JeffG
JeffG

Secure messaging on Nostr. Creator of Marmot protocol, MDK, and White Noise. Other stuff connoisseur. Also built Listr, Ostrich.work, Ontolo, Nostr.how.

Public Key

npub1zuuajd7u3sx8xu92yav9jwxpr839cs0kc3q6t56vd5u9q033xmhsk6c2uc

NIP-05 Address

jeffg.fyi

Profile Code

nprofile1qqspwwwexlwgcrrnwz4zwkze8rq3ncjug8mvgsd96dxx6wzs8ccndmcpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgt2xpyc

Publishing to

relay.primal.net

Author Public Key

npub1zuuajd7u3sx8xu92yav9jwxpr839cs0kc3q6t56vd5u9q033xmhsk6c2uc

Show more details

Last Notes

2025-11-04 16:49:09 UTC

Marmot dev call was 🔥 today.
It was our first time doing demos and holy shit, there is so much being worked on right now it breaks my brain!

2025-10-29 07:34:25 UTC

GM 🌞
https://www.therage.co/ai-passport-kyc-digital-id/
The thing that everyone who pushes for digital ID and "proof of personhood" fails to understand is that IT DOESN'T MATTER if you're a person or an AI agent. What matters is whether or not we can trust you.
Humans have built up very complex internal heuristics for dealing with strangers but we've, so far, done a terrible job of modeling and enabling those mechanisms in a digital world.
Identity and content linked by cryptography can help fix this.
Giving the state unchecked surveillance powers does not fix anything.

2025-10-20 10:22:48 UTC

Good to know that your doorbell camera is now a general purpose surveillance device.
They can now use our private property against us without even asking permission.
https://arstechnica.com/gadgets/2025/10/ring-cameras-are-about-to-get-increasingly-chummy-with-law-enforcement/

2025-10-02 20:36:17 UTC

There’s something in the air that is making me feel like we could teleport way higher any minute…

2025-10-02 12:40:17 UTC

- reply

What do you get when you cross Messaging Layer Security with Nostr's decentralized network? A Marmot. 🦫
Introducing Marmot: Marmot is an evolution of NIP-EE into a full protocol with modular specs for optional features. Built for the future of secure messaging!
We're also excited to announce MDK (Marmot Development Kit) - a standalone Rust library following the BDK/LDK model.
Check out the blog post for more details! ⚡
📄 Protocol: github.com/parres-hq/marmot
🦀 MDK: github.com/parres-hq/mdk
#naddr1qv…cvnl

2025-10-02 07:22:15 UTC

Anyone know of a NIP (or proposal) for pinning content in communities or chats? #askNostr

2025-09-28 15:57:43 UTC

@nprofile…f5tq why is njump so slow. I thought it was static pages and should be super fast?

2025-09-28 10:09:44 UTC

GM 🌞
Bring back this version of the web.
http://www.catb.org/~esr/

2025-09-26 14:45:01 UTC

I'm so glad I'm too busy writing software to have any time to participate in the shit show that is Luke and Knots.
And, notwithstanding all the FUD and panic, my transactions are still being confirmed without anyone's permission at the sweet sweet rate of 1 sat/vbyte.

2025-09-26 12:00:19 UTC

- reply

Rights are exercised, not granted.
What a clown show 🤡

2025-09-25 08:36:33 UTC

- reply

Fuck paper bitcoin summer, this is supply chain attack summer.

2025-09-24 19:04:08 UTC

Yes... the Italian Ministry of the Interior's website has operating hours. 🙄
https://blossom.primal.net/8473cba4959b5cfe377a2c6243dd1c1aec61a49f979e79bf7c36e3d3f0a1a836.png

2025-09-24 11:31:19 UTC

Put on headphones, close your eyes, and zone out for the next 20 minutes listening to this absolute masterpiece.
https://open.spotify.com/track/7c5jtxhYT13kUepkDL9nTv?si=7d975b364a6a4040

2025-09-24 07:02:14 UTC

- reply

😂 why so salty?

