A

Hello and welcome. This is Gabriel Custodiet of Watchman Privacy Privacy practitioner, consultant, author and frontline fighter in Push for Privacy. I know why you're here. Like the rest of us here in the Resistance, you're trying to escape the technocratic apparatuses that you see enveloping you and crushing your freedoms. That's why I created all of this, all without sponsors. I hope you enjoy this show. But then when you're ready to take the next steps to secure your privacy and your future, Visit my website, escapethechnocracy.com to start the real journey. Your support alone determines the future of the show. See you there. Editorial note here. This episode was recorded in the summer of 2025, so around a year ago. Yeah, I apologize to my guest for that. I sent him this episode. He said the information is still good. If there's a little technical thing in the instructions that is a little bit off, well, it's still probably pretty close. And overall the information is still good here. Another thing, why don't I have a NOSTR account at this point? Well, NOSTR is this tool, as we'll get into in this discussion. It is a social media protocol that is decentralized, that is difficult to be censored. Most of the stuff that I talk about that would be censored is on escapethetechnocracy.com these days. I don't do too much social media in general, so I just haven't gotten around to it. The bitcoin community surrounding it. These are not exactly the discussions that I tend to enjoy having. So there's a few things that have slowed me down and I just haven't gotten around to it. So that's my reason for having a not. Not having a NOSTR account. So anyway, here we go onto the show, even if it is one year later. I'm very pleased to be joined by Max Hillebrand today. And be careful, Max. I think we just had all the. All the samurai people have. Have turned off at this point. But ladies and gentlemen, we're not talking coinjoins or samurai or wasabi today. We're going to be talking about NOSTR and some other interesting things pertaining to social media censorship, resistance, social media privacy and social media and such. So NOSTR is going to be our main topic. Pleased to be talking to him. Max Hillebrand, how are you doing today?

B

Yeah, thanks, Gabriel. I'm excited to be back on the show. I really love the recent episodes that you're uploading. They're as always, super exciting and yeah, I'm glad that we're now filling the feed with some Nostr based content because, you know, I think the money problem is to a large extent solved, at least fundamentally, right? Sure, we can fine tune a whole bunch there and that's nice, exciting work, but we can have something that's a bit more novel to work on. And so that's where Nostr comes in. Right. Really a protocol for publishing information, very broadly speaking, and retrieving that. So it's of course an important part of the human existence. We talk with others privately and publicly, much more than we send financial transactions to and for. So it's high time that we get a cypherpunk as fuck tool in this category.

A

There we go. Obviously, Max, having listened to the show and I appreciate you listening, you realize we haven't talked about Nostr this whole time. So hey, it's time to bring it up. And who better than Max Hellebrandt who kind of guide us through some of this stuff. And we ran into Max in Riga recently and it just reminded me that, hey, let's, you know, get, get him back on the show. You had suggested Nostr. So let's get into it. And I'll just say from the start here, Max, that I haven't messed around with Nostr. I'll be perfectly honest. You know, I, I, I know the concept played around a little bit around the edges, but what I'm going to do is I'm going to leave it entirely in your hands to convince me today whether I will ever use it. And this is going to be a lifetime decision based on your responses in the next 45 minutes or so. So no pressure. Although I hope the audience will also follow suit with me and make their decision entirely based on how convincing Max is in the upcoming bit of time. Maybe just before we get into that, Max, you're, you're a very interesting guy. Maybe we could describe you as a techno nomad because you're one of these. Maybe we call you an OG person in terms of traveling around, using Freedom technology, being a digital nomad in a certain sense. We discussed these things in our first episode. Your writings on this topic and your interviews and such have influenced a lot of people, including people on my team. So maybe you could just, you know, give us an update. You know, what are you up to? Anything you're proud of discovering or having solved recently. Any, any revelations like, how's your life going these days?

B

Yeah, one of the books or series rabbit holes that really inspired me on this journey was Vanu the concept of being vul voluntary and not vulnerable by an anonymous writer called rayo in the 70s. And he came up with this metric of success for how free is your life, called the mean time to harassment or when was the last time that you were stolen from? It's a really interesting metric. And the way that he improved this metric initially was to live in a truck, in a van and travel around the wilderness, mostly also cities. And he realized that this was a massive increase in his personal freedom and this van culture, van life is a common thing. So not just cypherpunks and crazy people do this, but all types of individuals who want to live a cheap and free lifestyle that provides a lot of opportunities. And so I really double down on that together with just going radical in building Freedom Tech and haven't looked back since. I can very much recommend living in a vehicle. It's a very affordable way to get your own space and you can carry that space with you. And it's a temporally autonomous zone that you can place anywhere on the continent, basically. And within a day of driving, you can be almost anywhere. So that really helps you answer the question of where do you want to wake up in the morning? That's something we usually don't ask ourselves. But if you have that degree of physical locational independence, then this is really a worthwhile question to ask. And ultimately I chose to spend my time with people who are building Freedom Tech.

A

So what's an average day for you? Like, Max? Just give people a little bit of a snapshot for People are just grinding the nine to five in the city they were born. What's an average day like for you?

B

Not going to the office, not stuck, and not being stuck in traffic, which is great. And you just have the office with you wherever you go. Nowadays you can get an incredible amount of done just with your phone and with a laptop and yeah, some physical activity, some touching grass, a lot of reading and helping multiple projects succeed. So I'm not a developer, so I don't actually sit down and do the actual work of writing the code. I do all the other stuff so that coordinating things, calling things, writing things, whatever that day brings.

