Sign up to save your podcasts
Or
Share Nostr Compass #17
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Nostr Compass #17
### News
- **00:00 Intro**
- **00:12 Amethyst ships Arti Tor, merges pure Kotlin MLS and Marmot**
[Amethyst](https://github.com/vitorpamplona/amethyst) shipped four releases from [v1.07.3](https://github.com/vitorpamplona/amethyst/releases/tag/v1.07.3) through [v1.08.0](https://github.com/vitorpamplona/amethyst/releases/tag/v1.08.0). The headline is v1.08.0 "Arti Tor," which migrates Tor connectivity from C bindings to [Arti](https://gitlab.torproject.org/tpo/core/arti), the Tor Project's Rust rewrite, fixing random crashes. v1.07.3 redesigned the Shorts UI with edge-to-edge feeds for pictures, shorts, and long videos, and migrated badges to kind `10008` and bookmarks to kind `10003`. On main but not yet tagged, the team merged a full Kotlin implementation of both [MLS](/en/topics/mls/) and [Marmot](/en/topics/marmot/) ([PR #2147](https://github.com/vitorpamplona/amethyst/pull/2147), [PR #2149](https://github.com/vitorpamplona/amethyst/pull/2149), [PR #2150](https://github.com/vitorpamplona/amethyst/pull/2150)), plus a pure Kotlin secp256k1 implementation ([PR #2166](https://github.com/vitorpamplona/amethyst/pull/2166)) replacing C library dependencies. Together these make [Quartz](/en/topics/quartz/) capable of running Nostr signing and Marmot group messaging without any native bindings, unlocking Kotlin Multiplatform targets including iOS.
- **10:28 Nostur v1.27.0 adds video recording and private replies**
[Nostur](https://github.com/nostur-com/nostur-ios-public) shipped [v1.27.0](https://github.com/nostur-com/nostur-ios-public/releases/tag/v1.27.0) with in-app video recording and trim-before-upload, animated GIF and WebP support for profile and banner photos, Apple Shortcuts integration for posting from automations, private replies, and DM compatibility fixes affecting message delivery between Nostur and other clients.
- **11:33 Shosho v0.15.0 launches Shows and vertical video carousel**
[Shosho](https://github.com/r0d8lsh0p/shosho-releases) shipped [v0.15.0](https://github.com/r0d8lsh0p/shosho-releases/releases/tag/v0.15.0) and [v0.15.1](https://github.com/r0d8lsh0p/shosho-releases/releases/tag/v0.15.1). Shows let streamers configure titles, descriptions, and products before going live and connect to OBS or any external encoder, separating stream metadata from the act of broadcasting. The release also adds a TikTok-style vertical video carousel for swiping through lives, clips, and replays, and Quick Add for publishing clips from a profile page. v0.15.1 fixes the keyboard hiding live chat input.
### Releases
- **12:55 Notedeck v0.10.0-beta ships Zapstore self-update**
[Notedeck](https://github.com/damus-io/notedeck) shipped [v0.10.0-beta.1](https://github.com/damus-io/notedeck/releases/tag/v0.10.0-beta.1) and [v0.10.0-beta.2](https://github.com/damus-io/notedeck/releases/tag/v0.10.0-beta.2). [PR #1417](https://github.com/damus-io/notedeck/pull/1417) adds APK self-update via the Nostr/Zapstore updater on Android: the client discovers new releases through Nostr events, downloads the APK from the developer's chosen host, verifies the SHA-256 hash against the signed Nostr event, and installs it.
- **17:43 Amber v6.0.0-pre1 adds per-connection NIP-46 signing keys**
[Amber](https://github.com/greenart7c3/Amber) shipped [v6.0.0-pre1](https://github.com/greenart7c3/Amber/releases/tag/v6.0.0-pre1). The key change is per-connection signing keys for the [NIP-46](/en/topics/nip-46/) bunker protocol: Amber now generates a distinct key per connected client, so a compromised client connection cannot impersonate the signer to other clients. [PR #377](https://github.com/greenart7c3/Amber/pull/377) adds in-app Zapstore update checking and installation. [PR #375](https://github.com/greenart7c3/Amber/pull/375) handles AndroidKeyStore failures gracefully with a warning instead of a crash. [PR #371](https://github.com/greenart7c3/Amber/pull/371) adds database cleanup with size limits to prevent unbounded storage growth.
- **24:02 Nostria ships native mobile app**
[Nostria](https://github.com/nostria-app/nostria) released a native mobile app for Android across eight releases from [v3.1.11](https://github.com/nostria-app/nostria/releases/tag/v3.1.11) through [v3.1.18](https://github.com/nostria-app/nostria/releases/tag/v3.1.18). The key addition is native local signer support for [Amber](https://github.com/greenart7c3/Amber) and Aegis. [PR #610](https://github.com/nostria-app/nostria/pull/610) reduces feed memory pressure with adaptive runtime limits and preview URL cleanup. Desktop installers for Linux, macOS, and Windows are also available. The Android app is on [Zapstore](https://zapstore.dev/apps/app.nostria).
- **30:16 diVine 1.0.8 ships resumable uploads and DMs**
[diVine](https://github.com/divinevideo/divine-mobile) shipped [1.0.8](https://github.com/divinevideo/divine-mobile/releases/tag/1.0.8) with 87 merged PRs. Resumable uploads let creators pick up interrupted uploads chunk by chunk instead of restarting. The release adds video quality and bitrate settings, double-tap to like, DM improvements, a macOS camera plugin ([PR #2722](https://github.com/divinevideo/divine-mobile/pull/2722)), and a BLoC-based notification system with enrichment and grouping ([PR #2820](https://github.com/divinevideo/divine-mobile/pull/2820)).
- **31:34 Manent v1.3.0 adds sensitive note blurring and NIP-42 auth**
[Manent](https://github.com/dtonon/manent) shipped [v1.3.0](https://github.com/dtonon/manent/releases/tag/v1.3.0). Users can mark notes as sensitive to blur them in the list view. The release also adds [NIP-42](/en/topics/nip-42/) (Authentication of Clients to Relays) support, expanding the set of relays Manent can use for encrypted storage.
- **32:44 Wisp v0.17.0 through v0.17.3 add live stream zaps and wallet backup**
[Wisp](https://github.com/barrydeen/wisp) shipped six releases from [v0.16.2-beta](https://github.com/barrydeen/wisp/releases/tag/v0.16.2-beta) through [v0.17.3-beta](https://github.com/barrydeen/wisp/releases/tag/v0.17.3-beta) with 44 merged PRs. v0.17.0 adds wallet backup safety prompts. [v0.17.1](https://github.com/barrydeen/wisp/releases/tag/v0.17.1-beta) adds live stream chat visibility across platforms and live stream zap functionality. [PR #423](https://github.com/barrydeen/wisp/pull/423) adds auto-search profiles and a zap success animation. [PR #426](https://github.com/barrydeen/wisp/pull/426) fixes an out-of-memory crash in `computeId` for events with large tag lists.
