Nostr 10 Days Later: It's Good Now
I spent the day playing with nostr again and wanted to give a brief update from this post about 10 days ago.
It is quite likely that all of this would have been possible 10 days ago, but at that time I had only spent a short while on nostr, and mostly before the spam started. Once the spam began in earnest, and once the Chinese WeChat QR code spam started slowing down my browser to the point of being unusable, I gave up for a bit. I went ahead and logged in again today with the goal of setting up an account for this alias. (Previously I was just using a throwaway.)
The first thing I noticed right away was that the spam had gotten much worse. Not only was my feed full of WeChat QR codes, it was also full of Chinese porn. Not a great start, to say the least. After asking around a bit, trying some more clients (both web and mobile), and getting some great tips from other users, I now have a very usable nostr setup.
Getting Started on Nostr
The first thing to understand about nostr is that there is no one server or platform you must connect to, and there is no one website or app that will connect. It’s not like you go to “nostr.com” and click “log in”. It is an open protocol, much like Bitcoin. There are servers, called relays—think about Bitcoin public nodes and timechain explorers, for example. There are apps, called clients—think about Bitcoin wallets. I’ll stick with the nostr terminology, but keep in mind that relay just means server and client just means app—whether web or mobile. You can (and probably will) use more than one relay and more than one client.
Clients (Apps)
The clients that I have personally found to be quite good are:
snort.social (Web)
iris.to (Web)
nostros (Android)
amethyst (Android)
For iOS, the de facto winner seems to be damus. I don’t have an iOS device so I can’t personally attest to it, but it is highly recommended by just about everyone. There are a ton of other clients for different platforms, a few dozen of which can be found listed under “Clients” at nostr.net.
When you open a nostr client for the first time—most likely either an app on your phone or by visiting a website—you will be asked to input or generate a key. If it’s your first time using nostr and you are just looking around, you should generate a key and copy-paste it somewhere. This will be a secret key that only you know, and knowing this key is effectively the only way to prove your identity on nostr. You should keep it secret if you want to maintain ownership of your identity. You will also get a public key, which is what you should give out to other people who want to follow you. The secret and public keys are easy to distinguish now, because most clients have adopted a standard format: secret keys start with nsec1…, and public keys start with npub1…, both followed by a long string of random letters and numbers. Back in the old days (i.e., 2 weeks ago), before the nsec1 and npub1 formats were widely used, it was impossible to know which keys were secret and which were public just by looking at them.
It is important to understand that a secret key generated by a random website is not likely to be very secret. Once you have experimented and had a bit of fun, you should generate a key in a more secure way. For now, personally, I generated a key myself offline with some code. However, if I were going to use an app to generate it, I would use either one of the phone apps or the Alby browser extension. Alby is a very neat extension that integrates a variety of Lightning wallets together with nostr identity management. If you keep your secret key in Alby, you will not need to enter your secret key on any nostr client websites. You can simply connect the web client to the extension, and the extension will sign messages on your behalf. To the extent possible, Alby does everything on-device and encrypts your keys before saving them. That’s about as good as it gets for in-browser secrecy.
So if you’re doing this on a computer, it’s rather straightforward: install Alby, and then use Alby to set up a Lightning wallet and a nostr keypair. Then simply browse to a web client (like snort or iris) and use the “log in with extension” function to get started. The Lightning wallet will come in handy, since many clients now have a little ⚡ icon just next to the 👍 or ❤️. Click the ⚡ to zap some sats over. Yes, “zap” is the nostr word for sending a Lightning payment through nostr.
It will also be useful to have an existing Lightning wallet with a few sats, or to send some sats to the one you set up for nostr. Besides zapping sats to other people on the platform, there are two other things you might want to consider buying. Both of them are payable only with sats (at least for the moment, as far as I know).
The first is a NIP-05 identifier. This is something that looks like an email address, for example yourname@nostrplebs.com. This makes it easy for other people to find you without your long, random npub1 public key. It also makes it less likely for people to impersonate you, as there will only be one user with that identifier. (Of course, someone could register the same name at a different domain and try to impersonate you anyway, so it’s not a failsafe.) The NIP-05 identifier “email address” is optional. It’s a nice-to-have.
The other item is mandatory. That is: write access to a paid relay.
Relays (Servers)
If you read my previous post, I stressed the importance of recognizing that you always pay for something. Whether you pay with dollars, sats, or your own eyeballs and sanity, you’re going to pay in the end. A paid relay will provide you with a stable connection, reassurance that your data won’t be arbitrarily deleted or removed, and most importantly, a spam filter. At this point, it is worth understanding a little bit about how nostr works. Paying for a relay does not mean that your data is locked in to that relay, or that you will only see content from that relay, etc. The fact is that it costs money to operate relays, and free relays will only be able to provide so much. Free relays will always have less reliable connections, slower speeds, and more spam than paid relays. (Either that, or maybe they will be ad supported.)
In your nostr client, you should find a settings screen to manage relays. From here, you can choose which relays to connect to, whether you want to read from them or write to them, and whether or not you want to see the global feed from that relay. (Not every client has every option, and there may be other options not listed here.) Importantly, you want to make sure of the following settings:
You are writing data to at least 1 paid relay and multiple public relays
You are reading data from multiple paid relays (you pay to write; reading is free)
You are not reading the global feed from any free relays
Free relays are completely full of spam. The global feed on these relays is beyond garbage. I strongly recommend completely avoiding the global feed on a free public relay. It’s not necessarily NSFW or anything like that, it’s just an endlessly scrolling wall of garbage.