A

So, Max, you're originally from Germany, I imagine we could presume that you don't necessarily identify with a particular region anymore. But what are your thoughts on Germany these days? Because it seems to be what I would call a peak German bear market. What are your thoughts on that country these days?

B

Yeah, I was very bearish more than a decade ago, and my Expectations have been exceeded, so to say, not only Germany, the entire world is in economic downturn and basically a disaster created by fiat and governments. So the problems are real. The problems are continuously getting worse and more and more people actually recognize it and notice it. But yeah, thankfully there are solutions and there's ways to opt out, which I've done. And therefore, thankfully, German bureaucrats and politicians are no longer that much on my mind as with people who actually have to suffer them there physically.

A

No, Fair enough. And you have the big free speech problem in Germany, which maybe Noster will solve, but we'll get into that. But okay, let's just bring up this topic. I want to get into kind of the problems with traditional social media and spend a little bit of time on that. But before we do that, just give people a general idea, not too many details, but an overview of what NOSTR is before we get going here.

B

Yeah, so I'll just assume that I'm speaking to cypherpunks here, right? Because that's basically your podcast is all about. And so let's assume we want to coordinate with fellow cypherpunks, but based on our ideals, and asking for permission is not really one of them. And with all traditional infrastructures or social medias, you have a server and a server operator, and that server operator is defining identities of the user and he's granting them access, right? Permissions to that server, the database, the content on it, et cetera. And of course that trust can be violated and accounts can be closed, access can be denied, information can be changed and forged, and all of that comes with a huge amount of trust that we have to place into these third party providers of that infrastructure that we use to coordinate with each other. So in comes a new protocol based on cryptography and very simple web technologies to define a set of standards on how to create messages and how to interpret these messages. So the basic NOSTR event is basically a content, some message that you want to share with the world, and some metadata on how to interpret this content. Is it a short form post? Is it a blog post? Is it the release of a software, is it a reaction to someone else's post, et cetera. And these are all different protocols, different structured JSON data. And finally, this is signed with a private key using the Schnorr signature algorithm, similar to Bitcoin. And now this means we have a atomic unit, right? An event, a JSON file that includes not just the message that the author has sent, but also how to interpret this and how to display it in a client interface. But finally, with that signature, we authenticate that the content is from that original person who controls the private key and has not been tampered with. And because of the tamper resistance, we can now duplicate this content not just on one server, but on multiple servers. And we have a network of thousands, tens of thousands of relays that will receive these signed JSON events and store them and forward them to others. And it's very easy for you to run such a relay server. It's not much compute. You can even do it on a phone. And now that enables us to share a message with people, cryptographically signed and interoperable in the software implementations, such that any of us can now build a new interface, a client, an app, some piece of software that downloads and analyzes and views or displays these events and also creates them. And so this is a free open protocol for developers to engage with that data structure that was created by users, cryptographically attested to with them as their own sovereign identity or authentication service, and simultaneously a sovereign relay system to ensure that we have censorship resistant delivery of these events.

A

Great explanation, great high level explanation, Max. And so let's get into some of the problems of traditional social media. I'd really like to reinforce this because it's an alternative to something, right? And that the fact is that the traditional social media is still there, it's still very powerful, it still has the supreme network effect. And so to get people off of that, we should discuss some of the, you know, some of the issues. So we have this traditional Twitter model of social media, right, where it's maybe not as real world identity as something like Facebook. We can post things and people can engage and reply. We have Twitter. Noster, as you just mentioned, Blue sky has cropped up recently. Things like Threads, which is a meta product, Mastodon Substack is now replicating Twitter. That's where a lot of dissidents are going these days, onto Substack. So I've named a few here. What has been your experience across these different platforms? Obviously we're going to point to the fact that these are centralized services. That's the big difference that Noster is offering us. But just some of your experience across these platforms as a, you know, as, as a cultural or technological analyst, you know, the good, the bad, the idealistic. What are your, what are your thoughts on some of the traditional Twitter style social media platforms and where maybe they've gone right or wrong or just your overall thoughts?

B

Yeah, there, there are a couple obvious problems, right? One is that of censorship of, of the account itself. And I mean, even the President of the United States got censored from, from Twitter, which is crazy to think that, that there is a person or a group of people who can simply turn off the identity of someone in the online form. That's actually quite ridiculous. And so again, Nostr fixes this by using the individual as the authentication service, the identity service. You define for yourself the private key that you're going to use, and then the metadata that you associate with it, like the username, the profile picture, the bio, etc. So Nostr is a great solution for this. Another problem in the old world is, for example, shadow banning. There is this algorithm that decides who gets to see which messages when. And of course, if you can control this algorithm, then you have great power to hide information, to eclipse one user, to simply not see a certain set of nodes for whatever reason. And that of course comes with the benefit of, for example, not seeing spam. This might be so that you don't get boring content in the app, but of course this can be weaponized to make sure that you can no longer coordinate with your friends. And that's of course a problem. And here Nostr fixes this in the sense that the database sits on these NOSTR relays. And how exactly you're querying the data and how you're displaying this to the user is totally up to the developer. Meaning you can have a simple chronological feedback or choose whatever other filtering mechanism. But the beautiful thing is we no longer have a monopoly in Twitter. The Twitter team is deciding what the algorithm is and you cannot change it and you don't even know what it is. It's not even open source. In all the Nostr applications, the algorithm code is open source. Often it's very simple, like chronological. And then if there are more complex algorithms, you can in fact choose them on a free market of how do you want to curate your content, which is fantastic. Yeah. And so there are numerous other obvious problems with social media and other centralized platforms, and cryptography and basic distributed design really solves a lot of them.

