Nostr, short for Notes and Other Stuff Transmitted by Relay, is a decentralized social protocol built on Bitcoin cryptography. Created by developer Fiatjaff in March 2020, it has attracted Bitcoin technologists, privacy advocates like Edward Snowden, and Jack Dorsey. The core promise is simple: your identity and followers belong to you, not to a platform.
Unlike Twitter or Meta, Nostr users control a private key (nsec) and public address (npub) that work like Bitcoin wallet credentials. Post something, sign it with your nsec, and relays (decentralized servers) distribute it. Switch apps or platforms tomorrow, authenticate with the same key, and your followers, content history, and social graph come with you. The algorithm, the feed, the experience—you choose which app or relay serves it to you.
The Bitcoin onboarding funnel
The protocol has spawned dozens of specialized apps. Primal operates as a Twitter-like feed. Tunestr lets musicians accept Bitcoin donations (called "zaps") over the Lightning Network during live performances. Wavlake and Divine serve music and video niches. The Zapstore, curated by developer Franzaps, hosts over 150 Nostr-native apps plus links to roughly 3,000 open-source applications from GitHub—Mullvad VPN, Brave browser, and others. According to Franzaps, Zapstore sees around 4,000 daily active users, with half installing or updating at least one app.
Bitcoin Magazine reports that Nostr has become a recruitment tool at meetups and conferences. Newcomers join Primal, post content, earn sats from tips, and "tumble down the Bitcoin rabbit hole." The frictionless tip-to-earn loop via Lightning creates a direct pipeline from social participation to self-custody.
The identity trap
Nostr's security model is also its weakness. There is no password reset. There is no account recovery. If your nsec leaks or your device is compromised, an attacker gains permanent control of your identity. The hacker can post as you, modify your profile, and you have no way to migrate to a new key. Your old identity and reputation vanish.
One mitigation has emerged: remote signers like Amber, built by developer Greenart7c3. These apps generate and store your nsec offline, then sign Nostr events remotely without exposing the key to every website you visit. Bitcoin Magazine reports Amber has seen "wide adoption," though exact numbers are not public.
But Amber is optional, not default. Most users still paste their nsec into web clients, or rely on browser extensions that hold the key in memory. The security burden is entirely on the user. Nostr's model assumes constant cryptographic discipline from people who may be new to self-custody.
The web of trust trade-off
Zapstore verifies app authenticity using Nostr social proof rather than developer ID. If a developer like Zeus Wallet signs their apps with their Nostr key, and people you follow have interacted with them, you get probabilistic assurance the app is legitimate. This mirrors the traditional "web of trust" security model from PGP.
It is a clever solution to the gatekeeping problem—Apple and Google vet apps; Nostr lets communities vouch for them instead. But it requires you to know who to trust, and it scales more smoothly for small, tight-knit communities than for mainstream audiences shopping blindly.
Nostr is not just a social network. It is an information protocol that can move any data between any two endpoints. Apps can talk through relays without a central intermediary. That generality is powerful for privacy-conscious users and developers, but it also means Nostr is still niche, still beta, and still heavily weighted toward Bitcoin enthusiasts who understand key management.