Everything. Yeah. Yeah. The cool part with, like, the invite idea is that,
[00:27:37] Unknown:
you only need one connection before you start building your own social graph. Like, it is a little bit further removed. But if I only followed like Pablo, then at least when I compute my social graph, it will be one person, Pablo, plus all of his followers. So it scales really quickly, even with just one person. And then, so maybe that's like maybe that one person is just a friend that introduces you to Noester and they have at least a few followers. And, like, at least you start you just have to go a few more layers out on the web of trust to get a decent number of, like, reputable people, you might say, or not
[00:28:13] Unknown:
spammers. Yeah. That makes sense to me. So, Stewart and Hazard, you guys have been working on Blossom. Right? So Blossom is this this idea of of of trying to, tackle the the media problem from different angles, whether that's it could be any file, but, like, video, photos. We we're we're entering this world where you're gonna have more and more AI deep fakes, where you have more and more situations where, you don't know what's real. We're already kinda there in just like this post truth environment. So, I mean, I guess we'll we'll throw it over, to you, Stuart.
The like, how do you think about webs of trust mixed in with something like blossom in terms of people because I think that's something that people can actually tangibly realize as a benefit early on, like, in the next 6 months to 12 months. Like, how is this is it is this video of Donald Trump real or not?
[00:29:13] Unknown:
Yeah. So so I think that, like, Nostra is a very weird, special, exceptional, instance where we have the opportunity to build data infrastructure on top of a social graph, and that's very backwards to normally how it goes when you try to create some type of network, particularly a peer to peer network, is you usually start with, like, you know, like, data infrastructure, like IPFS. But the problem with IPFS is that it's not a social network. There's no notion of identity of, like, credibility. And so it doesn't work because everyone connects to everyone, and and it's just slow, and it's unworkable. So noster is a weird thing where we've kind of, like, memed into existence a social graph sort of thing. So, like, it's enough now that we can build we can kind of leverage that to decide or, like, you know, to make possible certain things such as, like, if you want to host and precache people's data. Like so the thing that me and satellite, me and Hazard have been working on is I'm gonna I don't wanna just tell you guys. So we we've been building this, like, like, satellite.earth has just been a web client for a long time, but we're doing, like, a new thing that's like a desktop app. So the idea is is a bunch of edge devices that act as kind of like a deep web of Nostra, and each person's node, as it were, pulls in, scrapes and caches the data that you care about which is by default the data that's in your that you the people you follow. So blobs and events.
So the kind of the high level view of this is you have clients the way I'm thinking about is you have like clients like, you know, like mobile apps or whatever like, Oracle or Primal or something. They are, clients of relays and their clients of Blossom servers for events and blobs respectively. But the question is, I think, is worth asking, what are Relay's clients of? What are blossom servers clients of? Like, where do they get data from? It would be cool if they could be a client of a deeper layer because right now the only the only the only way like, CDN blossom servers or events or relays get events is the only way they get data is if people blast data at them. So that kind of works, but it would be real it would be really nice if you could sort of, like, pull data up from a deeper layer and put it on a Relay or a blossom server to blast it to clients. And that way clients don't have to do with crazy peer to peer stuff. But that wouldn't have been possible to do that without this web of trust because if you didn't have a notion of people who weren't spam, you couldn't have this nice thing of edge nodes that automatically pulled stuff in because you'd be pulling in giga terabytes of garbage constantly.
[00:31:59] Unknown:
So that's a very concrete example, actually, I think. And, yeah. Blossom is you you talk about it, Hazard. You know more than me. I mean, there's, like, implementation side of it, which is more technical, but I'd say, like, the core of the Blossom idea or the idea of my my goal with Blossom was just, when you start signing hashes of the files. But the file no matter how the file gets to you, like, it can come over HTTP. It can come over torrents. It can come over IPFS. It can come over anything. But we need a unified hash, and we need to sign the hash in the note. Because otherwise, if you don't sign it, you don't know what you're getting. Yeah. And that that that unified hash is effectively an interface.
