Thread

Can someone make a good argument of how web of trust would work with bitchat? The way I think of web of trust is that you need to bootstrap it with well-known identities. What if you just want to talk to people around you in your village and you don't care about well-known nostr users?
calle's avatar calle
I don't think that's what we're building. We want to talk to everyone in a location and people you don t know. There is no concept of following. You're thinking about a Twitter clone with feeds and follows etc. Let's play it through: How would it work in your mind? You travel to SF and you want to know what's up on SF. You have 0 friends in SF. Vice versa, you're in Tokyo. You want to ask all your neighbors where the best events are today. You don't know who's loving around you.
View quoted note →

Replies (33)

I think, locality is the key here. Back to the roots of bitchat. But other than "chat only with who's in reach of your antenna", use the antenna to collect and broadcast keys. And then use these keys to limit the chat with encryption! Key leaking will still be a problem sometimes but at least it would work for some time for most locations. My street chat would remain private but some "Pub-key Bar" chat would probably get spammed and would have to rotate keys often.
↩ replying to Leo Wandersleb
So every user could pick their own deterministic symmetric key to encrypt messages while broadcasting the key locally and collecting other keys, too. When messages are received with other known keys, these keys can also be used for own messages, so maybe a location will end up using just one key, making it easier for people living at the far extreme of the locality to be able to read all messages.
↩ replying to Leo Wandersleb
With the above, local chats would be encrypted but sometimes we want proof of locality for local plain text reports - reports/live footage/fotos/... known to have emerged from a specific location. Crypto can certainly help there, too. So some key hashes could be published for a geohash ahead of time but only the group members know the keys - again, only transmitted via local radio. Now, reports signed with those keys would have a high assurance of emerging from that location but other group members would have to check on those and confirm/deny having seen them on local radio.
↩ replying to Phillip D. McCombs
It's a toy and I bet it was done before a million times. Jack promoted it, so now there's some 100 users but spam already arrived as was to be expected, too. If they would stop improving it now, the project would die within a week. You do realize that messages are plain text public? And people read and write to whatever channel is busy but only to channels that are far from their actual street address to not dox themselves just in case? That won't change unless we improve the project.
↩ replying to npub1k2vc...fh9l
{ content: "\"early here\" yeah like what 5 am ", created_at: 1756027640, id: "7734b860e3e52380c326e3d59fad9014634e57ae0601c08e128b908a30311183", kind: 20000, pubkey: "10fa849a2d521b853b0f3d3d92218b8fb1fa785f880e407246631e56140cb68c", sig: "2a1257c3f68ca3aa2ab4220057532b4fab955a1d7fc7ad6be719ae31b136930c328d54648124fd23dc8eb5439d16780844ccebf800e4365488020218680c7e3d", tags:[ ["g", "u0"], ["n", "MikaMisonoIsMyWife"] ] } Basically kind:1 events.
The answer is an ephemeral WoT. When you hug A, you give +1 trust to A. When you slap B, you give -1 trust to B. Then, the users trusted by A (ephemerally) form a WoT that can be used to collaboratively mute untrusted people. That is collaborative moderation. It is invented by @ABH3PO, and I’m working on a topic-based feed.
↩ replying to calle
Yeah I'm not sure this works in the ephemeral scenario, It works in a topic feed with persistent npubs, because you can choose your moderators and minimize the abuse, in an ephemeral scenario you can abuse the moderation mechanism and the user doesn't get an option to chose or the choice is meaningless since there's no PoW attached to it
Been thinking. reading the white paper with morning coffee. Calculations part. Gambler’s ruin problem - I think can relate to spam issue. For example, meeting someone in real life, you are less likely to spam them due to potential of repeated interaction - @jack QR idea. Assuming p(probability honest node finds the next block) > q (probability attacker finds the next block) and with law of large numbers (repeated interactions). The attacker should not be able to catch up with honest chain. Or Poisson distribution can be used to spot spam in bitchat, i think, by modeling through LLM the number of spam messages received within a fixed interval of time, such as a day or an hour, and identifying significant deviations from the expected average rate of spam. Those natural deviations from expected rate of spam, outliers, are your real people, becoming the expected value of honest blocks. Can filter without centralised bias maybe. P.S. love that you did not abbreviate WOT, i now know it means web of trust. I know pow is proof of work :)
I personally think adding geohash teleportation ruins bitchat. Mesh networking authenticates both proximity and identity (as someone geographically proximate) using actual physics. Abuse is still possible, but limited to people actually near you, which means you have recourse, or can mute peers without "scaling". High-quality globally-accessible location-based chat *must* be curated, either using web of trust, or by using trusted relays. One possible approach to creating a web of trust tailored to this use case would be to stack web of trust on top of mesh networking with location attestations. In other words, start with some root trusted accounts who are allowed to attest to other users' location (for example businesses known to be located in a particular location). After a certain number of attestations, users gain the ability to make attestations for other users. Attestations might expire after a while to account for people moving from place to place. You'd have to be careful about this, since attestations can be forged. As far as I know there's no way to do non-social "proof of location", although crypto land seems to have tried.