JeffG
JeffG

Secure messaging on Nostr. Creator of Marmot protocol, MDK, and White Noise. Other stuff connoisseur. Also built Listr, Ostrich.work, Ontolo, Nostr.how.

Public Key

npub1zuuajd7u3sx8xu92yav9jwxpr839cs0kc3q6t56vd5u9q033xmhsk6c2uc

NIP-05 Address

jeffg.fyi

Profile Code

nprofile1qqspwwwexlwgcrrnwz4zwkze8rq3ncjug8mvgsd96dxx6wzs8ccndmcpz3mhxue69uhhyetvv9ujuerpd46hxtnfduq3vamnwvaz7tmjv4kxz7fwwpexjmtpdshxuet5gc5pvh

Publishing to

relay.damus.io

relay.primal.net

Author Public Key

npub1zuuajd7u3sx8xu92yav9jwxpr839cs0kc3q6t56vd5u9q033xmhsk6c2uc

Show more details

Last Notes

2026-05-05 18:01:29 CEST

@nprofile…suxq community call starting now!
https://meet.fulmo.org/marmot

2026-05-05 08:14:44 CEST

I feel like Codex is getting better every day while Claude Code gets worse...

2026-05-04 18:30:46 CEST

Just released version 0.8.0 of MDK (@nprofile…suxq development kit). It includes lots of improvements and a few important changes.
https://crates.io/crates/mdk-core
Full release notes here: https://github.com/marmot-protocol/mdk/releases/tag/v0.8.0

2026-05-04 17:54:49 CEST

😒
https://blossom.primal.net/40b21e72e42b92620c1b2d45c94087e7970eea0b3fa924a9b8f1e5a46491e308.png

2026-05-04 14:30:47 CEST

- reply

Yeah 100% coincidental. The real Sparrow doesn’t track any of that.

2026-05-04 13:23:48 CEST

Just got Sparrow Wallet phishing email from [email protected] (definitely not the right URL, asking about definitely not real things).
Stay safe out there folks.

2026-05-04 10:58:31 CEST

@nprofile…5h0z continues to absolutely crush it. I always love reading their updates.
https://opensats.org/newsletter/2026-Q1

2026-05-04 09:29:24 CEST

GM 🌞
Happy to be back at my desk after 2 weeks on the road.

2026-05-04 09:28:32 CEST

- reply

🤣 wagmi

2026-05-02 17:17:29 CEST

- reply

Turns out, if you don't over emphasize nostr purity and just build fun things, more people end up using the network.
#nevent1q…carl

2026-05-01 03:28:16 CEST

- reply

🫂 sending positive thoughts!

2026-04-29 11:23:40 CEST

- reply

So pumped about the evolution! 👏 thank you for everything @nprofile…576t !
#nevent1q…kpee

2026-04-28 22:03:46 CEST

- reply

Make dashes great again.

2026-04-27 16:51:19 CEST

- reply

I’m really hoping this is sarcastic….

2026-04-21 14:19:42 CEST

- reply

the foundations will continue until privacy & freedom improves!

2026-04-21 14:17:19 CEST

- reply

👋 We created @nprofile…nfun so that we'd have a stable long-term home for the Marmot protocol, @nprofile…9puf , and other projects in the privacy space that we're working on.
@nprofile…8p0e, @nprofile…upw4, and @nprofile…cgxs are also on the board.
We'll be adding this (and more) to the website in the coming weeks but happy to answer questions in the meantime.

2026-04-20 01:54:50 CEST

The best places are the ones that seem utterly contradictory but somehow manage to hold that tension in perfect elegance.

2026-04-17 09:26:11 CEST

- reply

GM @nprofile…n5fw 🌞
#nevent1q…kwhe

2026-04-16 10:59:19 CEST

Just use OTR...
Just use Signal protocol...
Just use a server...
The problem of unstoppable, private group messaging is SO much bigger and SO much harder than anyone gives it credit for (including me).
There are many shortcuts. There are many half-baked solutions that might get short-term adoption.
Building the thing right has pushed me to the limit many times over the last few years. And yet, I'm still here. Still learning, still building. I'm not going to give up, and I'm not going to cut corners.

2026-04-16 09:57:09 CEST

GM 🌞
Who is looking at post-quantum strategies for nostr? I want to talk.