A

You've mentioned some of the problems with these services. Number one, obviously they can just kick you off the platform. Number two, sometimes they can require KYC or other privacy invasive information. And number three, which seems to me to like we can understand the first two, in a sense, it's like it's right in your, in your face. But the, what has come to be known as the shadow banning is maybe the most permission pernicious because you know, for example, urban and I have been just endlessly experimenting on a place like Twitter to see like, hey, what, you know, what's. What gets engagement. What, you know, how do, how do people see our stuff? And it is so arbitrary. It's just so arbitrary. What people might see this and they might not see this. Obviously if you're following people, you're not seeing everything that they're posting. It's this really bizarre, fragmented world which, as you say, you don't even understand the rules behind the fragmentation. And it's this, you know, it's kind of schizophrenic in a sense. And it's, it rewards certain people and not other people. If you post about certain things early on, then it, like, those are the only things that it really, it really amplifies later on. So you can't just start by talking about Bitcoin and then transition to art later on. You're not going to be as rewarded for those sorts of posts. So this kind of really the, the old world of, let's say traditional forums Max, or IRC chat, where it's just, hey, here's everything. And sure, you have to sort through it, you have to, you know, skip all the garbage, but at least you see everything. It really does give you a different view of reality. What are your thoughts on that?

B

Yeah, absolutely. And as you said, right, that with one other point here is that with traditional social media networks, these are siloed, right? These are independent walled gardens. And someone who's on Instagram cannot send a message to someone who's on Twitter, which leads off to this siloing into independent networks where you have to grow your social network all over again. In Nostr, because it's an open protocol and the data itself, the events are all public, you can create a new application very easily that is tailor made and focused to one specific niche. And instantly with the first user, you have useful data that you can show to him because data already exists even before your application was started. And, and your user can talk to other people who are not even using your application. So this really puts an incentive in creating new applications that focus on something more specific. And now all of a sudden you can create applications that are perfect for a really small group of individuals. But still the cost of creating that app and maintaining it with the content is extremely reduced compared to the legacy system.

A

One more thing before we get into Nostr. Mastodon. Mastodon was supposed to be the decentralized saver. What do you think went wrong with Mastodon? Where did that service go wrong? And are there any lessons to be learned from Mastodon?

B

Well, let's start with the positive stuff, right? Mastodon is a protocol and an open source implementation, so that means it can be reviewed and audited, which is great. But ultimately I think it fails in the design and in its architecture. Because here still you have a server and an administrator who is the king of the castle, who decides who gets a user account, who decides who can access which posts. And if that operator shuts down the server, then your identity is gone, all of your posts are gone, all the relationships are lost. And with Nostr, the identity again is provided by the user, not by a third party server provider. And that non custodial aspect is incredibly important because any Noster relay operator can shut down and you wouldn't even notice it in the application. Because we no longer rely on server administrators for important stuff like identity and authenticity. We only rely on them for delivering messages, which is a much lower threshold of trust.

A

Okay, Nostr, how many people do you think are you using NOSTR these days? Obviously, you know, it's just more of a gut feeling I don't get. I don't see it get mentioned as often as maybe a year or so ago. How. Maybe this is a different way of saying like, what do you think is the biggest thing that NOSTR has done in your view so far?

B

Well, the biggest thing probably is to prove that a cryptographic web of trust like we tried back in the days with PGP is is achievable at a large scale with a friendly user interface and user experience. PGP key signing ceremonies were just cringe and almost never happened even among hardcore enthusiasts because they were quite complex and difficult to do. But following someone because you liked his post is a much more intuitive natural way of presenting to others that that you find value in a certain key's content. And this now means that we have actual high quality web of trust systems for a huge amount of cryptographic keys. And we are into the probably billions of private keys created for nostr. I don't have the exact number. That's just a guess. There is tens of thousands of relays. Again, I don't know about the exact number, but I personally run like three of them. And then we have daily active users or something like this. People who are posting every day is probably in around the 50,000, 100,000 something like this. So it's still quite nascent in the amount of people creating content at the moment, but there will probably be a factor of 10x or more of people who are just reading this content. And most clients are, or most users are just lurkers. They read but don't really write on the Internet. Which by the way is a great opportunity for someone to create an application that is designed for people to only read the content and not to make any public post on this. We can now actually do this. That's another specialized niche of an application that can be now satisfied that Twitter, et cetera, would never do, because their money depends on content being created and so they have a strong incentive to force everyone to do that. But if someone wants to remain more private and just read the news rather than be part of writing it, then the Nostr is a perfect fit for them.

A

So as with any technological revolution, it starts with how do I, you know, how do I get started? So how does one get started on Nostr? And a part of this question I think is just you have to change your understanding of social media a little bit because we're talking about a different approach that is going to require a little bit more, a little bit more work on your end, a little bit more running of your own things, a little bit more self responsibility. So how do we get into running Nostr? Max?