2025-09-24 06:40:58 UTC

GM 🌞
Keep building.

2025-09-23 20:07:38 UTC

- reply

Strange - looks like the app tried to rotate my key package at some point today and succeeded in deleting the current one but not publishing the replacement 😂
I just published another manually. Give it a shot.

2025-09-23 15:17:35 UTC

- reply

@nprofile…9puf v 0.1.4 is out on iOS and Android.
This was a big one, with a huge backend refactor all a lot of core components of the app. The result? Way more reliable group creation and messaging.
As always, thanks to everyone who's using it and sending us feedback. 🙏
Get it now on @nprofile…uvay, on Github, and on iOS TestFlight.
#nevent1q…0spp

2025-09-23 09:14:33 UTC

- reply

If this is you, you haven’t understood bitcoin well enough.
#nevent1q…szze

2025-09-21 18:47:40 UTC

- reply

The thing about trespassing in the south…

2025-09-21 08:57:49 UTC

- reply

BCN has the best street art.

2025-09-21 08:56:19 UTC

If you can keep your head when all about you
Are losing theirs and blaming it on you,
If you can trust yourself when all men doubt you,
But make allowance for their doubting too;
If you can wait and not be tired by waiting,
Or being lied about, don’t deal in lies,
Or being hated, don’t give way to hating,
And yet don’t look too good, nor talk too wise:
If you can dream—and not make dreams your master;
If you can think—and not make thoughts your aim;
If you can meet with Triumph and Disaster
And treat those two impostors just the same;
If you can bear to hear the truth you’ve spoken
Twisted by knaves to make a trap for fools,
Or watch the things you gave your life to, broken,
And stoop and build ’em up with worn-out tools:
If you can make one heap of all your winnings
And risk it on one turn of pitch-and-toss,
And lose, and start again at your beginnings
And never breathe a word about your loss;
If you can force your heart and nerve and sinew
To serve your turn long after they are gone,
And so hold on when there is nothing in you
Except the Will which says to them: ‘Hold on!’
If you can talk with crowds and keep your virtue,
Or walk with Kings—nor lose the common touch,
If neither foes nor loving friends can hurt you,
If all men count with you, but none too much;
If you can fill the unforgiving minute
With sixty seconds’ worth of distance run,
Yours is the Earth and everything that’s in it,
And—which is more—you’ll be a Man, my son!
If —Rudyard Kipling

2025-09-20 11:39:55 UTC

Honestly? This sounds pretty amazing.
https://blossom.primal.net/469930c760ae0c189269bfc07ad89825fee67d6c4b414404e128fdefa28b8028.jpg

2025-09-16 13:17:20 UTC

“The harder the government squeezes on the internet, the faster and more effectively people will get around it.”
– @nprofile…6ssr
Life finds a way.

2025-09-16 09:44:40 UTC

Good art makes you uncomfortable.
Massive Attack are legends.
https://www.gadgetreview.com/massive-attack-turns-concert-into-facial-recognition-surveillance-experiment

2025-09-16 09:39:35 UTC

Just replace any mention of “digital assets” or “cryptocurrencies” in this article with “curtains” and “whispers” and you will get a sense of the level of control they want and the absurd lengths they’ll go to ensure that you are not free.
https://www.therage.co/us-government-to-bring-patriot-act-to-digital-assets/

2025-09-16 00:15:14 UTC

- reply

Podcasting. It’s about podcasting.