2026-04-15 23:51:21 CEST

LOL 😂 The internet remains undefeated.
They’ve already found serious privacy flaws with the EUs digital bullshit.
https://x.com/paul_reviews/status/2044436001611801072

2026-04-15 23:47:52 CEST

- reply

Make #HumanSlop great again

2026-04-15 17:55:57 CEST

Exactly! So let us raise them and stop interfering! 🤬
https://blossom.primal.net/4f077eb5a75dbb233c9889df5cc9e00744119b8271ad690872b6590d7cae0f79.png

2026-04-15 17:54:02 CEST

- reply

😂

2026-04-14 22:42:34 CEST

- reply

the thing is... most people's actual writing is also slop.

2026-04-14 06:50:30 CEST

- reply

Does it support Marmot yet?

2026-04-11 09:29:10 CEST

GM 🌞
Enjoy your people today.

2026-04-04 00:27:51 CEST

Double aurora. Wow.
https://blossom.primal.net/4a835ed819ef5386945d2a8d6c8708a64c36d9c2d891eaf09f35518d74f633d6.jpg

2026-04-03 11:17:06 CEST

- reply

what are these attestations?

2026-04-03 11:15:57 CEST

GM 🌞 The funding will continue until the freedom improves!
https://hrf.org/latest/hrfs-bitcoin-development-fund-announces-support-for-26-projects-worldwide/

2026-04-01 15:55:09 CEST

- reply

If you're having trouble - a good first stop is https://nostr.doctor. You might have some very out of date key packages or something else causing issues. 😉

2026-04-01 07:23:06 CEST

- reply

https://blossom.primal.net/ed2c43f26268de804b7b7e9daa7b4e5603143cbeb13bce3dcfe34815644039ca.gif

2026-03-31 19:02:13 CEST

- reply

We’re not currently planning on making a web client but I know a few others are using our marmot-ts library to that end. Still early on the web side.
In the meantime, we are working on the multi-device spec now. This is a precursor to making a desktop client. I’m also [impatiently] waiting for it!

2026-03-31 10:32:04 CEST

GM 🌞
Feels heavy out there today fam.

2026-03-30 12:45:32 CEST

- reply

Yea @nprofile…sp3z , @nprofile…gxdt , Pika, and more coming every week.

2026-03-29 16:05:30 CEST

- reply

This is the way.
#nevent1q…th76

2026-03-29 16:04:44 CEST

- reply

Yeah. This is definitely possible. encrypted backups and syncs of content and group info.

2026-03-29 16:03:39 CEST

- reply

Many.

2026-03-29 16:01:35 CEST

- reply

Yes, that's true and devious. 🤔

2026-03-29 16:00:15 CEST

As only Asimov could deliver...
https://astronomy.org/moravian/C00-Last%20Question.pdf

2026-03-27 13:56:31 CET

- reply

The goal is to make it easy enough to use Marmot for even use-cases like that. Multi-device (which is the same as multi-client really) + encrypted sync should make it super smooth.

2026-03-27 13:51:35 CET

- reply

Yup - this is true. I've seen a few people come up with complicated state-chain style "solutions" for MLS but imo none of these works in the real world.
Fundamentally, if you're an admin in a group and you are malicious, the group is screwed. I'm not sure how this is really different from signal–if you're a malicious admin on signal you can still delete the group or remove everyone but yourself. The existence of a server doesn't solve this.

2026-03-27 13:47:34 CET

- reply

❤️ #marmot
#nevent1q…34f2

2026-03-27 13:46:27 CET

- reply

Yeah - device specific (feature, not a bug, for PCS and forward secrecy). After multi-device we'll also be working on encrypted sync between your devices.

2026-03-27 08:59:45 CET

- reply

LOL - unless I am suffering from amnesia, I don't think this was me.

2026-03-27 08:58:58 CET

- reply

LOL - fair. but also the GH UI is terrible. Doesn't show any of the beta releases on the sidebar, does't have any indication that the project has been updated recently on other branches. 🤷‍♂️

2026-03-27 08:58:00 CET

- reply

This is hilarious 😂
A reminder to everyone - NIP-04 DMs are completely insecure and don't hide any metadata.
Thankfully, Marmot fixes this.
#nevent1q…7wg9

2026-03-27 08:57:04 CET

- reply

😂 This is hilarious.