B

Yeah, so I think the best way to go about this is to use your phone. That's what most people engage with. So let's start with that. Of course you all are Graphinos users because that's the only secure, reasonable option out there at the moment. So here, one of the common problems with Grafinos is how do we even install applications and how do we know which applications are cool and good to try out? So there is an application called Zap Store. It is an app, a Noster client that tells you all of the events that were created by developers saying that, hey, I have a new release of my software and then you can verify the signature of the software release and you can verify the identity or the web of trust of this developer key. So you see that, hey, I'm actually following this developer who has just created a signature with that same key that he's shitposting with. So this must be the real application. So again, massive solution to the PGP software signing problem. And with this you can now install other applications again signed by the developers. And one good one to start with is Amber. Amber is an Android app for managing, for creating and managing your Nostr private keys so that you don't have to put your Nostr private key into other applications. It's a little bit like a Hardware wallet for your Nostr private keys. So you download Amber and you create yourself a new key pair. And here you can already say, hey, what's the username? And the profile picture of, of this key that you're generating? So you can set that. And next you would want to get a client to actually interface with the Nostr network. And for this on Android, the best is Amethyst, a cool Nostr client that works really well and does a lot of amazing things. So here you can see, you can search for people and you can follow them and see their posts and like them, react with them. Of course you can send Bitcoin to the people who have created these events because part of the metadata is actually your Lightning address. So it's very easy for anyone to send Bitcoin to you and for you to prove to the world that you've just received Bitcoin. So that we have a public signal that a post was valuable because people literally send money to the creators, which is awesome. So with Amethyst you can do a lot of browsing, which is cool. But then we have many other applications that are useful. One might be Fountain. Fountain is a podcasting Noster application where similar to any other podcast app, you can follow RSS feeds and download events just like you're probably using right now to listen to this podcast. But the cool thing is it is Bitcoin and Nostr enabled. So you can leave comments underneath any podcast and then engage with the creator of it, or you the creator can engage with your audience. People can easily clip out highlights of the show and just share this specific highlight on Nostr with other people. And for example, again that shows then up in Amethyst so that Amethyst users see the content that Fountain users have created. We also have, for example, you can run your own relay on your phone. So to make sure that all of the posts that you make are stored in a dedicated application that cannot easily be taken down. So you have a backup of all your notes and potentially even the notes of your friends just sitting there on the phone. Of course we also have things like private messaging for example. That's one of the projects I'm very excited about. That's called White Noise. You can get that on Zap Store as well. And it's a new Nostr client, dedicated and focused for private encrypted group communication. So a group chat similar like Signal has similar bit more advanced encryption. But the cool fact is that you do not need to have a phone number in order to create an account and that is again, the old legacy system. In Signal, we have an authentication service who defines the identity of users. And this specific authentication service requires a phone number, which sucks, of course. So in the new NOSTR paradigm now we can actually use your own private key to attest that, hey, this is a key that I'm going to use, so encrypt messages to it. So this is a way to start a group conversation without having to trust someone else to give you the identity and to deliver your messages. And these are really just a couple hand few of applications. We could talk for hours in depth about any of the hundreds of available NOSTR clients. And yeah, it's a cool protocol.

A

Oh, it's very cool. There's no question that the technology is cool. Whether or not we're going to get 99% of the population to do all the steps you just mentioned, I think is certainly a much different social question. Urban and I definitely need to come up with a tutorial for Nostr at some point. Maybe we'll add that to our Bitcoin course or release it in some way or another. Obviously there's all sorts of tutorials out there as well and Max is walking us through the basics right now. So maybe people will just follow these instructions. Max, you go through these steps. What are you now responsible for as a account owner of nostr? Walk people a little bit through that change of paradigm and what you are now responsible for, Right, in terms of it's not a centralized service that you're logging into. You're interacting with this social media, this Twitter like replacement in a different way. What are people now responsible for?

B

Yeah, exactly. So NOSTR uses similar cryptography to Bitcoin specifically for the signature part. So we have a private key whom you keep secret and a public key which you can share with others. And then your private key makes signatures that others who know the public key can verify. And this means that you have to keep a secret, ultimately a password. But in Bitcoin, the secret, this private key can be used to spend your money. In nostr, this private key can be used to publish messages and to decrypt some messages that were encrypted to this public key. So the cost of exposing your public key or leaking your public key is much less than in Bitcoin. Arguably there are some NOSTR use cases that are quite valuable as well, but not as much as losing thousands of Bitcoin. Then you should make a backup of this, because if you forget your private key, you can not use your account anymore. So for this you can, similarly to Bitcoin, just write down 12 words on a piece of paper, engrave it in steel, and then you have a secure backup to log into your account again in the future. And here, the original way to like, three years ago, when we started playing around with this tech, most people just copy and pasted the private key from one application to the next application, and that is good for just trying it out quickly and moving your identity from one to the other. But the problem would be, what if there's a malicious developer who's publishing an application that actually sends a copy of the private key to the developer, and in this case you would be compromised. So therefore we have developed these special applications or even hardware devices that are the only devices that will have your private key. And it will give some other device or client or app will send a request to your signing device saying, hey, I would like to create this post, please review and sign it. And then your own hardware sees if that device has actually a the authentication of the user to sign this device or this event. So nostr's security boils down to the private key. Make sure you don't lose it, and make sure that others don't get access to it.

A

How do we start following people, seeing what other people are doing, and maybe even discovering new people who are using nostr?

B

Yeah, so a relatively new addition to the protocol stack is something called follower packs, meaning that anyone can create a list of people that he suggests for certain topics that people should consider following. And now many clients implement the standard and for a first time user, they have different ways of asking him, hey, what are your preferences? Are you interested in sports or science or economics, whatever. Or just give the user a list of all available follower packs and then suggest to follow these people. You can also just start to show posts and naturally see which the user likes and interacts with, et cetera, and therefore filter the content further. So discovery is something that originally was not really that focused upon, but, but by now there are numerous tools to make sure that you actually find interesting people to engage with.

