NIP-29: Simple Groups #566
Conversation
fiatjaf
force-pushed
the
simple-chat-groups
branch
3 times, most recently
from
ac63c7d
to
5549a7f
Compare
|
I'm still reading this NIP. But I found this written: "relays will use NIP-42 AUTH messages to control who can read from it". Can we first "fix" NIP-42 while it is not widespread? By "fix I mean |
fiatjaf
force-pushed
the
simple-chat-groups
branch
from
5549a7f
to
b99bd47
Compare
|
It seems relay owner is the only one who can create a group (39000 metadata) and set its admins (39001). So one willing to own a group has to spin up a relay for this. Wouldn't it be better if there was an event for the user client to ask to be the owner of a group (so get all the roles, maybe also needs Well, we could use the same metadata event for this. If a metadata for the channel path doesn't exist yet, the relay uses it's pubkey to create the metadata copied from the user event and also applies all the roles to him with a 39001 event. So the first user to claim ownership, gets it. |
|
Yes, I thought about something like that (users can create groups by sending metadata events to the relays), but for now I'm leaving it open. If people want to implement it that way we can add to the NIP, but in my mind it is working by relays having a page where you can go and fill a dumb form or something like that, then your group gets created and you are made the admin. Once that group exists you can create subgroups by sending commands ( There is a moderation event tag for editing the group metadata already -- but these are just suggestions at this point, made to illustrate how this could work. |
|
I'm surprised to see this NIP, as we went down a similar path for a group chat application and noted a few requirements and challenges that needed to be addressed. @Egge7 and I are glad to work on this, adding content and even creating a reference app to see how it works. Here are my initial thoughts on the differences and improvements. We can debate and add/update the NIP. The main requirement is the ability to move the group from one relay to another with the click of a button. For example, I started the "pizza.com/flavors" group today. I reached 50 members, and everyone is talking about ice cream and not pizza anymore. The pizza.com relay says I need to get off the pizza.com relay. I should be able to set up my own or go to icecream.com/flavors, stream all historical events, metadata from pizza.com, and notify members to start using the new one. A non-technical group admin should be able to do this. To achieve the above, we used a single metadata event based on NIP-51 lists to store group info and user info, like combining 39000 and 39001. This is a replaceable event, so every user added or removed will trigger a new event signed by the relay. There are only 2 user roles: Admin - who can do everything, and User - who can only read and write. In the future, the relay can enforce rules such as requiring admin majority to change the group name or other fine-grained access. However, this is out of scope for this NIP. Event kind 9000 is good and that is how users and admin request changes. When a 9000 event is received by relay it will either create a new 39000 to replace the old one or reject back to the user with a message. There are only 2 types of groups: Paid or Free. You pay the relay to first register and perform NIP-42 AUTH into the relay. Then, you see the list of groups and join a group if you wish. Your pubkey needs to be in the 39000 event of that group as a user or admin to see all the posts and write to it. Subgroups like /flavors/pepperoni will not have their own users and roles. They will inherit them from /flavors. They are mainly used as filters within the group. Group names are unique within a relay. Admin/group creation flow: Goto relay webpage. User flow Click on nostr: link and it will open the relay registration page. If the user pubkey is already registered then it can NIP-42 Auth and provide the list of all groups. Out of scope Private groups where the group members are not visible to outside world |
|
we're using nip-28 for public and optionally authenticated group chat, which basically does the same thing. except it doesn't say to use 1 relay. that's up to the user. i see no reason not to leave that as-is. i think nostr-chat uses nip-28 too. maybe this should just be a small modification of nip28 (recommend auth, say you can use 1 relay)? |
|