2026-03-27 08:00:54 CET

- reply

Sorry for the fire alarm - it's not! All the work is happening on the `next/major` branch where it looks like they're getting closer to the 0.4.0 release. 🎉
#nevent1q…7fe3

2026-03-27 07:57:07 CET

- reply

Yeah - I couldn't believe it and after a moment of poking around found the branch where everything is happening.

2026-03-27 07:56:02 CET

- reply

Ahhh. My bad - there is a next/major branch that has had lots of activity.
https://github.com/Start9Labs/start-os/tree/next/major

2026-03-27 07:51:48 CET

Hey @nprofile…fu08 - Is StartOS a dead product? https://github.com/Start9Labs/start-os
11 months since the last commit...

2026-03-27 07:51:40 CET

GM 🌞
So pumped. There are so many amazing things coming up in the next few months...

2026-03-26 18:51:10 CET

- reply

Talked to them about it yesterday, in fact. 😉

2026-03-26 09:09:19 CET

- reply

We're programmed to be pendulums, aren't we? 😂
We can only find valuable solutions by going too far in both directions.

2026-03-26 06:51:37 CET

- reply

I didn’t have much time to look into it but it seems generally pointed in a good direction. I’m just not clear (lack of context) how this would be used to solve a real need or gap in how teams or collectives use nostr now.

2026-03-26 06:46:40 CET

- reply

In what way? We support amber and other Nip-55 signers already.

2026-03-26 06:36:49 CET

GM 🌞
A beautifully written counterpoint to the current fever dream we’re all living…
https://mariozechner.at/posts/2026-03-25-thoughts-on-slowing-the-fuck-down/

2026-03-25 16:37:23 CET

- reply

yeah, we don't really support iPad yet.

2026-03-25 12:19:54 CET

- reply

We focused nearly entirely on stability and fixing bugs for the latest release. If you're still having trouble please look in settings and report issues (ideally with the actual error logs that you find in the Developer Settings screen).
#nevent1q…clt0

2026-03-19 19:55:43 CET

- reply

I’m running a self hosted umami.is

2026-03-19 19:46:39 CET

Tré Cool is one of the most underrated rock drummers ever.

2026-03-19 08:57:32 CET

- reply

😂

2026-03-19 08:56:15 CET

- reply

I have a server that might be able to help ;)

2026-03-19 08:55:47 CET

GM 🌞
Build something new today.

2026-03-18 20:57:29 CET

- reply

@nprofile…9qus this could be a good add

2026-03-18 20:52:44 CET

- reply

We played it recently inside a marmot group! It’s hilarious and amazing. 😂

2026-03-17 13:36:12 CET

- reply

I feel seen. 🫂

2026-03-17 13:35:52 CET

- reply

So cool.
#nevent1q…c6s3

2026-03-17 13:33:26 CET

It really pisses me off that agents ruined en/em dashes. I used them all the time before LLMs came along and now, I'm having to train myself to stop so that people who don't know grammar won't think I'm AI slop.

2026-03-17 13:29:03 CET

- reply

I'm currently leaning towards self-hosted Umami (very similar to Plausible) for website analytics and self-hosted Sentry or GlitchTip for tracking crashes and errors. But still doing some research.
And yes, I agree. A docs page which details exactly what is being collected and how would be required as well.

2026-03-17 07:01:59 CET

- reply

Yes, and… what people say and what people do differ significantly on products.
Revealed preferences tell you a lot about what your product is solving for people, often stuff they’re not even sure how to articulate themselves.

2026-03-17 06:59:32 CET

- reply

What do you mean served? Is this specific to zapstore for download numbers?

2026-03-17 06:58:23 CET

GM af 🌞
https://blossom.primal.net/2a36a02a6a064495f67a21e237b2392c0b0d044de5feff2afcb4928ae98d8188.jpg

2026-03-16 21:27:51 CET

- reply

Why not just use one of the self hosted tools that already exists?

2026-03-16 12:34:07 CET

- reply

Spot on.

2026-03-16 12:33:39 CET

- reply

I agree. It has to be driven by user opt-in. But I can see a lot of people wanting to help out and they'd opt-in. Again. it's down to the the builders to do this is a privacy preserving way but, as with all OSS, they can just look at the code to see that we're not tracking anything sensitive (or have their Clanker do it for them).

2026-03-16 12:29:43 CET

- reply

I've just set up a self-hosted Umami instance for a bunch of sites. It's great.