A

Yeah, so if you were in Noster a couple years ago, playing around and you found it a little bit too clunky for you, a lot of things have changed, so that's definitely worth coming back to the fold. Similar question, maybe this has been answered in the last couple years when it comes to the text that we're writing, the images that were posting, maybe videos, where does all that get hosted and what are we responsible for in all of that?

B

Yeah, so These are the Noster relays that are responsible for it. Think of it a little bit like a Bitcoin full node, or just like a software that on request gives data that it has in its local database to the person who requested it. And these applications, these servers can be run on many different types of hardware. You can have one on your laptop very easily installed or on your phone, but most often people have them in a data center somewhere with a lot of Internet access and really fast latency. So with this they are very easy to run, they don't consume much CPU power or memory, and NOSTR events are tiny. These are just really short pieces of text. So even if you have thousands of users, you're not going to be more than a couple gigabytes of data. So they're actually very cheap to run and just very boring. Regular server deployment. There's even some one click installations in Start 9 or Unreal for running a Noster relay. Haven is another relay implementation that is specifically targeted for individuals to host a set of relays for their own data and so that at least you have a backup of your own stuff. As a beginner user, you really don't have to worry about hosting your running your own relay. You can connect to any of the thousands of relays out there, and there are even indexer relays out there that connect to all the other many relays and get as much events as possible into their own database. Primal, for example, is running such an indexer relay. And that means that data is quite frequently replicated, especially if your posts are cool and people actually like them, they usually put your event in their own relay as well, just so that they have a backup of it. But if you really want to be very sure, you can run that relay yourself. These relays can either be free, but there's also paid variants. So if you want to make sure that the operator, the service provider, has some financial incentive to keep your data around in the long run, you simply pay them a rather small amount of money. But it adds up for them to make sure that the servers are paid for, et cetera.

A

What starts off as a pretty, let's call it hardcore protocol requires a decent bit of user responsibility. It seems like it has become a bit more streamlined as we've gone along, which obviously attracts a wider audience. Do you think though, where's the balance that we need to find max between, like, the more things that we're offloading to others, obviously the less censorship resistant things can become. What do you think is the balance that Nostr needs to strike in all of this. Does that make sense?

B

Yeah, and I think it's, we don't really need balance, we just need a multiplicity because again, we don't have one flagship client that has to be perfect for everyone. We can afford to create tens of thousands of clients that are specialized for a small niche. So what I just said earlier, right, Run Graphinos, Amber, Citrine, Amethyst, Poki, all of these different apps that would be a more advanced setup. And if you want to have that simple and just works and it's only one app, then you would install something like Primal. And it works on every platform, every operating system, a very easy to create a new account, comes with an integrated bitcoin wallet and things just work quite well. So there are many different applications that focus on specific clients or a specific user base. And that really makes a difference because now we don't need to build an app that works for everyone. We build apps that are perfect for a couple people.

A

The question for the hardcore privacy enthusiasts out there, let's use a nice example, the one I always like to use. You're in a totalitarian country, you're a journalist and you want to post articles that are critical of the regime. Okay, so that's the scenario. If you're in that kind of situation, you're willing to go to any effort. What are the privacy considerations that you should have when setting up your nostr?

B

Yeah, that's an important scenario. And one important caveat is that you are directly connecting to tens or potentially hundreds or even thousands of relays to download and upload your events. So you would want to have a secure and network layer anonymity technology to make sure that those relay operators do not know the IP address of yours or the location where you're at. So a VPN is a very simple solution to this. The Tor network is another great solution. It comes by the way built in to many NOSTR clients, including Amethyst. So you can configure Amethyst such that all the traffic gets routed through Tor and we use different TOR circuits for different relays, et cetera. So take care of your network level privacy. But yeah, other than that, general best practices. So you consider not to do it under your government identity, but rather use a nim. The cool thing is that NOSTR is again user defined identity. So NIMs are allowed in, I don't know, Facebook, for example. You have to sign up with your real name and they will kyc you to make sure that that's the case in Noster, that is simply not required. So you can create one or multiple new accounts, as many as you like. And that might be something worth to consider also, for example, timing attacks. When do you upload your messages and when do you download them? So here, consider writing a small script that randomly publishes your events instead of you always publishing them when you wake up to obfuscate where exactly you are in what time zone.

A

How about running your own relay?

B

Yeah, running your own relay is interesting because it's a little bit like a buffer or a vpn. Right? Instead of your phone connecting to all those random relays to downloading the events, you have a relay that downloads all of the relevant events from other people or from other relays. And then your phone only connects to your own server that you run somewhere. And it could be a laptop or whatever. There are certainly benefits to that. Yeah. Then if you do want to run a Noster relay anonymously, again, consider something like the Tor network for hidden services. But those are difficult to actually run for a prolonged time privately. So running a relay completely anonymously will be, I guess, difficult if your adversary is the ISP social.

A

Question for you, Max. It's occurred to me recently that technology is much less. This is my opinion, you might disagree with this. Technology is much less powerful than the narrative, the branding around something. And one of the narratives or the branding around Nostr has been that this is for bitcoiners. How much of a problem do you think that is? And when you get into Nostr, is it mostly people interested in bitcoin that are using it? Because, you know, and look, people are wrong potentially for doing this, but you'll see the Monero people, or you'll see other people say, oh, that's a bitcoin thing. I'm not, you know, I'm not touching that. So when you get into nostr, is it currently, at the moment, obviously it can change, right? It's. It's got other benefits. It's not a bitcoin product. Do you think that's a problem? And when you get into Nostr, currently, is it a lot of bitcoin talk?