[00:32:38] Unknown:
It's an interface to blobs that apps that encapsulates the insane complexity of peer to peer stuff. And that is why, like, it's, like, super smart not to start with the peer to peer stuff, but, like, some notion of federation like Mastodon has is pretty cool as long as clients don't have to interact with it. You know? As long as it's like hidden under this little layer of the blossom spec and no and in IP01.
[00:33:00] Unknown:
Yeah. And the cool part is like to bring it back to, like, Webber Trust is it's kind of the same thing with a Webber Trust and a social graph is because you can't connect to the entire Internet, because you can't plug into the entire Internet, you need a starting point to know, like, what do I actually not what do I want to plug into, because that's the user's decision. But what do I plug into for the user? What is the user's starting point for what they find valuable? And that maps onto a whole bunch of stuff, like event transmission, or like blob storage, file storage, or even just like recommendations or anything else like that. So where do you if you can't plug into the entire internet, where do you start?
[00:33:41] Unknown:
But so you have with the with the hash, the hash is is to be able to validate integrity of a file, basically. Right? So you have this hash, and you're able to see if it's changed over time. The signature is essentially an attestation by a specific end pub or whatever saying, this is the file. And then on top of that, there is presumably, there could be many people that are just changing that file and then resigning it themselves with a different hash because they changed the file. So then you would you would need some kind of web of trust that's like,
[00:34:18] Unknown:
this is like the actual this one is the real one, and this one's the modified one. Right? The cool part with the hashes is, I mean, you can't unless you find a hash collision, you can't fake the hash. So Right. What you get, as long as you can get it, is what you're looking for. The way the web of trust were maps onto this is how do you get it? That's the difficult part. Because again, like, if you have this file identifier, if you have this this unknown file that you want, so let's say it's like a 10 gigabyte movie or something, like, how do you find it? It's on the Internet. You can't plug into the entire Internet.
So I found, like so if I it came from you or it came from a podcast or it came from somebody one of somebody I follow. As I mentioned before, like, the web of trust kind of signaling where you start plugging in, it can do the same for fetching data. Similar to how we fetch events where you just you're like, I'm looking for this file. I have no idea where it is. So instead of searching the entire world, I can start with my web of trust. And even better if I knew who the file was from, but I can start with my web of trust, and that narrows down, you might say, like, the search space for trying to find that one hash or that one file. It narrows it down considerably than trying to, like, you know, start pinging every single file server on the internet.
[00:35:35] Unknown:
So so just to give more perspective, this maps into the the outbox model because it's the same idea of, I want to see your Stu's notes, to which really should I talk to to get his notes. For this is, I know that that that has our published file with this hash ID. From what from what blossom server should I get it? I will query for the list of blossom servers that he uses. And now instead of having to just randomly query a bunch of different servers for this hash ID, I go to one of these 3, blossom servers that he uses. And one cool thing is, you uploaded, a file to to, one of your Blossom servers.
He wrote a blog post linking to that file, explicitly linking HTTP blah blah blah, linking to that file. And that that blossom server, he deleted the blossom server. So now that that that blog post that he wrote now has a missing file. It the the link is broken. But now you can query for the blossom list that he uses and you can fix the the link. And it it when you do it for the first time, it's like it's magical. Within a second, you see you get a 404 or whatever. Like, you cannot connect to the server. And you go to the next server, query for the same hash ID, and you get the file. And it's super magical.