2025-09-12 13:04:02 UTC

- reply

GM 🌞
I had a great (and wide-ranging) chat with @nprofile…7985 on the Free Cities Podcast recently. Check it out!
#nevent1q…py2a

2025-09-09 09:58:12 UTC

- reply

You need to have MLS storage involved somehow. It's a requirement of the OpenMLS implementation of the MLS protocol. So instead of having many different storage implementations out there that do things differently, I went the direction of putting more into the nostr-mls library and being more opinionated about how it should be done.
The reason for this is that if any NIP-EE implementation gets any part of the spec wrong, it can ruin the security guarantees of the groups the person participates in. It also means that we can standardize things like E2EE media storage and other features that all messengers are going to need to do.
Two options I can see.
1. We can create a separate crate that is an extremely limited and lightweight implementation of NIP-EE (plus other things) that uses OpenMLS (so uses their storage adapters) but doesn't try and have an opinion about how your app should store data and would probably be lower level about how it processes commits, messages, etc.
2. We might be able to use features in the current nostr-mls crates so that devs could turn on or off functionality based on what they want. This would make the crates A LOT more complicated but might be worth it long-term.
I'd love to hear your thoughts on those (and if you can think of other options, happy to hear those too). It would be great to make sure that we end up with lots of interoperable clients.

2025-09-09 08:23:08 UTC

@nprofile…w70s Just had a look at the new XChat app. Looks cool, but it sucks that it's running your own fork of the nostr-mls crate and you've made a bunch of changes that break interoperability between different MLS clients.
I would have loved to have you contributing and working more closely with us on changes so our apps would have remained interoperable.

2025-09-05 09:47:26 UTC

Turtles, all the way down.
https://blossom.primal.net/34c11561bf5b62ab3eadbc02e88463f1a9bdbc6d0136d2f96fd6b9db430a649d.jpg

2025-09-05 07:01:03 UTC

- reply

Erosion. That’s how they win.
Don’t give them an inch.
Stack bitcoin by offering goods and services. Spend bitcoin on things you need. Their points of control can be meaningless.
It’s your choice.
#nevent1q…9f3r

2025-09-05 06:57:33 UTC

GM #spxm 🌞
https://blossom.primal.net/523c1bac0e5cf92a041245a4b2361518433fd70886ac347b5a5f1e7dcb2f7073.jpg

2025-09-03 15:45:54 UTC

- reply

Websocket request limit in node defaults to 1GB, but most server implementations limit to something like 1-16MB. All of which would still work for very large filters. I'm just wondering if anyone has direct experiences with relays blocking for a REQ that was too large.

2025-09-03 13:37:12 UTC

@nprofile…8d3u @nprofile…6jvy @nprofile…x4fv
Do you guys know of any upward limit on the size of filters? E.g. how many pub keys can I reference in one filter? I’ve never hit any limits before just curious if you all have see anything.

2025-09-02 09:37:29 UTC

GM 🌞
Touch sand.
https://blossom.primal.net/cbd809d4245ab395234435a09e192ba1b8333135a79d8c121b4518dd2c03a7e2.jpg

2025-08-31 14:11:41 UTC

I find it tremendously ironic that the invention of the welfare state, ostensibly to help those in need, has effectively destroyed our sense of community duty and care for our neighbors.
It’s allowed us to convince ourselves that it’s “not our job” to look after each other like we used to.
People love to argue that without the state those in need would be left behind. I staunchly believe this to be untrue and downright patronizing. Most people, most of the time, are fundamentally good and generous.

2025-08-31 12:47:53 UTC

- reply

For what? Context?

2025-08-31 12:43:55 UTC

@nprofile…8gtd I'm interested in getting a rug. What's the process?

2025-08-30 10:57:49 UTC

- reply

The trains even have hot desks now too.
https://blossom.primal.net/9be15a9ad55695abab72f82b2d44386e6a660c2563820a3a5959cd10322af2f9.jpg
#nevent1q…wl83

2025-08-30 10:25:04 UTC

If you haven’t read @nprofile…n3f8 ‘s book Building Nostr yet, you should. It’s very well written and does a great job of giving new builders (of all types, not just devs) the base they need to “build it right”.
https://building-nostr.coracle.social/

2025-08-30 09:29:50 UTC

- reply

“Building software is hard”. It’s doubly hard when you’re building in a decentralized context and inventing new protocols at the same time.
I feel so much gratitude and respect for all our early users (that’s you all!) and all the feedback and understanding they’ve given us.
As they say; if you aren’t embarrassed, you launched too late. Well, we didn’t launch too late. 😅
I’m looking forward to the next release. It’s going to be lit. 🔥
#nevent1q…jq3g

2025-08-30 08:31:27 UTC

GM 🌞
Train travel is exceptionally underrated. Air travel, by comparison, is barbaric.