- **33:31 Mostro ships deep links, Nostr exchange rates, and a duplicate payment fix**
[Mostro](https://github.com/MostroP2P/mostro) fixed [PR #692](https://github.com/MostroP2P/mostro/pull/692) preventing stale order writes from causing duplicate payments (a bug that could pay a seller twice for the same trade). [Mostro Mobile](https://github.com/MostroP2P/mobile) shipped [v1.2.3](https://github.com/MostroP2P/mobile/releases/tag/v1.2.3) with deep link handling across different Mostro instances, Nostr-sourced exchange rates with HTTP fallback, background detection of admin and dispute DMs ([PR #498](https://github.com/MostroP2P/mobile/pull/498)), and a relay connection blocking fix ([PR #560](https://github.com/MostroP2P/mobile/pull/560)).
- **36:55 Unfiltered v1.0.12 adds hashtags and comments**
[Unfiltered](https://github.com/dmcarrington/unfiltered) shipped [v1.0.12](https://github.com/dmcarrington/unfiltered/releases/tag/v1.0.12) adding hashtag support ([PR #69](https://github.com/dmcarrington/unfiltered/pull/69)), the ability to write and display comments ([PR #72](https://github.com/dmcarrington/unfiltered/pull/72)), and a fix for multi-image post navigation ([PR #71](https://github.com/dmcarrington/unfiltered/pull/71)).
- **37:21 Primal Android ships wallet multi-account sharing and remote signer auto-reconnect**
[Primal Android](https://github.com/PrimalHQ/primal-android-app) shipped with wallet multi-account sharing, an overflow menu with wallet deletion in Dev Tools, remote signer auto-reconnect on drops, and wallet service auto-reconnect. Fixes include poll zap votes no longer appearing as Top Zaps, empty poll option crash prevention, and WalletException type mapping to NWC error codes.
- **38:20 Titan v0.1.0 launches native nsite:// browser with Bitcoin name registration**
[Titan](https://github.com/btcjt/titan) shipped [v0.1.0](https://github.com/btcjt/titan/releases/tag/v0.1.0), a native desktop browser for the Nostr web. It resolves `nsite://` URLs by looking up human-readable names registered on Bitcoin, querying Nostr relays for content events, and rendering pages fetched from [Blossom](/en/topics/blossom/) servers. No DNS, no TLS certificates, no hosting providers. Names are registered through a web interface tied to Bitcoin transactions. Ships as a macOS `.dmg` with Nix dev environment support.
- **42:52 Bikel v1.5.0 ships native foreground service for de-Googled phones**
[Bikel](https://github.com/Mnpezz/bikel) shipped [v1.5.0](https://github.com/Mnpezz/bikel/releases/tag/v1.5.0), migrating from GMS-dependent Expo TaskManager to a custom native foreground service for reliable background ride tracking on LineageOS, GrapheneOS, and other de-Googled Android variants. The Bikel Bot gained dual-pocket architecture with autonomous eCash collection via Cashu nutzaps.
- **44:26 Sprout adds NIP-01, NIP-23, and NIP-33 support**
[Sprout](https://github.com/block/sprout), Block's communication platform with a built-in Nostr relay, shipped [desktop/v0.1.0-rc7](https://github.com/block/sprout/releases/tag/desktop/v0.1.0-rc7) adding [NIP-23](/en/topics/nip-23/) long-form content, [NIP-33](/en/topics/nip-33/) parameterized replaceable events with `d`-tag keyed replacement, and [NIP-01](/en/topics/nip-01/)/[NIP-02](/en/topics/nip-02/) kind `1` notes and kind `3` follow lists. The release also adds an adaptive IDE theme system with 54 themes.
- **46:16 mesh-llm v0.56.0 ships distributed config protocol**
[mesh-llm](https://github.com/michaelneale/mesh-llm) shipped [v0.56.0](https://github.com/michaelneale/mesh-llm/releases/tag/v0.56.0) with a distributed config protocol with ownership semantics, asymmetric KV cache quantization (Q8_0 keys with Q4 values) for reduced memory, OS keychain storage for identity keystores, and smooth chat streaming with message queuing. The project uses Nostr keypairs for node identity in a distributed LLM inference mesh.
- **48:03 Nostr VPN ships exit node support and Umbrel packaging**
[Nostr VPN](https://github.com/mmalmi/nostr-vpn) shipped six releases from [v0.3.0](https://github.com/mmalmi/nostr-vpn/releases/tag/v0.3.0) through [v0.3.6](https://github.com/mmalmi/nostr-vpn/releases/tag/v0.3.6). The v0.3.x cycle adds exit node support on Windows and macOS, invite and alias propagation synced over Nostr, Umbrel packaging for self-hosted deployment, NAT punch-through using remembered public endpoints, macOS self-healing default routes, and an Android build via Tauri. The project also published a protocol specification.
- **49:49 Nymchat reverts Marmot, ships enhanced NIP-17 group chats**
[Nymchat](https://github.com/Spl0itable/NYM) shipped 14 releases from [v3.56.261](https://github.com/Spl0itable/NYM/releases/tag/3.56.261) through [v3.58.274](https://github.com/Spl0itable/NYM/releases/tag/v3.58.274). After adding Marmot MLS group chats in v3.57, [v3.58.268](https://github.com/Spl0itable/NYM/releases/tag/v3.58.268) reverted to [NIP-17](/en/topics/nip-17/) because Marmot's multi-device support is unfinished, causing group state sync issues. v3.58.271 introduces enhanced NIP-17 group chats with rotating ephemeral keys per message to prevent timing and correlation attacks. A friend system with granular settings controls ([v3.58.262](https://github.com/Spl0itable/NYM/releases/tag/v3.58.262)) and multiple relay connectivity fixes also shipped.
- **52:28 nak v0.19.5 adds Blossom multi-server and outbox publishing**
[nak](https://github.com/fiatjaf/nak) shipped [v0.19.5](https://github.com/fiatjaf/nak/releases/tag/v0.19.5). The `blossom` command now accepts multiple `--server` flags for uploading to several [Blossom](/en/topics/blossom/) servers in one call. A new `key` command expands partial keys by left-padding with zeroes. The `event` command gains `--outbox` for outbox-model publishing, and `fetch` exits with an error code when no event is returned.
### Project Updates
- **54:07 White Noise adds thumbhash previews and push registration bridge**
[White Noise](https://github.com/marmot-protocol/whitenoise) merged five PRs. [PR #549](https://github.com/marmot-protocol/whitenoise/pull/549) replaces blurhash image previews with thumbhash (sharper placeholders at under 30 bytes, with blurhash as fallback). [PR #548](https://github.com/marmot-protocol/whitenoise/pull/548) adds the [MIP-05](/en/topics/mip-05/) push registration bridge connecting the push notification spec to the client. [PR #493](https://github.com/marmot-protocol/whitenoise/pull/493) adds cursor-based pagination for chat messages.