[00:37:01] Unknown:
Beautiful. Guys, we have,
[00:37:04] Unknown:
a few minutes left. Let's, just wrap it up with some final thoughts. We'll start with you, Stuart, and move down this way. Well, to wrap it up, I I like to think of Nostra as like the hydra, like the mini headed snake. You know what I mean? Like, you chop off one head and like a 1,000 more just like pop up. I think that's what is kind of, you know, the model that we should use to think about resilience is that there has to be some sort of base level from which all these snakes spring up, like whack a mole. You know, so like like Pirate Bay in 2010 during the golden era of getting their domain name, deleted by the government over and over and over again was the fact that they just had a giant database of torrent files and those torrent files were just metadata that referred to a bunch of stuff. So as long as it exists on one person's computer, it can always, like, spring up and you can upload it very quickly to as many blossom servers and as many relays as you want. So, Yeah. Gnostr is fundamentally an unkillable, un undeletable medium and the rest the other problem is, just how to deliver that data. But fundamentally, I I'm extremely bullish on Gnostr because I sort of suspect that in, like, the kind of like, post truth era of not really being sure what's real, the ability just simply being able to digitally sign something at all and refer to some type of source of signal about whether or not this is real is going to move probably move the needle more than anything else. Especially, you know, like, when AI impersonation becomes like more widespread, you know, people are going to like can absolutely freak out when you see, like, a video of yourself or something on the Internet, and it's, like, how do you know? So, like, the this this digital signature thing is, like, a safe harbor in that storm, and, that that's probably gonna drive a lot of people in Austria, I think, personally.
Yeah.
[00:39:05] Unknown:
Yeah. Yeah. That that part is super important. Like, knowing not not what's real because that's too much, but knowing who said what. That that's good enough for most things, and I would say that the fact that we are moving towards I think we are moving towards a world in which, as Odell says often, like, the post truth world where you don't you don't have to have consensus of what's real. You kinda come to your, understanding of what is real, what is truth, what is coherent with your vision and that of your community. And, yeah, the social graph is is a tool that we can use, very, very powerful, and, we no one was able to use such a tool before because it was only developers of the comp of social companies that have the ability to use it. So, obviously, with the such a power comes also the responsibility that we can do and should do should build something which is better and more sane than the world we are living, and this comes from, establishing principle that makes sense in the context of the post truth world where you don't go out and tell others what they should believe, but you give them tools so that they can decide for themselves what to believe, what to think, what to what to, yeah, what to think.
[00:40:28] Unknown:
Yeah. Like, that's I don't think I can extend that. Like, the only thing I gotta say is is that, we built there has been a lot of crazy experimentation done in the past. I mean, I for me, I've only been here, like, a year or 2, but supposedly, there's a lot of crazy stuff being built before that. I remember the early clients, but there's a lot of crazy experimentation being done. There's a lot of even the cryptographic stuff will work that's being used on the network. It's crazy that users are actually using cryptographic keys on the Internet now. But I think the craziest part is, like, we we finally have an open social graph on the Internet.
We finally have data that nobody owns that is extremely valuable, and that applies to so much more than social. Like, maybe it's not a trust, as you said. Maybe it's not it's not strictly trust, but it's a starting point that can that can start like I said, in the era of where, like, the AI is just gonna start flooding the Internet with so much either misinformation or just noise, it's a starting point to start browsing the internet again instead of trying to filter all the noise out. And that's going to be it's going to be huge.
[00:41:36] Unknown:
Yeah. To to to that point, I I think the, navigating the Internet via will of trust will be it's kinda why it's titled like this, the the talk. It it will be the only way of making sense of things because as like, AI is such a perfect forcing forcing function to to adopt these, these schemes. It it it there will be no other way. It it simply will not make sense to consume data that is not signed. Like like, in 50 years, they would be like, what do you mean the Internet was not signed? Like, what the fuck are you talking about?
[00:42:11] Unknown:
Damn right. Thank you all. Can we get a huge round of applause for these gentlemen?
Introduction and Setting the Stage
Webs of Trust: Concept and Importance
Social Graph vs. Web of Trust
Challenges and Practical Applications
Building Trust in Nostr Clients
Bootstrapping Trust for New Users
Blossom and Media Authenticity
Final Thoughts and Future Outlook