B

So I would say currently we've reached a scale where it is a quite diversified communication and you can find someone in almost any niche. Throughout the history, certainly bitcoin was a seedling topic and bitcoiners were the original bootstrapping audience of this protocol, for one, because it simply was created by bitcoiners and therefore was in this bubble from the very beginning. And of course uses Bitcoin's cryptography, et cetera. And so I think actually bitcoiners are a perfect initial target audience for bootstrapping such a network, because how you bootstrap it is quite important for future life of the system. And so bootstrapping it with people who are freedom conscious, privacy consciousness, and sound money conscious, that I think gives a nice and I guess developer entrepreneurial conscious. Right. A lot of people in Nostra are builders. We have more developers than users at the moment. And that I think is quite important to lay a solid foundation. And what we've seen since then is waves of adoption where new people come in, get introduced, get excited about it. Some people leave because they're done with it, but the growth is, I would say, quite steady with explosions of activity. And I think I would say that's quite natural in terms of the scale that we're currently at. So, yes, there is a lot of bitcoin talk, no question. But bitcoin is an interesting thing to talk about, so that's not so bad. But there is also a huge and flourishing Monero community, for example, and I'm sure that there are other small niches that will continue to flourish. I mean, one of my favorite is artisan craftsman. Like a year ago or so a stained glass restorer has joined, so he goes to old churches and cleans up and refurbishes the windows. Beautiful work. And so there's hundreds of pictures from him presenting his work. Same with leather craftsmen or stone masons, et cetera. There really is quite broad areas covered in Noster. And even if your particular niche is not there, then that's a huge opportunity for you to place yourself early as an expert or important person in this area. So if you were an early adopter to bitcoin, you placed yourself early in the creation of a new money and therefore gained a tremendous amount of value in the monetary sense simply by being early for a new network that was adopting slowly. Nostr is quite similar. If you're in Nostr early, you're early inside the network effect that if NOSTR continues to grow and reach a large amount of people in the next couple of years, then you stay into gain substantially in the network of social relationships. And that will open up all types of opportunities for people to be well connected with someone else who can make something happen. So I think being early to Nostr is not as financially rewarding as being early to bitcoin, but it will be much more socially rewarding.

A

Speaking to the normies for a moment here, they're listening, they realize, hey, I, I want some of the benefits of Noster. I'm willing to go through the little bit of a process to start it up. Once they do that, what is the day to day maintenance? What do they have to do? Kind of an on ongoing basis or if they get through those initial hurdles, is it just, hey, I'll post something on Twitter, but I'm also going to post it on Noster, the same sort of thing. And then I can also post it on Substack or wherever else they are. Is it very straightforward once you get it going?

B

Yeah. So data duplication is at the heart of Nostr. So it's definitely a good idea to whatever you're posting on Twitter, copy paste it on Nostr. It might even be easily doable to create a bot that does this automatically. Noster is very bot friendly. The issue might be to get the data from Twitter, but there might be ways around this. So yeah, just do your regular posting, whatever you want to share with the world and that can be a copy that can be made custom just for Nostr. If you have any specific questions about Nostr, just make a hashtag asknostr and people will likely respond. Oh yeah, it's probably a good idea to introduce yourself with your first post. So hashtag introductions is monitored by a lot of people who want to welcome new users of this protocol. So this will probably get you a decent initial engagement. And then don't just create top level posts, respond under other people. That's a cool way to bootstrap your following because people read the responses even if they don't follow the person who writes it. So engage. And of course occasionally you will have to check upon your bitcoin wallet and see all of the sats that you stacked from people who liked your content, which is really funny when that happens. I went to a bar and was paying for coffee and I get out my phone to pay in bitcoin and it loads in the background all of the money that I've received on Nostr since the last time I opened the wallet and it was exactly the amount that were for drinks and dinner for me and a friend. So it really can happen that people buy you the food that you eat just because they have appreciated some of the words you said.

A

Yeah. How dependent is Nostr on lightning? And do you have to be in a lightning ecosystem to be taking part in Nostr?

B

No, you do not. So you can create basically any Nostr event without touching Bitcoin or the blockchain entirely. How these Lightning payments work is that in your profile where you have your name and picture and bio, etc. You can add a link to your website, for example, or also your lightning network address, which makes it an easy way for people to pay you. Then on top of that, next to your lightning node, you could run a server that then attests to the public that you have received this lightning payment. And that's, that is what we call zaps a server that says hey, I just got paid by this person. And that is optional. You can easily run it for example in BTCPay there is a plugin for that. And then for most nostr clients do not have a wallet integrated with which you can actually send bitcoin. So usually when you click zap someone, it would pop up, hey, with which of your installed wallet applications do you want to pay this invoice and you select and make the payment. That's usually how it would go. But there are ways to have a more NOSTR native wallet experience. One of them is called NOSTR Wallet Connect. So let's say you have somewhere a lightning node, a wallet sitting around with money and you would like on to send money from the phone, right? And so now you can authenticate your phone towards the to your lightning node via nostr. So the node has a public key, your phone has a public key and you can configure that these two are trusted. And then whenever you want to make a payment from the phone, you send a nostr direct message to the public key of your lightning node and then instructing the the node to send some money to a certain address. And so this is really easy to add lightning payments into an application because you don't actually have to integrate a lightning wallet, you just have to integrate a small noster client or app that signs a message to someone. So very simple process. And then the third way of doing it is with ecash. So specifically Cashew Hran Ecash Money Warehouse protocol on top of Bitcoin. Basically a custodial wallet with some cool privacy features. And the way that ecash gets transferred is that you basically copy a signature and send it to someone else. So this is a token that you send over whatever communication channel. And of course we can use nostr as our communication channel. So I simply put an ecash token inside a nostr event and optionally encrypt it and send it to the receiver whom I would like to pay. And he can then for example store these ecash tokens on the nostr relay, which then means that different applications on different phones can control the same E cash wallet because the database that they're using is actually on nostr.