2026-03-16 12:13:08 CET

- reply

We're also never going to get there pushing the privacy angle (or the censorship resistance angle for that matter).
We have to build something unique and fun and special that can't exist on centralized platforms. That is the only thing that will bring in large numbers of new people.

2026-03-16 12:11:23 CET

- reply

What's your take? That we should be using these tools way more?
I fully agree with your take though - a HUGE number of devs in the open source world are there for themselves. They want to build tools for themselves or play with fun technology. That's ok - often they're donating their time for free anyway.
But for those of us that want to build something that is actually used, the only path can be to listen to users and look honestly at what the data is telling us.

2026-03-16 12:05:01 CET

- reply

Yeah - it's a bitter pill looking at this chart. I think it's less about "winning" and more about there being a credible, high-quality option out there for the people that need it. Many (most?) people will never care about privacy, that's ok. We want to ensure that for the people that do - they have an option that is as good or better in terms of UX.

2026-03-16 12:01:22 CET

Genuinely curious what everyone's thoughts are on product analytics in the apps you use. I think most teams building in the nostr/bitcoin/freedom-tech space are a hard-no without thinking about how you could do them well (i.e. privacy-first, opt-in only, etc).
A lot of people complain about the quality of Nostr apps but, the truth is, it's nearly impossible to build a high-quality product that delivers real value without having at least some idea of how folks are using a thing.
Trolls, gtfo. I'm only interested in thoughtful or thought-provoking responses.

2026-03-16 10:45:14 CET

- reply

YES! By far the best way to do most things these days.

2026-03-16 10:44:36 CET

https://blossom.primal.net/38a973eda97ffcbc71c8d13d3d71283a7bf82df9613ecd97c2163f08a4fc577c.png
* From Matthew Green's recent post on WhatsApp: https://blog.cryptographyengineering.com/2026/02/02/whatsapp-encryption-a-lawsuit-and-a-lot-of-noise/
** Oh, and Instagram just announced they are removing the option of E2EE

2026-03-16 08:58:12 CET

GM 🌞
An amazing use for LLMs is to give them github URLs for open source projects you're unsure about the quality on (or whether they might be unsafe) and ask them to do a full review. GPT 5.4 on extra high is a phenomenal reviewer.

2026-03-15 22:08:37 CET

- reply

They come from a massive data indexer I built. They’re real numbers, with caveats. There’s more info on that in the site.

2026-03-15 22:06:56 CET

- reply

Interesting. I like that we have several different indexer projects in the ecosystem now.

2026-03-15 20:15:43 CET

- reply

Amazing. Can’t wait. I noticed a PR a few days ago to add auth support - is that going to make it in too?

2026-03-15 18:59:50 CET

- reply

I think @nprofile…a43x is adding blossom stuff now.

2026-03-15 18:16:37 CET

- reply

😂😂

2026-03-15 08:16:44 CET

- reply

Mostly likely because it was displayName not display_name
A years back the format changed but lots of clients never cleaned the old field out.

2026-03-14 23:57:03 CET

- reply

What relays?

2026-03-14 22:30:52 CET

- reply

Exactly. The test should be the test. 😉

2026-03-14 22:29:27 CET

- reply

MacOS.
Sadly, MacOS doesn't have cowsay....

2026-03-14 22:28:23 CET

- reply

🙌

2026-03-14 19:01:34 CET

- reply

What's nostr.land running on? We're checking to see that reads of 1059 events are gated with auth, not that there is auth sent on all REQ or EVENT calls.

2026-03-14 18:58:14 CET

Open your terminal and type "banner hello".
My son just showed this to me. 😂
Still finding terminal easter eggs after all these years.

2026-03-14 18:35:49 CET

- reply

I want a feed of just the feet up coffee in hand shots. 😂

2026-03-14 18:34:39 CET

- reply

good point 😂
I'll work on adding that next.
ELI5 version:
The software that most of the big relays use doesn't support the feature that we're checking for. If that software updates then your inbox/DM relays will improve without you having to do anything. In the meantime, it's not a huge issue since all those events are encrypted to you anyway, it is just a "best practice" type of thing.

2026-03-14 17:49:05 CET

- reply

Yeah - working on that actually. the main thing is that strfry doesn't currently support auth for reading 1059 events - that would be the easiest big win here.