I think they're going for the opposite. They are building i...

cloud fodder

npub10npj3gydmv40m70ehemmal6vsdyfl7tewgvz043g54p0x23y0s8qzztl5h

hex

446f0bb6d3f617acecee5f48600f554dc0941b5389d5a082effecc5211859041

nevent

nevent1qqsygmctkmflv9avanh97jrqpa25msy5rdfcn4dqsthlanzjzxzeqsgprpmhxue69uhhyetvv9ujuem4d36kwatvw5hx6mm9qgs8eseg5zxak2hal8umuaa7laxgxjyll9uhyxp86c522shn9gj8crskmcp72

Kind-1 (TextNote)

2026-03-24T16:04:37Z

↳ Reply to mleku (npub1fjqqy4a93z5zsjwsfxqhc2764kvykfdyttvldkkkdera8dr78vhsmmleku)

authmageddon comes, my relay dev/operator frens.

I think they're going for the opposite. They are building it so that all events are wide open access. The relays will not be able to ask for AUTH, nor do any kind of rate limits to protect from DoS (other than IP limits, which are flawed and hurt the ToR).

AUTH could be added in to the client, but it likely won't. BUT if it did, then you could have say, per-device auth keys, or keys not tied to any nostr id, just that registration will be harder that way and the relay still cannot protect because it does not know which groups are what. The addition of this complication makes it sound nearly impossible to add later.

So yeah, using auth with it. Seems like a non-starter to me.. Designed like this on purpose. A huge message broker free-for-all to read and write all groups.

Raw JSON

{
  "kind": 1,
  "id": "446f0bb6d3f617acecee5f48600f554dc0941b5389d5a082effecc5211859041",
  "pubkey": "7cc328a08ddb2afdf9f9be77beff4c83489ff979721827d628a542f32a247c0e",
  "created_at": 1774368277,
  "tags": [
    [
      "e",
      "003ef27fcdaf123483c00682fb48f7c41875fb00e3160b63c2fcc8ae15472bdf",
      "wss://pyramid.fiatjaf.com/",
      "root",
      "efc2b6e59480f0e55cc87c69af06b6d1a11fa25e4ea95a439878c41799c53c19"
    ],
    [
      "e",
      "a4bebea29a57f9ac4c89d60d26d04b714d2fbf1bbf41a737c99e95b530c27e69",
      "wss://theforest.nostr1.com/",
      "reply",
      "4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f"
    ],
    [
      "p",
      "efc2b6e59480f0e55cc87c69af06b6d1a11fa25e4ea95a439878c41799c53c19"
    ],
    [
      "p",
      "4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f"
    ]
  ],
  "content": "I think they're going for the opposite.  They are building it so that all events are wide open access.  The relays will not be able to ask for AUTH, nor do any kind of rate limits to protect from DoS (other than IP limits, which are flawed and hurt the ToR).\n\nAUTH could be added in to the client, but it likely won't.  BUT if it did, then you could have say, per-device auth keys, or keys not tied to any nostr id, just that registration will be harder that way and the relay still cannot protect because it does not know which groups are what.  The addition of this complication makes it sound nearly impossible to add later.\n\nSo yeah, using auth with it.  Seems like a non-starter to me..  Designed like this on purpose.  A huge message broker free-for-all to read and write all groups.",
  "sig": "fcbfcc38c5312af484d3f232d338753d40e0a9438a37b2f9e1b9e7b7b2b5d2565b59f3fc75b95c823555377c2e8b2c17575a62a5ef5419cc0eb09acf288528e4"
}