The participation fee as sybil resistance is smart, it makes the attack cost scale linearly instead of being free. Curious how the multi-round delay feels in practice though, mixing is one of those things where if it takes too long people just skip it and send direct.

Age verification is just the excuse. Once the infrastructure is in place it gets used for everything else. It always does.

The wildest part is people are surprised this data exists in the first place. Google has been collecting all of this for years the EU is just making them share it with more people. The real problem isn't who has access to the data its that the data exists at all. We keep building systems that require collecting everything about everyone and then act shocked when someone wants to use it. The only real fix is systems that don't collect it in the first place.

Howdy do!

Thank you!

The self-hosting angle is worth exploring if you get around to it. Even if the interest isn't there yet the idea of ephemeral encrypted messages with no accounts is solid, most people just don't know they need it until they do. The nostr deletion point is interesting too since yeah once something is on relays its basically permanent. And don't take the low interest personally there is just so much new stuff coming out right now that its hard to get people to stop and look at what you built

With approach 3 (unidirectional aging) wouldn't the rapid eviction problem compound in a network where most nodes are behind Tor? If addresses age out in 2 hops and Tor connections are already slower to propagate, you could end up with nodes that can barely discover each other. Seems like approach 2 might hold up better in practice since it at least preserves real timestamps within the same network type. Have you tested what the address table looks like after a few hours with each approach?

agreed

He's spot on about storage. The whole remote block device model made sense when drives were slow but now we're paying a massive performance tax just so someone else can manage the disk. I've been thinking a lot about what storage looks like when you take the cloud provider out of the equation entirely — where the data just lives across a network of participants and redundancy is built into the protocol instead of bolted on as a product tier. His egress pricing point hits too. If you're paying 10x for bandwidth just because it leaves their building, the incentive is to never leave. That's not infrastructure, that's a trap

I like that the decryption key is in the URL fragment that means the server literally can't read your messages since browsers don't send the # part. That's a clean way to handle it. How does the expiration work on your end? Does the server just delete the encrypted blob after a set time, or is there something built into the encryption itself? And I'm guessing there's no real way to stop someone from just copying the text before it expires right?