What Is Nostr: The Operator's Guide to the Censorship-Resistant Internet

Twitter banned accounts. Substack caved to pressure. PayPal deplatformed creators mid-payment. Every centralized platform is a single point of failure — and failure is always political.

Nostr is different. Not because it's idealistic. Because the architecture doesn't allow deplatforming. Your identity is a cryptographic keypair. Your data lives on relays you choose. No CEO can pull the plug.

This is the operator's guide. Eight steps from zero to sovereign.

Nostr stands for Notes and Other Stuff Transmitted by Relays. Created by pseudonymous developer fiatjaf in 2020, it's a bare-metal open protocol — not a company, not a platform, not a DAO.

Here's the primitive: you have a keypair. Your private key (nsec) signs messages. Your public key (npub) is your identity. Nobody can create or revoke your identity except you.

Messages — called events — get published to relays. Relays are just WebSocket servers. Any relay can accept or reject events. No relay is authoritative. You publish to several. Your followers fetch from several. If one relay bans you, your content is still on the others.

There is no "Nostr server." There is no "Nostr company." There's a spec (a series of NIPs), open-source clients, and a global mesh of relays. The censorship surface is zero.

Your Nostr identity is a 32-byte secp256k1 keypair — the same curve Bitcoin uses. Two keys:

• nsec — your private key. Signs all events. Guards your identity. Never share it. Never paste it. Treat it like a seed phrase.
• npub — your public key. This is your username. Share it everywhere. It's how people find and follow you.

Most clients generate a keypair on first launch. You can also generate one offline with nostr-keygen or any secp256k1 tool. The bech32-encoded formats (starting with nsec1... and npub1...) are just human-readable encodings of the raw hex keys.

The most important thing you'll do in Nostr: back up your nsec before posting anything. Lose the key, lose the account. Forever.

• ✓Never share your nsec. Anyone with it owns your identity permanently.
• ✓Store nsec offline. Write it on paper, keep it in a hardware wallet, or use a password manager that never touches a browser.
• ✓Use a NIP-07 browser extension (Alby, nos2x) — it holds your key and signs events without exposing nsec to web clients.
• ✓Generate keys offline if you're paranoid. Air-gapped key generation is valid and recommended for high-value identities.
• ✓Multiple keypairs for different purposes — trading bot identity, personal identity, anonymous identity. Each is sovereign.
• ✓Never enter nsec into a web form unless you understand exactly what that site is doing with it.

Your npub is public and permanent. You can set a human-readable NIP-05 identifier (like you@yourdomain.com) to make yourself discoverable — but the underlying npub is the real identity, not the NIP-05 handle.

A Nostr client is just software that reads and writes events to relays using your keys. Clients are completely interchangeable. Switch any time — your identity and social graph come with you.

For pure web use, start with Primal — it has a caching layer that makes Nostr feel fast even when relays are slow. For building and developer use, Snort is battle-tested. On mobile: Damus on iPhone, Amethyst on Android. No contest.

Relays are WebSocket servers that store and serve Nostr events. They're the transport layer. Think of them like email servers — you can have accounts on multiple, and messages get routed between them.

Anyone can run a relay. Anyone can connect to a relay. Relays can have policies (paid access, invite-only, topic-specific) but no relay controls the protocol itself.

Free relays are open to all. Good for starting out. Often noisy. Higher spam rate. May have reliability issues.

Paid relays charge a small fee (usually sats) to post. This creates a spam barrier. Higher quality content. Better uptime. Worth it for serious use.

Recommended starting set: Add 4–6 relays. Include at least one paid relay. Use wss://relay.damus.io, wss://nos.lol, and wss://nostr.wine as your core three. Add wss://purplepag.es for profile broadcasting.

To add relays: go to Settings → Relays in any client. Paste the WebSocket URL. Done.

In Nostr, everything is an event. A post, a like, a follow, a DM — all events. Each event is a JSON object with a few fields: pubkey, created_at, kind, tags, content, and a sig (your cryptographic signature).

