Nostr
Nostr is a protocol family for publishing signed events to replaceable relays. A public key is the canonical identity, and clients can read from or write to multiple relays without a canonical account host.
Strengths
Relay substitution makes account-level deplatforming harder. Signed events can be verified independently of a server, and clients can assemble different views from different relay sets. The base protocol is small, while optional Nostr Implementation Possibilities add social, messaging, moderation, payment, and application conventions.
Security boundary
Public signing makes authorship durable and turns private-key custody into account security. Relays may observe a client’s IP address and subscriptions. NIP-09 defines deletion as a cooperative request; it cannot remove all copies from relays or clients.
NIP-17 adds gift-wrapped encrypted direct messages. NIP-44 itself states that its encryption alone lacks PFS, PCS, post-quantum protection, and IP-address protection, and recommends specialized E2EE software for high-risk chat. Private messaging is therefore an optional application profile, not the base network’s strongest use.
Messaging interoperability is profile-specific
Nostr clients are not automatically interchangeable messengers. The base protocol standardizes signed events and relay exchange; optional NIPs and higher-layer protocols define how an application interprets those events as conversations. Two apps must implement the same message kinds, encryption and wrapping rules, relay discovery, and group-state model to interoperate meaningfully.
| Profile | Shared semantics | Compatibility boundary |
|---|---|---|
| NIP-17 | Gift-wrapped encrypted direct messages and small ad hoc rooms | Compatible clients can exchange the defined message events, but the profile has no administrators or bans and recommends another scheme above ten participants |
| NIP-29 | Relay-scoped groups, membership, roles, moderation, and reconstructible state | Clients can share a group on a supporting authoritative relay; its state model is not a NIP-17 room |
| Marmot Protocol | MLS-based secure group state carried through Nostr | Required MIPs aim at cross-client compatibility, but the protocol remains experimental and is not compatible with NIP-17 or NIP-29 rooms |
Shared relay transport proves only that applications can publish and fetch events. It does not prove that they can decrypt the same messages, reconstruct the same membership state, or agree on history, moderation, attachments, and recovery. Apps using private event kinds or divergent conventions are effectively separate applications on a common event network.
Secure and decentralized communication stacks compares Nostr with ActivityPub and AT Protocol.