Thread

🛡️
Theres nothing primal is doing right now that can’t be done with a no-backend client. The hack risk of your client trusting zap addresses from a trusted backend is too high, money could be sent to the wrong place, this would tank nostr’s credibility. A centralized server has complete control over what you view, they have censored users on the past on trending. They have complete control to manipulate follow counts to make people look more popular and others not, the counts don’t match up at all with other indexers. The server can go down leading to the app not working, leading to people viewing nostr as unreliable. The wallet is heavily kyc’d and doesn’t work in many places including where i live. The system is very brittle, and is set to implode the second they run out of money, and can easily lead to a very easy to censor experience without much effort from governments and ISPs… but hey, what do i know, im just a “butthurt dev”

Replies (2)

🛡️
Look, I'm trying not to embarrass you, but it's clear you don't know what you're talking about. It's not 2000 anymore; servers have immutable, verifyable runtimes that can't be hacked the way you are talking about. It is possible, just not common practice, to provide full attestation of server code so that users can verify (byte by byte) that build A is running in immutable container B. note156x0nyw5wlthztyne4uaekvffu9hhmh7lhl5u3yskkvksvkavhxsmvp48h
I thought the zap addreses where stored in a local cache. having it in the backend would be innecessesarily wrong, I give you that. Their should be different sources of indexers and should have a Merkel root that contains all events that attestate for each post so u could audit it.