- **55:29 Route96 adds dynamic label configuration and zero-egress cleanup**
[Route96](https://github.com/v0l/route96) merged [PR #80](https://github.com/v0l/route96/pull/80) for dynamic label model configuration via the admin API, [PR #82](https://github.com/v0l/route96/pull/82) adding label config fields to the admin UI, and [PR #79](https://github.com/v0l/route96/pull/79) adding a zero-egress file cleanup policy that automatically removes files never downloaded.
- **56:17 Snort ships security hardening and DVM payment invoices**
[Snort](https://github.com/v0l/snort) shipped two releases with a comprehensive security audit: real Schnorr signature verification, [NIP-46](/en/topics/nip-46/) relay message forgery protection, PIN encryption improvements, and removal of unverified NIP-26 delegation trust. Performance improvements include batched WASM signature verification, lazy-loaded routes, and pre-compiled translations. [PR #618](https://github.com/v0l/snort/pull/618) adds [NIP-90](/en/topics/nip-90/) kind `7000` payment-required invoice display so DVM payment requests render as Lightning invoices in the feed.
- **57:42 Damus improves LMDB compaction**
[Damus](https://github.com/damus-io/damus) merged [PR #3719](https://github.com/damus-io/damus/pull/3719) adding automatic LMDB compaction on a schedule, preventing the local database from growing unbounded. [PR #3663](https://github.com/damus-io/damus/pull/3663) improves the BlurOverlayView appearance.
- **01:00:28 Captain's Log adds tag indexing and note sync**
[Captain's Log](https://github.com/nodetec/captains-log) (Comet) merged four PRs adding tag indexing and sync across notes ([PR #156](https://github.com/nodetec/captains-log/pull/156)), refactoring note sync and tag handling ([PR #157](https://github.com/nodetec/captains-log/pull/157)), and fixing trashed note sync so deleted notes stay deleted across devices ([PR #159](https://github.com/nodetec/captains-log/pull/159)).
- **01:01:11 Relatr v0.2.x redesigns plugin system with Nostr-native validator marketplace**
[Relatr](https://github.com/ContextVM/relatr), a [Web of Trust](/en/topics/web-of-trust/) scoring engine, shipped the v0.2.x family with a complete plugin system redesign. Validators are now written in Elo, a portable functional expression language with multi-step host-orchestrated capabilities (Nostr queries, social graph lookups, NIP-05 resolution). Plugins are published as kind `765` Nostr events. A new [plugin marketplace](https://relatr.net) lets operators discover, install, and weight validators from the browser. The architecture is sandboxed: plugins can only invoke capabilities the host explicitly provides.
- **01:03:11 Shopstr improves mobile navigation and access control**
[Shopstr](https://github.com/shopstr-eng/shopstr) pushed 158 commits across its main app and [Milk Market](https://github.com/shopstr-eng/milk-market). Fixes include mobile community layout, menu close-on-navigation, and dropdown auto-close. Protected routes now block direct URL access without authentication, and slug matching logic handles multiple exact matches correctly.
- **01:03:52 Pollerama adds notifications, movie search, and rating UI**
[Pollerama](https://github.com/formstr-hq/nostr-polls) added thread notifications, a movie search feature, a rating UI overhaul, feed loading fixes, and dependency bumps.
- **01:04:17 Purser builds Nostr-native payment daemon with Marmot encryption**
[Purser](https://github.com/EthnTuttle/purser), a Nostr-native payment daemon designed as a Zaprite replacement, merged nine PRs building out core architecture. The project uses [Marmot](/en/topics/marmot/) MLS via MDK for encrypted merchant-customer messaging with Strike and Square as payment providers. This week landed config and catalog loading, message schema validation, the MDK communication layer, Strike and Square provider implementations, a polling engine, anti-spam rate limiting, and the order processing pipeline. All 99 tests now exercise real mdk-core MLS operations.
- **01:05:48 Vector refactors DM attachments and adds profile editing**
[Vector](https://github.com/VectorPrivacy/Vector) merged [PR #55](https://github.com/VectorPrivacy/Vector/pull/55) moving DM attachment decryption and saving to the vector-core library, adding profile editing support, and properly wiring the upload cancel flag through TauriSendCallback.
### NIP Updates
- **01:06:26 NIP-58 (Badges): Profile Badges move to kind 10008, Badge Sets to kind 30008 ([PR #2276](https://github.com/nostr-protocol/nips/pull/2276)) — Merged**
[NIP-58](/en/topics/nip-58/) defines badge awards and profile badge display on Nostr. Previously, Profile Badges (the list a user displays) used kind `30008`, the same kind as Badge definitions (parameterized replaceable events keyed by a `d` tag). This created ambiguity. The merged PR migrates Profile Badges to kind `10008`, a simple replaceable event with one per pubkey and no `d` tag needed, while kind `30008` is repurposed for Badge Sets (curated collections of badge definitions). Clients now query a single replaceable event per user for their displayed badges rather than scanning parameterized replaceable events. Amethyst v1.07.3 already ships this migration.
- **01:07:35 NIP-34 (Git Stuff): Add git-related follow lists ([PR #2130](https://github.com/nostr-protocol/nips/pull/2130)) — Merged**
[NIP-34](/en/topics/nip-34/) defines how to host git repositories on Nostr using kind `30617` repository announcements. This merged PR adds follow list conventions for repository and issue tracking: users publish kind `30000` follow sets with `d` tags like `git-repos` or `git-issues` containing `a` tag references to repositories they want to track. Clients can subscribe to these follow sets to show repository activity in a user's feed, working the same way kind `3` contact lists work for pubkeys. This closes a gap where there was no Nostr-native way to follow repository activity without subscribing to a specific relay.
- **01:08:22 NIP-AC: P2P Voice and Video Calls over WebRTC ([PR #2301](https://github.com/nostr-protocol/nips/pull/2301)) — Open**
[NIP-AC](/en/topics/nip-ac/) expands the original NIP-100 (already implemented by 0xChat) with three changes: migration to [NIP-44](/en/topics/nip-44/) encryption wrapped in [NIP-59](/en/topics/nip-59/) gift wraps to eliminate metadata leaks, a specified WebRTC workflow for call setup (offer, answer, ICE candidates), and a mesh group call model where each peer establishes a direct WebRTC connection to every other peer. The new spec is not backwards-compatible with NIP-100. Amethyst is actively building against it, with a call state machine test suite ([PR #2143](https://github.com/vitorpamplona/amethyst/pull/2143)) and stale call offer handling ([PR #2164](https://github.com/vitorpamplona/amethyst/pull/2164)) already merged this week.
- **01:09:38 NIP-340 (FROST Quorum) ([PR #2299](https://github.com/nostr-protocol/nips/pull/2299)) — Open**
[NIP-340](/en/topics/nip-340/) proposes conventions for [FROST](/en/topics/frost/) (Flexible Round-Optimized Schnorr Threshold) signing on Nostr. FROST lets a group of signers collectively control a Nostr identity where any t-of-n members can sign events without reconstructing the full private key. Signing rounds are coordinated, key shares are distributed, and threshold-signed events are published using the conventions defined in the NIP. This builds on the Igloo iOS signer work from the [FROSTR project](/en/newsletters/2026-04-01-newsletter/#igloo-signer-11) and addresses custody and security use cases where no single device should hold a complete key.