Here is why these settings are important: by reading data from paid relays (especially the global feed), you ensure that you are not going to see nearly as much spam. Users that have paid to write to a paid relay also do not want to see spam, and so they will also avoid reading from free relays. Of course, this means that if you want your posts to be viewable, you will need them to be on paid relays. So you need write access to at least one popular paid relay. You can read from most or all of the paid relays for free, so even if other people have write access to different paid relays, you can all communicate together. It’s kind of ingenious, but that explanation sounds a little bit complicated so I will break it down:
I pay for the nostr.land relay and enable this as one of my “write” relays in settings.
You pay for nostr.wine relay and enable that as one of your “write” relays in settings.
I want to follow you, and see that you are using nostr.wine. So I add that as a “read” relay in my settings.
You want to follow me, so you similarly add nostr.land as a “read” relay in your settings.
What happens is that my messages go to nostr.land, your messages go to nostr.wine, but each of our respective client apps is able to find all of the messages in our conversations by pulling them from both servers as necessary. I can still read messages from your server for free, and vice versa for you.
It seems like the best place at the moment to find paid relays is the relay exchange. If you have any questions about the relay, the operator’s npub is listed on the website. You can simply @ an npub just like you @ a handle on Twitter or most other applications, or you can browse to their profile and see if they have already answered your questions. Paid relays currently cost between a few hundred and a few tens of thousands of sats. I don’t know what all the differences are between the low end and high end, but you can ask the operators yourself if you would like to find out. I just picked a mid-range paid relay (in the 5,000 sat range) after reviewing a few different operators to see who I thought might be reliable. And the great thing, of course, is that if the paid relay turns out not to be so reliable, all of my data is backed up to a few different relays (in my case, a few popular free relays) so that I can recover it at any time. For the moment, the 5,000 sat fee appears to be a one-time fee. I don’t know if there will be recurring payments needed in the future.
Wrap-up & Step-by-Step
For a good and relatively secure user experience on nostr, if you’re just getting started, here are my recommendations (to do in order):
Dislcaimer: DYOR! I take no responsibility for any problems that you may run into, these recommendations are just the things that worked for me.
Set up a Lightning wallet. Ideally, you might one want that can connect to Alby. If you don’t run a node, bluewallet is simple to set up on a phone and works with Alby (but can’t receive zaps). You can also just use Alby’s own wallet directly (but there’s no mobile app). Feel free to download different wallets and try them out to see what you like. You might need to use more than one, and that’s OK.
Put at least $1 worth of sats on your Lightning wallet. Add more if you would like a NIP-05 “email-like” identifier or multiple paid relays. At time of writing, a NIP-05 identifier @ nostrplebs.com costs 12,500 sats. There are other websites offering registration, but I am not familiar with them. You can also use your own domain name for free, if you have one.
Generate a secret/public key pair using either a phone app (damus on iOS; nostros or amethyst on Android) or the Alby browser extension. Keep your nsec key secret, and don’t type it in to any random websites, even if they are nostr clients. Only put it into Alby or the app on the phone. Share your npub on Twitter or wherever you used to do social media.
Pick a relay from the relay exchange and pay for it (using your Lightning wallet), putting in your npub so that the relay will know who to look for and allow on.
Try out snort.social and iris.to in terms of web clients. There are tons of options, I just think these two are good. Try some other ones, as long as they can connect to Alby. No matter what, do not enter your nsec into a client website. Your nsec only goes in Alby, phone apps, or secure environments like encrypted password databases!
Set up the relays on your client. This part might be tricky, but follow the 3 settings I laid out above and you’ll be fine. For deciding which additional free and paid relays to use (for write and read, respectively), check the relays that some of the people you follow are using and pick a few common options, and maybe a few uncommon options. I use 1 paid relay (read/write; this is the only one I paid for), 6 additional paid relays (read only; unpaid), and 3 free relays (write only). That’s a total of 10 relays, and for the moment it seems to be working quite well.
This is not a great set-up experience, to be sure. It’s a high barrier. As I mentioned in my previous article, I think the whole thing is still many months and maybe even a year or more away from being really usable for non-tech-savvy people. And it may never get there in a sense, because things like private key management and Lightning wallets will always be a barrier that simply isn’t there for Twitter or Facebook. That being said, the work is happening really fast. Things have changed a lot in the last month. Clients are getting updates multiple times per week. Secret and public key formats, identity registrars, paid relays, spam filters, Lightning zaps… and these is only a small fraction of all of the work and features that are being added.
Welcome to Web 5, I guess? Follow me at npub1max2lm…fs7eqgec4et. See you on nostr.
(P.S. You might notice my pubkey starts with npub1max2lm. You can mine a pubkey prefix with nostr-pubminer if you’re OK with basic command line operations. And yes, that’s an L, not a 1. Bech32 encoding does not support any 1s after the human readable prefix, e.g. npub1 or bc1 in the case of Bitcoin addresses.)