For censorship resistance, there are several huge threats not really addressed by Nostr: ICANN DNS, cabal TLS, ISP.
Low handing fruit: never ever use ISP nameservers. Run your own resolving DNS server. Do NOT use the ICANN root zone unmodified. Practice adding private TLDs - from the common 'LAN' TLD for local names to secret TLDs that you share only with trusted collaborators to public alt-TLDs (like .NOSTR) that anyone can use by configuring the name servers you supply. Always use your own primary DNS server. Use peers (even competitors) or 3rd party services for secondary service. Note that 3rd party secondary services will only handle ICANN TLDs. Consider becoming a server for the opennic.org collection of alt-TLDs. It is good practice.
Cabal TLS is not secure and never has been. The cabal can forge certs and MITM https and other TLS connections. The problem is that common browsers trust all cabal CAs for all certs. The first step to addressing the problem is a PKCS#11 policy for the browser. I just learned that all browsers are supposed to support that last week (I was working on an extension to "veto" certs via user supplied rules or js code). Normies need a simple way to use private CAs with confidence they will be trusted only for designated domains/TLDs (and that cabal CAs are NOT trusted for those domains/TLDs).
When I started on the internet, we connected peers via rs232 cable, a leased line, or a 24x7 phone call with a dial-up modem. These methods improved, and additional tech like coax, 10baseT, ISDN, Wifi, etc were added. The internet remained decentralized until around 1996, when globalist began pushing for a more centralized approach. Not only ICANN, but convincing people to drop peer connections and just use an ISP, drop self-hosting and just use a service. All this centralization was so convenient. Nicky Haley advocates a national ID to access an ISP. Elites will be pushing for this. It is past time to relearn peer connections.
The best technique IMO is virtual global mesh networks. These support a mix of ISP and peer links and do not rely on the original internet routing (BGP) which required too much manual intervention. The best virtual nets are e2ee with authenticated IPs (IPv6).
IPv4 must die. It has become a tool of centralization. (But you probably have to compromise to accomodate normies until they can install a p2p enabling VPN on their devices.)
Custom Designed /
npub1thx…jfj3
2024-01-28 04:34:41
in reply to nevent1q…uunk
Author Public Key
npub1thxca0y6klep9jg8k5gqw6dndwdw4l0caz0j88vhetwhnadp00wqtpjfj3Published at
2024-01-28 04:34:41Event JSON
{
"id": "10dc271679bddf28b155178f3c55bb8eb0b3064aa3cb24f419c30e7cea41c1ad",
"pubkey": "5dcd8ebc9ab7f212c907b5100769b36b9aeafdf8e89f239d97cadd79f5a17bdc",
"created_at": 1706412881,
"kind": 1,
"tags": [
[
"p",
"ac3f6afe17593f61810513dac9a1e544e87b9ce91b27d37b88ec58fbaa9014aa",
"wss://relay.damus.io/",
"SimplifiedPrivacy.com"
],
[
"p",
"d4ad3b6eeaff13fe0ccac86d2294049798ae2e397796ada5be3196592e56e2a7",
"wss://relay.damus.io/",
"cryptowolf"
],
[
"e",
"000001fcd7b3165f56c60145e3021486ef541a76dae0024ef55e5fe3133c9c84",
"wss://relay.nostr.bg/",
"root"
],
[
"e",
"14f0e127fda0f9a9bd25eb58807d3af6e1fea37a168d799f992865fb384bbfb0",
"wss://relay.damus.io/",
"mention"
],
[
"e",
"450f06e3ec056a7871bcefc32e296f300dd4344a798b75ce7dfe36d1133d3755",
"wss://nostr-pub.wellorder.net/",
"reply"
]
],
"content": "For censorship resistance, there are several huge threats not really addressed by Nostr: ICANN DNS, cabal TLS, ISP.\n\nLow handing fruit: never ever use ISP nameservers. Run your own resolving DNS server. Do NOT use the ICANN root zone unmodified. Practice adding private TLDs - from the common 'LAN' TLD for local names to secret TLDs that you share only with trusted collaborators to public alt-TLDs (like .NOSTR) that anyone can use by configuring the name servers you supply. Always use your own primary DNS server. Use peers (even competitors) or 3rd party services for secondary service. Note that 3rd party secondary services will only handle ICANN TLDs. Consider becoming a server for the opennic.org collection of alt-TLDs. It is good practice.\n\nCabal TLS is not secure and never has been. The cabal can forge certs and MITM https and other TLS connections. The problem is that common browsers trust all cabal CAs for all certs. The first step to addressing the problem is a PKCS#11 policy for the browser. I just learned that all browsers are supposed to support that last week (I was working on an extension to \"veto\" certs via user supplied rules or js code). Normies need a simple way to use private CAs with confidence they will be trusted only for designated domains/TLDs (and that cabal CAs are NOT trusted for those domains/TLDs).\n\nWhen I started on the internet, we connected peers via rs232 cable, a leased line, or a 24x7 phone call with a dial-up modem. These methods improved, and additional tech like coax, 10baseT, ISDN, Wifi, etc were added. The internet remained decentralized until around 1996, when globalist began pushing for a more centralized approach. Not only ICANN, but convincing people to drop peer connections and just use an ISP, drop self-hosting and just use a service. All this centralization was so convenient. Nicky Haley advocates a national ID to access an ISP. Elites will be pushing for this. It is past time to relearn peer connections.\n\nThe best technique IMO is virtual global mesh networks. These support a mix of ISP and peer links and do not rely on the original internet routing (BGP) which required too much manual intervention. The best virtual nets are e2ee with authenticated IPs (IPv6).\n\nIPv4 must die. It has become a tool of centralization. (But you probably have to compromise to accomodate normies until they can install a p2p enabling VPN on their devices.)",
"sig": "a73a30b9c91ec049185e79b75113006fec92c13285121736103d88e1629d3a8f948310e372b94ba11537697008bc204e9f5a0c20a4ad18ea4e3bb309d8b086fc"
}