Unclear why this is separate from NIP28 which already handles public (non-encrypted) multi-user chat channels. Group membership can easily be added as optional kinds using kinds 45-49 which had previously been reserved for extending 28 and which are still available. Having two non-encrypted chat NIPs seems duplicative and confusing. Ideally any new group chat NIP would be an encrypted group chat NIP. |
|
I think the issue is not with Kind numbers. I think we need both NIP28 & 29. NIP28 is open to all multi-relay groups without permissions while NIP29 is moderated open or closed groups with group user tracking. Since we need to track add/remove users we need a kind in the 30000--39999 for Parameterized Replaceable Events
Since the kind numbers are different they won't be duplicative. Clients can even support both at the same time. |
|
This is not about adding new features. The approaches are completely different. NIP-28 is explicitly designed for purely client-side state management, while this is about delegating everything to the relay. From this small change many others ensue in a way that compatibility isn't possible. I've thought a lot about fitting this into NIP-28, but ultimately decided it isn't possible. |
|
@fiatjaf did you see my blog post this morning? I am now of the opinion that all the features to make groups already exist and this NIP is redundant. That's not to say my idea is the correct one, but @pablof7z seems to be thinking along the same lines. Certain things in this NIP are red flags for me, particularly the group admins bit where you re-define a bunch of functionality that already exists for an individual pubkey. I.e. |
|
I see on nostr telegram group that people are pointing out the fact that NIP-28 could be updated to have all these features. They aren't wrong. Admins sending actions like The "difference" is that the relay account is always online but, if you think about it, nothing prevents NIP-28 chat owner account to be always online using a client that will automatically act on the same above mentioned actions. The |
The difference is that the relay can actually enforce the moderation actions. How can a client prevent others from sending messages to a relay that doesn't care, for example? Yes, your authorized pubkey deletion tag came to my mind too, but why would people voluntarily give deletion rights to their posts to others? Most people don't want to have their stuff deleted. Even if you could come up with a way to make it work (well, you can, like NIP-28, just filter everything on the client side) it would be complicated and slow. |
|
@staab I think you are coming from a different place. These ideas you mention are good for actually distributed/decentralized environments. But chat groups are very centralized by nature, so this NIP is an attempt to embrace that and make it into a feature. |
The chat client should load just chat messages that contain the tag ['!', <chat_owner_pubkey>]. So if user send messages without that tag, they will not show up to anyone using said client. |
|
Asked my pal Claude to revise NIP-28 to incorporate ideas from 29. Not perfect, but directionally accurate?
In this case 28 would cover all public (non-encrypted) chat, encompassing client-centric and relay-authoritative models, and 29 we could use for "simple encrypted group chat" (draft NIP in a day or two) |
|
@ArcadeCityMayor your proposal there seems to be just to take whatever is in NIP-29 and shove into NIP-28. |
|
see https://github.com/ArcadeLabsInc/arcade/wiki/NIP-112:-Encrypted-Group-Chat for metadata clean encrypted group chat using NIP44, NIP28, NIP59, and optional "forward secrecy" this is the model we're using and the app is live and seems to work pretty well trusting a single relay seems like it isn't nostr . it's something else |
Sure. NIP-28 already enables "simple group chat", so if there's a feature like relay-authoritative channel membership worth adding, it seems appropriate to extend the existing chat NIP than create a separate one. If there's a good argument for a new separate NIP, I'd like to hear it. |
|
Over the weekend I started modifying nostream relay code base to support this NIP-29 to see how it is working. Instead of simply debating which one is better, I prefer DIY. I noted down few changes to make it easier and simple to implement. Here's the summary
{
"kind": 39001,
"content": "",
"tags": [
["d", "/flavors"],
["p", "<pubkey1-as-hex>", "role1", "role2"...],
["p", "<pubkey2-as-hex>", "role1", "role2"...]
]
...