- **01:10:41 NIP-5D (Nostr Web Applets) ([PR #2303](https://github.com/nostr-protocol/nips/pull/2303)) — Open**
[NIP-5D](/en/topics/nip-5d/) defines a `postMessage` protocol for sandboxed web applications ("napplets") running in iframes to communicate with a hosting application ("shell"). The shell provides the napplet with Nostr signing, relay access, and user context through a structured message API, while the iframe sandbox prevents direct key access. This extends the static website hosting model from [NIP-5A](/en/topics/nip-5a/) toward interactive applications that can read and write Nostr events: where NIP-5A serves a page, NIP-5D runs a program. A working runtime implementation accompanies the proposal.
- **01:12:08 NIP-5C (Scrolls) ([PR #2281](https://github.com/nostr-protocol/nips/pull/2281)) — Open**
[NIP-5C](/en/topics/nip-5c/) (renamed from the earlier NIP-A5 proposal) defines conventions for publishing and discovering WebAssembly programs on Nostr. WASM binaries are stored as Nostr events on relays, and clients can download and execute them in a sandboxed runtime. Scrolls are self-contained programs that turn Nostr into a distribution network for executable code. A [demo app](https://nprogram.netlify.app/) shows scrolls running in-browser, with example programs published as Nostr events that any client can fetch and execute. The concept extends NIP-5A from serving HTML to running interactive programs across the same relay infrastructure.
- **01:13:14 NIP-85 (Trusted Assertions): Clarifications ([PR #2304](https://github.com/nostr-protocol/nips/pull/2304)) — Open**
[NIP-85](/en/topics/nip-85/) defines a model for trusted assertions where service providers attest to facts about users. This PR tightens the specification language around multiple keys and relays per service provider, clarifying how clients should handle assertions from providers that operate across several pubkeys or relay endpoints. The changes address ambiguity in the current spec that leads to inconsistent client implementations.
- **01:13:42 NIP-24 (Extra Metadata Fields): published_at for replaceable events ([PR #2300](https://github.com/nostr-protocol/nips/pull/2300)) — Open**
[NIP-24](/en/topics/nip-24/) defines extra metadata fields for Nostr events. This PR generalizes the `published_at` tag from [NIP-23](/en/topics/nip-23/) long-form content to all replaceable and addressable events. The tag is display-only: if `published_at` equals `created_at`, the event was created at that time; if they differ (because the event was updated), clients can show both a creation and an update timestamp. This lets kind `0` profiles display "joined at" dates and all replaceable events preserve their original publication timestamp across updates. A companion [NIP-51](/en/topics/nip-51/) proposal ([PR #2302](https://github.com/nostr-protocol/nips/pull/2302)) adds the same tag to list events.
- **01:15:47 NIP-59 (Gift Wrap): Ephemeral gift wrap kind ([PR #2245](https://github.com/nostr-protocol/nips/pull/2245)) — Open**
[NIP-59](/en/topics/nip-59/) defines the gift wrap protocol used by [NIP-17](/en/topics/nip-17/) private DMs and other metadata-protecting applications. The existing kind `1059` gift wrap is a regular event that relays are expected to store. This PR adds kind `21059` as an ephemeral counterpart: relays are not expected to store ephemeral events and may discard them after delivery. This lets applications send gift-wrapped messages that disappear from relays once delivered, reducing storage requirements for high-volume or transient messaging while keeping the same three-layer encryption model as regular NIP-17 DMs.
- **01:16:35 OpenSats announces sixteenth wave of Nostr grants**
[OpenSats](https://opensats.org) announced its [sixteenth wave of Nostr grants](https://opensats.org/blog/sixteenth-wave-of-nostr-grants) on April 8 with four first-time grants and one renewal. [Amethyst Desktop](https://github.com/vitorpamplona/amethyst/tree/main/desktopApp) receives funding for contributor Robert Nagy to build a standalone desktop app on the [Quartz](/en/topics/quartz/) and Commons modules. [Nostr Mail](https://github.com/nogringo/nostr-mail) receives funding to build an email system using kind `1301` events in [NIP-59](/en/topics/nip-59/) gift wraps with an SMTP bridge. [Nostrord](https://github.com/Nostrord/nostrord) receives funding for a Kotlin Multiplatform [NIP-29](/en/topics/nip-29/) client with Discord-style moderation. [Nurunuru](https://github.com/tami1A84/null--nostr) receives funding for a native iOS Japanese-focused client with passkey biometric login. HAMSTR receives a renewal grant.
### NIP Deep Dives
- **01:17:48 NIP Deep Dive: NIP-17 (Private Direct Messages)**
[NIP-17](https://github.com/nostr-protocol/nips/blob/master/17.md) replaces [NIP-04](/en/topics/nip-04/) as the standard for private DMs on Nostr, using [NIP-44](/en/topics/nip-44/) encryption with [NIP-59](/en/topics/nip-59/) gift wrap in a three-layer system. The innermost layer is an unsigned kind `14` message (the "rumor") providing limited deniability. The kind `13` seal is signed by the real sender and NIP-44-encrypted to the recipient, with no tags to avoid revealing the recipient if decrypted alone. The outermost kind `1059` gift wrap is signed by a random throwaway key with a randomized timestamp up to two days in the past, so relays see only an anonymous event addressed to the recipient. NIP-17 does not provide forward secrecy: all messages use the static Nostr keypair, so a compromised nsec decrypts all past and future messages. Kind `10050` events publish a user's preferred DM relay list for delivery routing. Implementations include Amethyst, Primal, Nostur, Damus, noStrudel, Coracle, Flotilla, and nospeak.
- **01:26:23 NIP Deep Dive: NIP-46 (Nostr Remote Signing)**
[NIP-46](https://github.com/nostr-protocol/nips/blob/master/46.md) separates the private key from the client application. The user runs a remote signer ("bunker") that holds the key and responds to signing requests over Nostr relays using kind `24133` events encrypted with [NIP-44](/en/topics/nip-44/). A client generates a disposable session keypair and sends JSON-RPC-like requests: `connect`, `sign_event`, `get_public_key`, `ping`, `nip04_encrypt`, `nip04_decrypt`, `nip44_encrypt`, `nip44_decrypt`, and `switch_relays`. Clients request specific capabilities at connection time through a permission string (`sign_event:1,nip44_encrypt`). Connections are initiated by either side: `bunker://` URLs from signers, `nostrconnect://` URLs from clients, with a `secret` parameter preventing spoofing. Amber v6.0.0-pre1 adds per-connection signing keys so each client gets an isolated key. [nsec.app](https://github.com/nicktee/nsecapp) provides a web-based bunker. Auth challenges via `auth_url` handle cases where the signer needs a password, biometric, or hardware token before approving a request.