A

Obviously I haven't engaged with Nostr just yet. My goal is by the time I release this to have a profile for people to follow and be active on nostr. That's going to be my goal. So people can check the show notes for that. And I'll insert my credentials in a moment here post production when I have this set up. So I'm a little bit ignorant obviously, Max, but probably I'm speaking for a large audience who also is. Now I did talk to somebody who played around with Nostra a couple of years ago and what they remember about it is that there were things like there were a group of people, they would send messages and like one in five messages wouldn't come through. They talked about how they thought the bandwidth was a little bit intense in terms of how much was being used. Are those still issues? Are there any other kind of quality of life problems that NOSTR either has now or has solved?

B

Yeah, so there are a couple issues fundamentally in its design in terms of message delivery. If you're connected to relay A and I'm connected to relay B and you want to send me a message and you put it on A, but I'm not connected to it, then I will not see it. And so we need to have a smart way of connecting to the same relays. And of course we put our messages on multiple relays, so eventually we'll find a match. But there are smarter ways to do this and that's known as the Outbox model. The recent Amethyst release actually implements this. So now Amethyst can connect to. My phone is currently at over a thousand relays, so message delivery is much more resilient in latest editions of the architecture, then things like bandwidth is certainly an issue simply by its decentralized nature. Again, as I just said, a thousand relays connected to from the phone, that means a lot of wasted bandwidth for setting up these connections and maybe downloading multiple event twice. There's ways that you can optimize this, but that is a fundamental limitation. If you want that the phone can be sure that it doesn't have to trust any other server in particular for delivering the messages, then you will simply have to connect to many servers. If that is an issue, then you could for example, run a trusted server that does the reaching out to thousands of relays and then your phone only has to connect to this one relay and will only get every event Once there's many ways that you could run this again. Primal is one good example. Here they have this caching server integrated and that means it's much less bandwidth intensive as something like Amethyst. Amethyst can be configured for this bandwidth saving mode as well. It's a bit custom work, so it really depends on how developers are implementing this. A lot of the problems can be solved, but in many NOSTR clients they have not been addressed. So that is a bit of a downside of a more decentralized system that not every application is as good as the other. So yeah, these are some of the issues. And maybe to that first point of group messaging, specifically in the context of private messaging, the original Noster protocol is very bad. There was a very hacked short term standard initially that then stayed around for years and later there were some minor improvements to it. But ultimately NOSTR is originally designed for public messaging and not for private. But this recently has changed with the introduction of the messaging layer security protocol on top of mls. Sorry, on top of nostr. And this allows us to create scalable encrypted group communications where we have encrypted groups with the size of a million users and it will still work efficiently with reliable message delivery and good authentication. So the group encrypted messaging problem is being worked on as we speak. So check out White Noise if you want to experiment a bit with that.

A

So NOSTR people can just kind of picture Twitter in a certain sense. That's maybe the look and feel. What are some other things though that you can do or that you may soon be able to do with Nostr? What's the other features and maybe future potential?

B

Yeah, one other cool aspect that we didn't speak about yet, and that goes back to our previous conversation about Bitcoin privacy, is that there are services in Bitcoin that are useful, but it's difficult to discover new providers of this service. So the perfect use case that's implemented in OSTER is for coinjoin coordination or for ecache operators. The operator of such a service can publish a Noster event with the metadata of Hey, I am a coordinator of the Wabi Sabi protocol. You can reach me on this address and here are my fees or any other description. And now someone can build a client that looks up on the NOSTR network if there are any announcements of a coordinator available. And now you all of a sudden see that, yeah, There are these 10 different coordinators that you could choose from. And on top of that you can build a reputation system where people can leave comments or reviews of these service providers. So extremely powerful to discover providers of certain services and then to make sure that you're connecting to a reputable solution. Another extremely important aspect is, for example, marketplaces. For a long time we want to do commerce online and do so privately and freely. And in all previous attempts failed because of a centralized server that was used for creating the identity of users, for storing the messages of those users and even storing the money of those users. Early Bitcoin marketplaces were all custodial. And so all of these three vectors of centralization need to be removed. And we have that with Nostr. There is a standard for creating a event of you selling a product with certain characteristics. This is, I think Nip 99 is the standard that defines a merchant and certain offers or products of this merchant or collections thereof. And now you can browse the catalog of Nostr merchants on again, thousands of Nostr relays and you can duplicate them and make sure that they won't be censored. And you can engage into a direct message with that merchant to clarify any things about the trade and ultimately get the product deliver and make a payment. And again, without any important server that requires trust in the middle, all that's in the middle is a dumb message passing relay that takes messages from left to the right and that is all. We only trust relays for uptime and delivery of messages, but not for authentication or anything else that is important. So yeah, the number of Noster applications really is way too much than to talk about. I could just give you a small glimpse here. There's many more.

A

Maybe we didn't emphasize this early on enough because I think this is the most desirable aspect of Nost. Nostr is that it is censorship resistant. Let me phrase it like this, Max. Let's say that the next pandemic happens and people aren't allowed to say certain things on Twitter or whatever the case may be, and people are posting on Nostr. What about that? Or what would a. What would somebody have to do to shut down the ability of somebody to message on Nostr? As a way of getting to this question of what does the censorship resistance of Nostr mean?