2025-08-30 07:13:29 UTC

- reply

I am Jack’s distinct lack of surprise.
#nevent1q…tz47

2025-08-27 19:39:12 UTC

- reply

NIP-EE is official. 🤝
#nevent1q…l5wd

2025-08-26 14:11:25 UTC

Guys... I just got starlink and holy shit, my internet feels so fast.

2025-08-26 08:43:27 UTC

GM 🌞
I’m paying tribute to the gods of bureaucracy this morning by giving them too much of my time for something exceptionally unnecessary.

2025-08-25 22:01:26 UTC

- reply

😂 wat?

2025-08-25 21:56:23 UTC

- reply

telegram 😭
but ok. I will. right now tho. sleep.

2025-08-25 21:51:30 UTC

- reply

Your internet will be permissioned.
Unless you fight back...
#nevent1q…j8gq

2025-08-25 21:49:14 UTC

@nprofile…ehpa do you do tarot readings remotely? Or only in person?

2025-08-25 21:47:37 UTC

- reply

The best moment to pause...
https://blossom.primal.net/3a67b2061684e2bb05d8572471b32f2c424fd58475280e556f52825ad2d96c2b.png
#nevent1q…r77j

2025-08-25 21:40:31 UTC

- reply

The story of my life...
#nevent1q…fpr9

2025-08-25 14:24:18 UTC

Actively deciding what NOT to pay attention to is a superpower.
Even more so when many of those things are actually things you're genuinely interested in and have the ability to materially help.
I give myself a B-, at best. Who do you know who is phenomenal at this?

2025-08-24 09:44:52 UTC

GM 🌞
https://blossom.primal.net/abb7fbec7d83605a8e4f6231e1e5c59c6946ca99558b7a1efb777f5a18a68087.jpg

2025-08-24 06:50:24 UTC

- reply

My account on white noise is completely destroyed at the moment from all my testing. I’ll clean that up soon. In the meantime dm me here and we’ll connect via signal.

2025-08-22 07:04:34 UTC

- reply

GM 🌞
#nevent1q…l9gf

2025-08-21 11:18:30 UTC

They're coming for your information anon. They're coming for your privacy anon.
https://www.piratewires.com/p/wikipedia-loses-major-eu-speech-battle

2025-08-20 16:38:58 UTC

- reply

😘

2025-08-20 16:31:38 UTC

Ooh, I just had a call about something super fun with two giga brains that has the potential to make Nostr overall so much more private...
https://blossom.primal.net/4528f92737520473d1cf6d60756a2e04a05b87083b19b3014d486bb64752b98d.gif

2025-08-20 09:40:20 UTC

- reply

😳 Big boy

2025-08-20 09:23:22 UTC

GM psychopaths 🌞

2025-08-19 16:14:24 UTC

- reply

That’s the story here too. Cuts in the services every single year. But somehow higher costs.

2025-08-19 13:49:59 UTC

Yup. For someone to take home €36k in Italy, the employer has to lay out €88k.
I wonder why small businesses here are dying? 🤔
https://blossom.primal.net/2557dfb8a6a8a19fa8e2e3473abf02141b227b87dcd6d3dbe3aae4f62c26e8b2.jpg

2025-08-19 12:24:48 UTC

- reply

Yes. in the end, my issue was solved by good old fashioned manual debugging. 🤷‍♂️

2025-08-19 11:42:54 UTC

- reply

hahaha

2025-08-19 11:34:41 UTC

- reply

No one likes a smart ass @nprofile…h36r

2025-08-19 11:31:44 UTC

https://blossom.primal.net/bf31eb6ab1920ed5c3dfb8e08e3abd00550cfb54de8910aaa0cb324eebd5dda7.png

2025-08-19 08:32:07 UTC

- reply

Yup. That's spot on.