View all episodes
By Nostr Compass### News
- **00:00 Intro**
- **00:12 Amethyst ships Arti Tor, merges pure Kotlin MLS and Marmot**
[Amethyst](https://github.com/vitorpamplona/amethyst) shipped four releases from [v1.07.3](https://github.com/vitorpamplona/amethyst/releases/tag/v1.07.3) through [v1.08.0](https://github.com/vitorpamplona/amethyst/releases/tag/v1.08.0). The headline is v1.08.0 "Arti Tor," which migrates Tor connectivity from C bindings to [Arti](https://gitlab.torproject.org/tpo/core/arti), the Tor Project's Rust rewrite, fixing random crashes. v1.07.3 redesigned the Shorts UI with edge-to-edge feeds for pictures, shorts, and long videos, and migrated badges to kind `10008` and bookmarks to kind `10003`. On main but not yet tagged, the team merged a full Kotlin implementation of both [MLS](/en/topics/mls/) and [Marmot](/en/topics/marmot/) ([PR #2147](https://github.com/vitorpamplona/amethyst/pull/2147), [PR #2149](https://github.com/vitorpamplona/amethyst/pull/2149), [PR #2150](https://github.com/vitorpamplona/amethyst/pull/2150)), plus a pure Kotlin secp256k1 implementation ([PR #2166](https://github.com/vitorpamplona/amethyst/pull/2166)) replacing C library dependencies. Together these make [Quartz](/en/topics/quartz/) capable of running Nostr signing and Marmot group messaging without any native bindings, unlocking Kotlin Multiplatform targets including iOS.
- **10:28 Nostur v1.27.0 adds video recording and private replies**
[Nostur](https://github.com/nostur-com/nostur-ios-public) shipped [v1.27.0](https://github.com/nostur-com/nostur-ios-public/releases/tag/v1.27.0) with in-app video recording and trim-before-upload, animated GIF and WebP support for profile and banner photos, Apple Shortcuts integration for posting from automations, private replies, and DM compatibility fixes affecting message delivery between Nostur and other clients.
- **11:33 Shosho v0.15.0 launches Shows and vertical video carousel**
[Shosho](https://github.com/r0d8lsh0p/shosho-releases) shipped [v0.15.0](https://github.com/r0d8lsh0p/shosho-releases/releases/tag/v0.15.0) and [v0.15.1](https://github.com/r0d8lsh0p/shosho-releases/releases/tag/v0.15.1). Shows let streamers configure titles, descriptions, and products before going live and connect to OBS or any external encoder, separating stream metadata from the act of broadcasting. The release also adds a TikTok-style vertical video carousel for swiping through lives, clips, and replays, and Quick Add for publishing clips from a profile page. v0.15.1 fixes the keyboard hiding live chat input.
### Releases
- **12:55 Notedeck v0.10.0-beta ships Zapstore self-update**
[Notedeck](https://github.com/damus-io/notedeck) shipped [v0.10.0-beta.1](https://github.com/damus-io/notedeck/releases/tag/v0.10.0-beta.1) and [v0.10.0-beta.2](https://github.com/damus-io/notedeck/releases/tag/v0.10.0-beta.2). [PR #1417](https://github.com/damus-io/notedeck/pull/1417) adds APK self-update via the Nostr/Zapstore updater on Android: the client discovers new releases through Nostr events, downloads the APK from the developer's chosen host, verifies the SHA-256 hash against the signed Nostr event, and installs it.
- **17:43 Amber v6.0.0-pre1 adds per-connection NIP-46 signing keys**
[Amber](https://github.com/greenart7c3/Amber) shipped [v6.0.0-pre1](https://github.com/greenart7c3/Amber/releases/tag/v6.0.0-pre1). The key change is per-connection signing keys for the [NIP-46](/en/topics/nip-46/) bunker protocol: Amber now generates a distinct key per connected client, so a compromised client connection cannot impersonate the signer to other clients. [PR #377](https://github.com/greenart7c3/Amber/pull/377) adds in-app Zapstore update checking and installation. [PR #375](https://github.com/greenart7c3/Amber/pull/375) handles AndroidKeyStore failures gracefully with a warning instead of a crash. [PR #371](https://github.com/greenart7c3/Amber/pull/371) adds database cleanup with size limits to prevent unbounded storage growth.
- **24:02 Nostria ships native mobile app**
[Nostria](https://github.com/nostria-app/nostria) released a native mobile app for Android across eight releases from [v3.1.11](https://github.com/nostria-app/nostria/releases/tag/v3.1.11) through [v3.1.18](https://github.com/nostria-app/nostria/releases/tag/v3.1.18). The key addition is native local signer support for [Amber](https://github.com/greenart7c3/Amber) and Aegis. [PR #610](https://github.com/nostria-app/nostria/pull/610) reduces feed memory pressure with adaptive runtime limits and preview URL cleanup. Desktop installers for Linux, macOS, and Windows are also available. The Android app is on [Zapstore](https://zapstore.dev/apps/app.nostria).
- **30:16 diVine 1.0.8 ships resumable uploads and DMs**
[diVine](https://github.com/divinevideo/divine-mobile) shipped [1.0.8](https://github.com/divinevideo/divine-mobile/releases/tag/1.0.8) with 87 merged PRs. Resumable uploads let creators pick up interrupted uploads chunk by chunk instead of restarting. The release adds video quality and bitrate settings, double-tap to like, DM improvements, a macOS camera plugin ([PR #2722](https://github.com/divinevideo/divine-mobile/pull/2722)), and a BLoC-based notification system with enrichment and grouping ([PR #2820](https://github.com/divinevideo/divine-mobile/pull/2820)).
- **31:34 Manent v1.3.0 adds sensitive note blurring and NIP-42 auth**
[Manent](https://github.com/dtonon/manent) shipped [v1.3.0](https://github.com/dtonon/manent/releases/tag/v1.3.0). Users can mark notes as sensitive to blur them in the list view. The release also adds [NIP-42](/en/topics/nip-42/) (Authentication of Clients to Relays) support, expanding the set of relays Manent can use for encrypted storage.
- **32:44 Wisp v0.17.0 through v0.17.3 add live stream zaps and wallet backup**
[Wisp](https://github.com/barrydeen/wisp) shipped six releases from [v0.16.2-beta](https://github.com/barrydeen/wisp/releases/tag/v0.16.2-beta) through [v0.17.3-beta](https://github.com/barrydeen/wisp/releases/tag/v0.17.3-beta) with 44 merged PRs. v0.17.0 adds wallet backup safety prompts. [v0.17.1](https://github.com/barrydeen/wisp/releases/tag/v0.17.1-beta) adds live stream chat visibility across platforms and live stream zap functionality. [PR #423](https://github.com/barrydeen/wisp/pull/423) adds auto-search profiles and a zap success animation. [PR #426](https://github.com/barrydeen/wisp/pull/426) fixes an out-of-memory crash in `computeId` for events with large tag lists.