B

Yeah, so let's assume we have a really powerful adversary and let's assume we have quite an average user, someone who just has a phone installed. Primal. And so whenever you're making a post on Primal, it's actually connecting to 10 different relays or something like this and broadcasting your posts. If the government comes and says, hey, this user should not make any posts anymore. It has to go to 10 different relays to ask the message to be removed. Now these relays could be in different jurisdictions, and so all of a sudden it's an international affair and they might be run by anonymous people who are not even able to be identified. But still, let's say they do succeed. Or maybe specifically they succeed with Primal. That's an application built by a company in the us. Assume Primal doesn't want to provide you service anymore and so they change their software to exclude you specifically in their client. Well then you simply go on and connect to another NOSTR client and start using that. And that might be developed by someone else in a different jurisdiction. And that would mean it's no longer possible for any one developer to exclude one specific user of the software. And then in terms of relays, well, you usually start out with just any public, free, available relay that's out there. But then if someone starts to remove your messages, then consider paying for it. There are paid services and of course if there's a financial incentive for Relay to accept your messages, they're more likely to do it than if you expect them to do it for free. And if that doesn't work either, then you can just run your own relay. Even if every other relay on this planet has decided to delete your nodes, your relay will still provide them. And now you just need to get your followers to connect to your own relay and they will get your messages. And then Noster relays do depend on domain names. So relay.primal.net, for example, is the URL of the Primal relay and that can be shut down as well. And of course if the domain to your server is cut, then any software provided on the server cannot be served to the users anymore. So what you could do then instead is to run your servers behind an onion address. You're again a self identified private key based addressing scheme for IP addresses that are also much more private. So if you run this hidden service in anonymous configuration, it might even be very difficult for someone to find out which IP address the actual server of this relay has. And this would make further censorship more difficult, like someone shutting down your VPs, like your online data center. And if that happens, you just buy an old $100 laptop and hook it up to some cellular Internet or satellite Internet somewhere in the forest. And you run that on solar power and it will expose your relays or your nodes to whomever you would like. So NOSTR is a really simple solution and foundationally it's Just a websocket connection, which definitely can be censored in many aspects. But because we don't trust those servers anymore as much as we did in the past, we can simply afford to duplicate our content to many relays and then the likelihood that all of them get compromised is exceedingly low.

A

Is there anything we didn't touch on regarding Nostr that you would like to relay?

B

Yeah, Nostr is really broad and it's always difficult as a presenter here to make sure that you don't forget any of the huge number of apps. And that is because Nostr is so incredibly developer friendly. Like literally, if you're a somewhat decent developer, you can write from scratch a Noster client, a Noster relay with a cool interface in a day or a weekend. It's really incredible. So much so that you don't even have to be a developer anymore to create a new Nostr client. There's a great website called Shakespeare diy like the author, and this is a web based Vibe coding application that allows you to build Nostr apps very, very easily. So one of the recent hypes on Nostr has been vlogging because we can also upload videos not to Nostr but to Blossom. It's a related protocol we didn't talk about yet, but ultimately someone Vibe coded in a day for like $100 worth of compute a new Nostr client where you can record a video of yourself and upload it and share it to your friends. And a couple people picked it up and found it really great and started using it. So much so that There are now three different applications that do this, both on iOS and Android. And it was already added to applications like Amethyst. So it's all of a sudden very easy for you. And again, the guy who started this whole thing is not even a developer, right? He just used this website to make a simple app where you can upload videos and that started a new hype cycle on Nostr. So go to Shakespeare DIY and try out that. And I tell you, even if you're not a developer, you will be able to create a new website that interfaces with the Nostr network. And it's quite mind blowing when you see something cool there.

A

So I'm going to certainly try to get Nostr set up in, in advance of the release of this episode. So by the time this releases you can check the show notes and connect me with me there. We'll try to have our own tutorials moving forward. Obviously we want to participate in this ideologically aligned for sure. It's just one of those things I never got to so really appreciate Max Hillebrand explaining Nostra to us in a way that few people would be able to do. I know you don't like shilling things Max Hillebrand, but please let people know where they can find you, follow you and how they can. Thank you for your time.

B

Yeah, I like to opt out of bad things and so I'm not on Twitter anymore so you will only find my posts on Nostr. So you can get my public key. That's maxowordsliberty.com because by the way, you can link your public key to a domain and then have something like an email address where people can find your public key, which is pretty cool. And yeah, try out all or some of the apps that we talked about today. There are many and more to choose from. And yeah, I guess the other humble plug I can make is I wrote a book about privacy, the Praxeology of Privacy. So trying to bring the cypherpunks and the Austrian economists together and explain why both of these systems are so awesome and so beneficial to each other and complementary. You can get that on my website. Towards liberty.com pop towards liberty.com pop all

A

right, thank you Max.

B

Yeah, thanks Gabriel. I'm really enjoying to be back here on the show and hopefully we'll get to chat soon about yet another amazing freedom tech that we've come up in the meantime. And until then, thanks for your continued work of spreading the good work, the good word on how people can improve their privacy and security. That's very helpful.

A

Hey, thanks for listening. I could really use your help. Real quick if you could share this episode with someone, engage with me, leave a review anywhere. This helps me to break the technocratic shadow banning that is happening with my brand. And of course, if you really want to escape the technocracy, go to escapethetechnocracy.com privacy tutorial series, books, newsletters, consulting and of course you can leave a donation. Thank you very much.

B

Sa. Sam.