The kind field determines what type of event it is:

• Kind 0 — Profile metadata (your name, bio, picture)
• Kind 1 — Text note (a tweet equivalent)
• Kind 3 — Contact list (who you follow)
• Kind 4 — Encrypted direct message
• Kind 9735 — Zap receipt (Lightning payment confirmation)

When you hit "Post" in a client, it creates a Kind 1 event, signs it with your nsec, and broadcasts it to your connected relays. Your followers' clients query their relays and display it. No servers. No accounts. No moderation pipeline.

Tagging: Use @npub1... to mention someone. Clients resolve npubs to display names. Use #hashtag for discovery — hashtags are just t tags in the event JSON.

Zaps are Lightning micropayments sent over the Nostr protocol. They're not just tipping — they're the native monetization primitive. A zap is real money, instant, global, no fee taker in the middle.

Likes are engagement theater. Zaps are stake. When someone zaps your post 10,000 sats, that's signal. Real signal. Skin in the game.

To receive zaps:

1. Get a Lightning address (e.g., you@getalby.com, you@coinos.io, or self-host with LNbits)
2. Add it to your Nostr profile metadata (Kind 0 event, field: lud16)
3. Your profile now shows a ⚡ button — anyone can zap you

Nostr Wallet Connect (NWC): NWC is a NIP-47 protocol that connects a Nostr client to a Lightning wallet. Instead of scanning QR codes for every payment, your wallet is always connected. Zapping becomes one tap. Setup:

1. Open Alby or any NWC-compatible wallet
2. Generate a NWC connection string
3. Paste it into your Nostr client's wallet settings
4. Zap anything in one tap — wallet signs the payment automatically

Nostr is a protocol, not a product. The spec is a living set of NIPs — Nostr Implementation Possibilities. Each NIP defines a new event kind, metadata field, or protocol extension. Anyone can propose a NIP. Clients adopt what makes sense for them.

This is Nostr's superpower for developers: the extensibility surface is unlimited. You're not building on an API that can be deprecated. You're building on a signed event format with global relay infrastructure.

What's being built right now:

• Long-form content (NIP-23) — full blog posts, articles, newsletters on Nostr
• Marketplaces (NIP-15) — peer-to-peer commerce with Lightning payments
• Live streams (NIP-53) — streaming with real-time zap interactions
• Badges & credentials (NIP-58) — on-chain-style attestations, no blockchain required
• Private groups (NIP-29) — encrypted group chats with relay-enforced access
• Bots & agents — autonomous Nostr identities that post, respond, and receive zaps

NIP-07: The browser extension standard. This is the keychain for Nostr web apps. Install Alby or nos2x as a browser extension. Web clients request your public key or ask you to sign events — the extension handles it without ever exposing your nsec to the page. It's the MetaMask of Nostr.

Building a Nostr bot or agent? The surface area is small: generate a keypair, construct valid event JSON, sign with your nsec, broadcast to relay WebSockets. That's it. No API keys, no OAuth, no rate limit quotas assigned by a platform. The network is yours.

Every new decentralized social protocol makes promises. Most of them fail the same way: centralized choke points dressed up with decentralization branding. Here's the real comparison:

Mastodon is federated, not decentralized. Your identity is you@mastodon.social. If mastodon.social shuts down, you lose your followers. Instance admins can silence you. The censorship surface exists — it's just distributed across thousands of admins instead of one CEO.

Bluesky is better than Twitter but a regression from Nostr. The AT Protocol is real engineering. But Bluesky Inc. controls the labeling infrastructure, the app, and the main relay. The company can deplatform you. The cryptography is sophisticated; the power structure isn't.

Nostr's actual edge: Pure keypair identity. No instance domain. No company in the stack. Lightning-native by protocol. Runs on commodity relay infrastructure anyone can spin up. The attack surface that matters — your identity — is a private key on your device, not an account on someone's server.