- **33:31 Mostro ships deep links, Nostr exchange rates, and a duplicate payment fix**
[Mostro](https://github.com/MostroP2P/mostro) fixed [PR #692](https://github.com/MostroP2P/mostro/pull/692) preventing stale order writes from causing duplicate payments (a bug that could pay a seller twice for the same trade). [Mostro Mobile](https://github.com/MostroP2P/mobile) shipped [v1.2.3](https://github.com/MostroP2P/mobile/releases/tag/v1.2.3) with deep link handling across different Mostro instances, Nostr-sourced exchange rates with HTTP fallback, background detection of admin and dispute DMs ([PR #498](https://github.com/MostroP2P/mobile/pull/498)), and a relay connection blocking fix ([PR #560](https://github.com/MostroP2P/mobile/pull/560)).
- **36:55 Unfiltered v1.0.12 adds hashtags and comments**
[Unfiltered](https://github.com/dmcarrington/unfiltered) shipped [v1.0.12](https://github.com/dmcarrington/unfiltered/releases/tag/v1.0.12) adding hashtag support ([PR #69](https://github.com/dmcarrington/unfiltered/pull/69)), the ability to write and display comments ([PR #72](https://github.com/dmcarrington/unfiltered/pull/72)), and a fix for multi-image post navigation ([PR #71](https://github.com/dmcarrington/unfiltered/pull/71)).
- **37:21 Primal Android ships wallet multi-account sharing and remote signer auto-reconnect**
[Primal Android](https://github.com/PrimalHQ/primal-android-app) shipped with wallet multi-account sharing, an overflow menu with wallet deletion in Dev Tools, remote signer auto-reconnect on drops, and wallet service auto-reconnect. Fixes include poll zap votes no longer appearing as Top Zaps, empty poll option crash prevention, and WalletException type mapping to NWC error codes.
- **38:20 Titan v0.1.0 launches native nsite:// browser with Bitcoin name registration**
[Titan](https://github.com/btcjt/titan) shipped [v0.1.0](https://github.com/btcjt/titan/releases/tag/v0.1.0), a native desktop browser for the Nostr web. It resolves `nsite://` URLs by looking up human-readable names registered on Bitcoin, querying Nostr relays for content events, and rendering pages fetched from [Blossom](/en/topics/blossom/) servers. No DNS, no TLS certificates, no hosting providers. Names are registered through a web interface tied to Bitcoin transactions. Ships as a macOS `.dmg` with Nix dev environment support.
- **42:52 Bikel v1.5.0 ships native foreground service for de-Googled phones**
[Bikel](https://github.com/Mnpezz/bikel) shipped [v1.5.0](https://github.com/Mnpezz/bikel/releases/tag/v1.5.0), migrating from GMS-dependent Expo TaskManager to a custom native foreground service for reliable background ride tracking on LineageOS, GrapheneOS, and other de-Googled Android variants. The Bikel Bot gained dual-pocket architecture with autonomous eCash collection via Cashu nutzaps.
- **44:26 Sprout adds NIP-01, NIP-23, and NIP-33 support**
[Sprout](https://github.com/block/sprout), Block's communication platform with a built-in Nostr relay, shipped [desktop/v0.1.0-rc7](https://github.com/block/sprout/releases/tag/desktop/v0.1.0-rc7) adding [NIP-23](/en/topics/nip-23/) long-form content, [NIP-33](/en/topics/nip-33/) parameterized replaceable events with `d`-tag keyed replacement, and [NIP-01](/en/topics/nip-01/)/[NIP-02](/en/topics/nip-02/) kind `1` notes and kind `3` follow lists. The release also adds an adaptive IDE theme system with 54 themes.
- **46:16 mesh-llm v0.56.0 ships distributed config protocol**
[mesh-llm](https://github.com/michaelneale/mesh-llm) shipped [v0.56.0](https://github.com/michaelneale/mesh-llm/releases/tag/v0.56.0) with a distributed config protocol with ownership semantics, asymmetric KV cache quantization (Q8_0 keys with Q4 values) for reduced memory, OS keychain storage for identity keystores, and smooth chat streaming with message queuing. The project uses Nostr keypairs for node identity in a distributed LLM inference mesh.
- **48:03 Nostr VPN ships exit node support and Umbrel packaging**
[Nostr VPN](https://github.com/mmalmi/nostr-vpn) shipped six releases from [v0.3.0](https://github.com/mmalmi/nostr-vpn/releases/tag/v0.3.0) through [v0.3.6](https://github.com/mmalmi/nostr-vpn/releases/tag/v0.3.6). The v0.3.x cycle adds exit node support on Windows and macOS, invite and alias propagation synced over Nostr, Umbrel packaging for self-hosted deployment, NAT punch-through using remembered public endpoints, macOS self-healing default routes, and an Android build via Tauri. The project also published a protocol specification.
- **49:49 Nymchat reverts Marmot, ships enhanced NIP-17 group chats**
[Nymchat](https://github.com/Spl0itable/NYM) shipped 14 releases from [v3.56.261](https://github.com/Spl0itable/NYM/releases/tag/3.56.261) through [v3.58.274](https://github.com/Spl0itable/NYM/releases/tag/v3.58.274). After adding Marmot MLS group chats in v3.57, [v3.58.268](https://github.com/Spl0itable/NYM/releases/tag/v3.58.268) reverted to [NIP-17](/en/topics/nip-17/) because Marmot's multi-device support is unfinished, causing group state sync issues. v3.58.271 introduces enhanced NIP-17 group chats with rotating ephemeral keys per message to prevent timing and correlation attacks. A friend system with granular settings controls ([v3.58.262](https://github.com/Spl0itable/NYM/releases/tag/v3.58.262)) and multiple relay connectivity fixes also shipped.
- **52:28 nak v0.19.5 adds Blossom multi-server and outbox publishing**
[nak](https://github.com/fiatjaf/nak) shipped [v0.19.5](https://github.com/fiatjaf/nak/releases/tag/v0.19.5). The `blossom` command now accepts multiple `--server` flags for uploading to several [Blossom](/en/topics/blossom/) servers in one call. A new `key` command expands partial keys by left-padding with zeroes. The `event` command gains `--outbox` for outbox-model publishing, and `fetch` exits with an error code when no event is returned.
### Project Updates
- **54:07 White Noise adds thumbhash previews and push registration bridge**
[White Noise](https://github.com/marmot-protocol/whitenoise) merged five PRs. [PR #549](https://github.com/marmot-protocol/whitenoise/pull/549) replaces blurhash image previews with thumbhash (sharper placeholders at under 30 bytes, with blurhash as fallback). [PR #548](https://github.com/marmot-protocol/whitenoise/pull/548) adds the [MIP-05](/en/topics/mip-05/) push registration bridge connecting the push notification spec to the client. [PR #493](https://github.com/marmot-protocol/whitenoise/pull/493) adds cursor-based pagination for chat messages.