2025-08-19 08:31:27 UTC

Every time I touch JS (and especially bundlers) I'm reminded of what an incredible pain in the ass the entire ecosystem is.
I'm never going to use a JS framework for a new project again. And while I'm at it, fuck it maybe I'll never use Typescript again either.
Either use an actually typed language (Rust), use something enjoyable (Ruby), or at a push, write some plain vanilla JS.

2025-08-19 06:46:43 UTC

GM 🌞
Most people don't think that very large services can just disappear overnight...
I am obsessed with this idea though. Just think about what it would mean to wake up and hear that the US govt. has raided and shutdown Signal and arrested their CEO, Meredith, for aiding terrorists. It's an idea that's getting less and less far-fetched.
https://www.theguardian.com/world/2025/aug/13/russia-clamps-down-on-whatsapp-and-telegram-over-data-sharing

2025-08-18 19:34:08 UTC

- reply

Oh, so that’s how those work? 😂

2025-08-18 12:29:37 UTC

The slides for a recent Black Hat talk on vulnerability in many nostr clients is up.
https://i.blackhat.com/BH-USA-25/Presentations/USA-25-Kimura-Not-Sealed-Practical-Attacks-on-Nostr.pdf
I haven't had a chance to read through it completely yet but seems like most, if not all, of what they lay out are known issues and things we've all been working to fix for a while now. 🤷‍♂️

2025-08-18 08:08:46 UTC

GM 🌞
My talk from @nprofile…5flv Privacy Edition in Riga is up. In addition to the shameless self-promotion, I'll say that the BTC++ events are the best events in Bitcoin right now if you're a dev. Highly technical, very chill, extremely well run, and just plain fun.
If you've never been, now is the time. @nprofile…cn9n is doing events everywhere this year. There is bound to be one close to you.
https://www.youtube.com/live/mvuWLob3CFU?si=nTkFixmGTTPyzUYt&t=4306

2025-08-17 19:34:45 UTC

- reply

One can try

2025-08-17 16:46:22 UTC

GM 🌞 remember to touch grass.
https://blossom.primal.net/9fcff60608c582c8c68a784845ac9c4dee5443a49587a0f5f45e3624fc34438b.jpg

2025-08-14 15:14:39 UTC

- reply

administrative oversight 😂

2025-08-14 03:25:11 UTC

The lawyers are getting quicker and quicker at shutting down legit projects based on rumors, news, and yet to be established case law.
The state doesn’t even need to regulate when they have the monopolies on board. 😞
https://www.therage.co/google-play-store-ban-wallets/

2025-08-14 03:19:54 UTC

GM to a beautiful dawn 🌅
It’s been real Riga, but I’m very excited to be heading home today.

2025-08-13 12:50:41 UTC

- reply

We were actually talking about this yesterday in the team. Short answer; maybe? But we're not going to look at it right now.
Make the thing work, then make it work better.

2025-08-13 07:35:37 UTC

- reply

Can you explain that last point a bit more? I'm not sure what you're saying there.

2025-08-13 07:25:56 UTC

- reply

Thanks. Yeah - I saw (and appreciated) the footnote.

2025-08-13 06:55:01 UTC

- reply

trust me bro.
jk. It means that MLS over nostr is better than any centralized MLS implementation can be. and that we already know about the other issues that he surfaced and have a plan on how to mitigate them.

2025-08-13 06:39:33 UTC

- reply

Very pretty. Bet it sounds even better. Would love to see it with knurled aluminium or brass knobs.

2025-08-13 06:25:06 UTC

- reply

No, it's definitely not. We cover this pretty well already actually and it's easy to improve on it in the future.
#nevent1q…unky

2025-08-13 06:23:13 UTC

- reply

Nope, the entire nostr network is our authentication service.