}
[ "p", "<pubkey1-as-hex>", "role1", "role2"...],"pubkey1-as-hex" and "role 1" are mandatory
{
"kind": 9000,
"content": "action description and/or reason",
"tags": [
["g", "/flavors", "pizza.com"],
["action", "add", "<pubkey-to-add>", "user"],
["action", "remove", "<pubkey-to-remove>"],
["action", "change", "<pubkey-to-remove>", "admin"], //change user role
["action", "change", "name", "Iceream lovers"], //if name need to change
["action", "change", "picture", "https://pizza.com/pizza2.png"],
,
]
}
{
"kind": 39000,
"content": "a nip-29 chat group for debating pizza flavors and other topics",
"tags": [
["d", "/flavors"],
["name", "Pizza Lovers"],
["picture", "https://pizza.com/pizza.png"],
["read", "public" | "private"], //default public
["write", "closed" | "open"], //default closed
]
...
}All changes are documented here as well. |
|
yes, centralized systems are often easier to build quickly and maintain. |
What if we can have best of both worlds.? Relay authority model will mimic centralized systems but since it is at the protocol level, you can easily pack and move to a different relay or host your own? |
|
Regarding Would it be completly absurd asking for this behavior becoming generic (a separate NIP) so that other NIPs such as NIP-172 and NIP-28 could use it? This way there is no need for encrypted chats complexity for something not so serious (?) like private facebook-like groups or live stream chats. Like all chat related events that want supporting relay to whitelist reading using a list of user pubkeys and NIP-42(or 43 xD) could add a {
"kind": 9, // just chat related subset of kinds?
"content": "hello my friends lovers of pizza",
"tags": [
["g", "/flavors", "pizza.com"],
["private", "39001:pubkey:d-id"] // consider just the "p" tags from this parameterized event
]
...
}Then specialized chat client would read a |
fiatjaf
force-pushed
the
simple-chat-groups
branch
from
107bddd
to
188f398
Compare
|
Who is implementing this? I need to test my code. |
|
https://groups.fiatjaf.com/ is a public relay. @pablof7z and @lovvtide are working on separate implementations, but I think they haven't released them yet. |
Mine is released, just unannounced but it's live and working but you gotta pay to join 😂 |
I don't understand why are we creating new groups outside of the Nostr? (through REST API calls) |
we could do that, but I don't think it's necessarily better. |
|
Are you referring to the rest thing on the relay29 implementation? I don't do those API calls and I'm against them, I just create the group when the owner says they want to add a member (e.g. themselves) |
|
what is obvious is that at first we need a reasonable way to create the group, then we can do other moderation stuff. |
If I'm not mistaken relay29 creates a group when the relay owner publishes a group metadata event or a group admins event, something like that.
An HTML form on a web page is not "rest".
Nor is it an API. The thing is that I don't want some automated way for any random person to create a group on my relay, I want the friction of having them go to the web page and click (which, I grant you, is not a lot of friction nor something that can't be automated). If someone wants to host a relay that anyone can create a group in then yes, we can have an event for that. I think allowing anyone to publish a group metadata to inaugurate a group is more than enough. Or what Pablo does with groups that centered on user pubkeys. |
E.g. If a user sends an |
|
I'm a bit of a beginner so I may be wrong, but I'm seeing a few issues with this nip as currently specified: relay keypair: This is introducing the concept of a relay keypair, doesn't seem to be part of any other nips. There isn't any way for clients to associate this keypair with the relay itself, so there's nothing for clients to verify this signature against. Interaction with unsupported relays: This nip is optional for relays to implement, but clients have no way to know if a relay supports nip29. If someone sends 9xxx events to a relay that doesn't support nip29, then clients will believe those are valid nip29 groups, when they are in fact not Centralization of event transmission: If someone sends an event (kind 9-11) with an h tag to a relay with no nip29 support, it will be passed on irregardless of the group membership rules. Clients subscribed to that relay may get that event if it incidentally matches any related filters, such as a filter for kind 11 from a particular user. So a client may receive the kind 11 event even though it was never checked. How to fork a group: This nip calls for a way for a group to be forkable to a different relay while keeping history, but I'm not sure how this is supposed to work. Each kind 11 has the h tag pointing to the original group id, so I don't see any way for them to be associated with a new group. |
https://github.com/nostr-protocol/nips/blob/simple-chat-groups/29.md