- **55:29 Route96 adds dynamic label configuration and zero-egress cleanup**
[Route96](https://github.com/v0l/route96) merged [PR #80](https://github.com/v0l/route96/pull/80) for dynamic label model configuration via the admin API, [PR #82](https://github.com/v0l/route96/pull/82) adding label config fields to the admin UI, and [PR #79](https://github.com/v0l/route96/pull/79) adding a zero-egress file cleanup policy that automatically removes files never downloaded.
- **56:17 Snort ships security hardening and DVM payment invoices**
[Snort](https://github.com/v0l/snort) shipped two releases with a comprehensive security audit: real Schnorr signature verification, [NIP-46](/en/topics/nip-46/) relay message forgery protection, PIN encryption improvements, and removal of unverified NIP-26 delegation trust. Performance improvements include batched WASM signature verification, lazy-loaded routes, and pre-compiled translations. [PR #618](https://github.com/v0l/snort/pull/618) adds [NIP-90](/en/topics/nip-90/) kind `7000` payment-required invoice display so DVM payment requests render as Lightning invoices in the feed.
- **57:42 Damus improves LMDB compaction**
[Damus](https://github.com/damus-io/damus) merged [PR #3719](https://github.com/damus-io/damus/pull/3719) adding automatic LMDB compaction on a schedule, preventing the local database from growing unbounded. [PR #3663](https://github.com/damus-io/damus/pull/3663) improves the BlurOverlayView appearance.
- **01:00:28 Captain's Log adds tag indexing and note sync**
[Captain's Log](https://github.com/nodetec/captains-log) (Comet) merged four PRs adding tag indexing and sync across notes ([PR #156](https://github.com/nodetec/captains-log/pull/156)), refactoring note sync and tag handling ([PR #157](https://github.com/nodetec/captains-log/pull/157)), and fixing trashed note sync so deleted notes stay deleted across devices ([PR #159](https://github.com/nodetec/captains-log/pull/159)).
- **01:01:11 Relatr v0.2.x redesigns plugin system with Nostr-native validator marketplace**
[Relatr](https://github.com/ContextVM/relatr), a [Web of Trust](/en/topics/web-of-trust/) scoring engine, shipped the v0.2.x family with a complete plugin system redesign. Validators are now written in Elo, a portable functional expression language with multi-step host-orchestrated capabilities (Nostr queries, social graph lookups, NIP-05 resolution). Plugins are published as kind `765` Nostr events. A new [plugin marketplace](https://relatr.net) lets operators discover, install, and weight validators from the browser. The architecture is sandboxed: plugins can only invoke capabilities the host explicitly provides.
- **01:03:11 Shopstr improves mobile navigation and access control**
[Shopstr](https://github.com/shopstr-eng/shopstr) pushed 158 commits across its main app and [Milk Market](https://github.com/shopstr-eng/milk-market). Fixes include mobile community layout, menu close-on-navigation, and dropdown auto-close. Protected routes now block direct URL access without authentication, and slug matching logic handles multiple exact matches correctly.
- **01:03:52 Pollerama adds notifications, movie search, and rating UI**
[Pollerama](https://github.com/formstr-hq/nostr-polls) added thread notifications, a movie search feature, a rating UI overhaul, feed loading fixes, and dependency bumps.
- **01:04:17 Purser builds Nostr-native payment daemon with Marmot encryption**
[Purser](https://github.com/EthnTuttle/purser), a Nostr-native payment daemon designed as a Zaprite replacement, merged nine PRs building out core architecture. The project uses [Marmot](/en/topics/marmot/) MLS via MDK for encrypted merchant-customer messaging with Strike and Square as payment providers. This week landed config and catalog loading, message schema validation, the MDK communication layer, Strike and Square provider implementations, a polling engine, anti-spam rate limiting, and the order processing pipeline. All 99 tests now exercise real mdk-core MLS operations.
- **01:05:48 Vector refactors DM attachments and adds profile editing**
[Vector](https://github.com/VectorPrivacy/Vector) merged [PR #55](https://github.com/VectorPrivacy/Vector/pull/55) moving DM attachment decryption and saving to the vector-core library, adding profile editing support, and properly wiring the upload cancel flag through TauriSendCallback.
### NIP Updates
- **01:06:26 NIP-58 (Badges): Profile Badges move to kind 10008, Badge Sets to kind 30008 ([PR #2276](https://github.com/nostr-protocol/nips/pull/2276)) — Merged**
[NIP-58](/en/topics/nip-58/) defines badge awards and profile badge display on Nostr. Previously, Profile Badges (the list a user displays) used kind `30008`, the same kind as Badge definitions (parameterized replaceable events keyed by a `d` tag). This created ambiguity. The merged PR migrates Profile Badges to kind `10008`, a simple replaceable event with one per pubkey and no `d` tag needed, while kind `30008` is repurposed for Badge Sets (curated collections of badge definitions). Clients now query a single replaceable event per user for their displayed badges rather than scanning parameterized replaceable events. Amethyst v1.07.3 already ships this migration.
- **01:07:35 NIP-34 (Git Stuff): Add git-related follow lists ([PR #2130](https://github.com/nostr-protocol/nips/pull/2130)) — Merged**
[NIP-34](/en/topics/nip-34/) defines how to host git repositories on Nostr using kind `30617` repository announcements. This merged PR adds follow list conventions for repository and issue tracking: users publish kind `30000` follow sets with `d` tags like `git-repos` or `git-issues` containing `a` tag references to repositories they want to track. Clients can subscribe to these follow sets to show repository activity in a user's feed, working the same way kind `3` contact lists work for pubkeys. This closes a gap where there was no Nostr-native way to follow repository activity without subscribing to a specific relay.
- **01:08:22 NIP-AC: P2P Voice and Video Calls over WebRTC ([PR #2301](https://github.com/nostr-protocol/nips/pull/2301)) — Open**
[NIP-AC](/en/topics/nip-ac/) expands the original NIP-100 (already implemented by 0xChat) with three changes: migration to [NIP-44](/en/topics/nip-44/) encryption wrapped in [NIP-59](/en/topics/nip-59/) gift wraps to eliminate metadata leaks, a specified WebRTC workflow for call setup (offer, answer, ICE candidates), and a mesh group call model where each peer establishes a direct WebRTC connection to every other peer. The new spec is not backwards-compatible with NIP-100. Amethyst is actively building against it, with a call state machine test suite ([PR #2143](https://github.com/vitorpamplona/amethyst/pull/2143)) and stale call offer handling ([PR #2164](https://github.com/vitorpamplona/amethyst/pull/2164)) already merged this week.
- **01:09:38 NIP-340 (FROST Quorum) ([PR #2299](https://github.com/nostr-protocol/nips/pull/2299)) — Open**
[NIP-340](/en/topics/nip-340/) proposes conventions for [FROST](/en/topics/frost/) (Flexible Round-Optimized Schnorr Threshold) signing on Nostr. FROST lets a group of signers collectively control a Nostr identity where any t-of-n members can sign events without reconstructing the full private key. Signing rounds are coordinated, key shares are distributed, and threshold-signed events are published using the conventions defined in the NIP. This builds on the Igloo iOS signer work from the [FROSTR project](/en/newsletters/2026-04-01-newsletter/#igloo-signer-11) and addresses custody and security use cases where no single device should hold a complete key.