2025-08-13 06:22:42 UTC

- reply

For those wondering about my thoughts on @nprofile…6fpr 's latest article about MLS. tl;dr - I think it's pretty balanced and describes something that we (and the MLS folks) have known from the start. If you have a centralized identity/authentication service telling you who is who, you are trusting them with a pretty important part of the system.
As he points out, NIP-EE (the spec about how to use MLS on Nostr) and, by extension, White Noise doesn't have the authentication service problem because Nostr is our AS. We use pubkeys for identity in groups and you're trusting the key package events signed by those keys when you're adding someone to a group. ✅
In general, this is an issue for other MLS implementations though. The authentication service is a "trusted" third party, with all the trappings.
AFAICT, the "participation privacy" question is about relays being able to see what groups you're in via the group ID values you're requesting events for.
There are two points to make here. First, relays can see what group IDs a given IP address is requesting events for. I believe that we have mitigated this pretty well since we're using random (and rotating) identifier(s) for each group (yes, by design, a single group have more than one visible ID value at a time). Obviously, this is also mitigated by using a VPN or Tor to make requests to relays. We don't yet but White Noise will eventually break up these requests into lots of different reqs/subscriptions (probably done over Tor or something similar) to help here.
One thing that he didn't mention but is worth talking about; relays see events with a given "h" tag (the group ID I talked about above). Practically, this means that watching a given group ID value gives relays some idea of the relative amount of activity for a given group. Critically though, they can't see the number or identities of it's members, since all those messages are published via ephemeral keys. It's just a relative amount of activity (at least until the group rotates it's group ID).
Happy to answer more questions from folks on the article or on MLS.
#nevent1q…dzp2

2025-08-13 06:02:13 UTC

- reply

So - we don't have the AS issue because Nostr is our AS. We use pubkeys verify authenticity and you're trusting the key package events signed by those keys when you're adding someone to a group.
AFAICT, the participation privacy question is about relays being able to see what groups you're in by seeing what group IDs you're requesting. I believe that we've mitigated this pretty well since we're using random (and rotating) identifier(s) for each group (yes, it can be more than one).
We also want to eventually break up the requests into lots of different reqs/subscriptions (probably done over Tor or something similar) to further obfuscate this info.

2025-08-13 05:53:26 UTC

- reply

We don't have an "Authentication service" that issues and verifies a user's identity. We use nostr pubkeys for identity.
I also think that we avoid the "participation privacy" issue that he mentions in the article but want to clarify what he means with him before claiming anything. 😉

2025-08-12 06:39:19 UTC

GM GM 🌞
Heading to record a podcast now. What should I focus on?

2025-08-09 12:31:34 UTC

TIL the UN convention on Cybercrime was proposed by Russia and, surprise surprise, is full of vague definitions and extreme overreach.

2025-08-09 08:04:14 UTC

- reply

Oh yeah? I hadn’t seen that until this morning when I tried to turn off this shit for a family group.

2025-08-09 06:38:03 UTC

GM 🌞
Notice how WhatsApp bundles the AI spyware with the completely reasonable “save media” features in a group.
Way lower chance of people turning it off.
Product design used against you.
https://blossom.primal.net/d21c340dcecff939cd45190bc7f06dbd8f6e6660b185f73dffde218b142bfa86.png

2025-08-08 16:00:53 UTC

Working closely with other devs on meaningful projects is peak experience.

2025-08-08 14:22:18 UTC

I love when a plan comes together.

2025-08-07 13:54:31 UTC

- reply

Definitely!

2025-08-07 13:54:11 UTC

- reply

They’ve been doing that for years.

2025-08-07 07:58:25 UTC

- reply

Title is now different. 😂

2025-08-07 07:55:21 UTC

- reply

🫂🫠

2025-08-07 07:54:12 UTC

GM Riga and GM @npub1dwa…7c52 privacy edition! 🏴‍☠️

2025-08-06 10:49:28 UTC

You know you're about to read a good book when page 1 looks like this!
https://blossom.primal.net/4be64a5c486ae50a6a43ac71427d5c4de1fc40d66ee183a9af42e9687948e1f1.png