- **01:10:41 NIP-5D (Nostr Web Applets) ([PR #2303](https://github.com/nostr-protocol/nips/pull/2303)) — Open**
[NIP-5D](/en/topics/nip-5d/) defines a `postMessage` protocol for sandboxed web applications ("napplets") running in iframes to communicate with a hosting application ("shell"). The shell provides the napplet with Nostr signing, relay access, and user context through a structured message API, while the iframe sandbox prevents direct key access. This extends the static website hosting model from [NIP-5A](/en/topics/nip-5a/) toward interactive applications that can read and write Nostr events: where NIP-5A serves a page, NIP-5D runs a program. A working runtime implementation accompanies the proposal.
- **01:12:08 NIP-5C (Scrolls) ([PR #2281](https://github.com/nostr-protocol/nips/pull/2281)) — Open**
[NIP-5C](/en/topics/nip-5c/) (renamed from the earlier NIP-A5 proposal) defines conventions for publishing and discovering WebAssembly programs on Nostr. WASM binaries are stored as Nostr events on relays, and clients can download and execute them in a sandboxed runtime. Scrolls are self-contained programs that turn Nostr into a distribution network for executable code. A [demo app](https://nprogram.netlify.app/) shows scrolls running in-browser, with example programs published as Nostr events that any client can fetch and execute. The concept extends NIP-5A from serving HTML to running interactive programs across the same relay infrastructure.
- **01:13:14 NIP-85 (Trusted Assertions): Clarifications ([PR #2304](https://github.com/nostr-protocol/nips/pull/2304)) — Open**
[NIP-85](/en/topics/nip-85/) defines a model for trusted assertions where service providers attest to facts about users. This PR tightens the specification language around multiple keys and relays per service provider, clarifying how clients should handle assertions from providers that operate across several pubkeys or relay endpoints. The changes address ambiguity in the current spec that leads to inconsistent client implementations.
- **01:13:42 NIP-24 (Extra Metadata Fields): published_at for replaceable events ([PR #2300](https://github.com/nostr-protocol/nips/pull/2300)) — Open**
[NIP-24](/en/topics/nip-24/) defines extra metadata fields for Nostr events. This PR generalizes the `published_at` tag from [NIP-23](/en/topics/nip-23/) long-form content to all replaceable and addressable events. The tag is display-only: if `published_at` equals `created_at`, the event was created at that time; if they differ (because the event was updated), clients can show both a creation and an update timestamp. This lets kind `0` profiles display "joined at" dates and all replaceable events preserve their original publication timestamp across updates. A companion [NIP-51](/en/topics/nip-51/) proposal ([PR #2302](https://github.com/nostr-protocol/nips/pull/2302)) adds the same tag to list events.
- **01:15:47 NIP-59 (Gift Wrap): Ephemeral gift wrap kind ([PR #2245](https://github.com/nostr-protocol/nips/pull/2245)) — Open**
[NIP-59](/en/topics/nip-59/) defines the gift wrap protocol used by [NIP-17](/en/topics/nip-17/) private DMs and other metadata-protecting applications. The existing kind `1059` gift wrap is a regular event that relays are expected to store. This PR adds kind `21059` as an ephemeral counterpart: relays are not expected to store ephemeral events and may discard them after delivery. This lets applications send gift-wrapped messages that disappear from relays once delivered, reducing storage requirements for high-volume or transient messaging while keeping the same three-layer encryption model as regular NIP-17 DMs.
- **01:16:35 OpenSats announces sixteenth wave of Nostr grants**
[OpenSats](https://opensats.org) announced its [sixteenth wave of Nostr grants](https://opensats.org/blog/sixteenth-wave-of-nostr-grants) on April 8 with four first-time grants and one renewal. [Amethyst Desktop](https://github.com/vitorpamplona/amethyst/tree/main/desktopApp) receives funding for contributor Robert Nagy to build a standalone desktop app on the [Quartz](/en/topics/quartz/) and Commons modules. [Nostr Mail](https://github.com/nogringo/nostr-mail) receives funding to build an email system using kind `1301` events in [NIP-59](/en/topics/nip-59/) gift wraps with an SMTP bridge. [Nostrord](https://github.com/Nostrord/nostrord) receives funding for a Kotlin Multiplatform [NIP-29](/en/topics/nip-29/) client with Discord-style moderation. [Nurunuru](https://github.com/tami1A84/null--nostr) receives funding for a native iOS Japanese-focused client with passkey biometric login. HAMSTR receives a renewal grant.
### NIP Deep Dives
- **01:17:48 NIP Deep Dive: NIP-17 (Private Direct Messages)**
[NIP-17](https://github.com/nostr-protocol/nips/blob/master/17.md) replaces [NIP-04](/en/topics/nip-04/) as the standard for private DMs on Nostr, using [NIP-44](/en/topics/nip-44/) encryption with [NIP-59](/en/topics/nip-59/) gift wrap in a three-layer system. The innermost layer is an unsigned kind `14` message (the "rumor") providing limited deniability. The kind `13` seal is signed by the real sender and NIP-44-encrypted to the recipient, with no tags to avoid revealing the recipient if decrypted alone. The outermost kind `1059` gift wrap is signed by a random throwaway key with a randomized timestamp up to two days in the past, so relays see only an anonymous event addressed to the recipient. NIP-17 does not provide forward secrecy: all messages use the static Nostr keypair, so a compromised nsec decrypts all past and future messages. Kind `10050` events publish a user's preferred DM relay list for delivery routing. Implementations include Amethyst, Primal, Nostur, Damus, noStrudel, Coracle, Flotilla, and nospeak.
- **01:26:23 NIP Deep Dive: NIP-46 (Nostr Remote Signing)**
[NIP-46](https://github.com/nostr-protocol/nips/blob/master/46.md) separates the private key from the client application. The user runs a remote signer ("bunker") that holds the key and responds to signing requests over Nostr relays using kind `24133` events encrypted with [NIP-44](/en/topics/nip-44/). A client generates a disposable session keypair and sends JSON-RPC-like requests: `connect`, `sign_event`, `get_public_key`, `ping`, `nip04_encrypt`, `nip04_decrypt`, `nip44_encrypt`, `nip44_decrypt`, and `switch_relays`. Clients request specific capabilities at connection time through a permission string (`sign_event:1,nip44_encrypt`). Connections are initiated by either side: `bunker://` URLs from signers, `nostrconnect://` URLs from clients, with a `secret` parameter preventing spoofing. Amber v6.0.0-pre1 adds per-connection signing keys so each client gets an isolated key. [nsec.app](https://github.com/nicktee/nsecapp) provides a web-based bunker. Auth challenges via `auth_url` handle cases where the signer needs a password, biometric, or hardware token before approving a request.