Conversation
|
I was thinking on a crazy idea using replaceable events to reduce the amount of leaked "premium" events: 1 - Creator posts a full blog entry into the creator relay. Now, the other relays will not accept the old event that has the full text. They will default to the public one. Clients will need to implement a "Load More" button that hits the creator relay and force-displays the past version of the replaceable. This will also mean that Clients using regular Nostr DBs won't save the old version in their local dbs, which will default to the public event as it should, limiting additional leaks. |
|
Hey guys. You may be interested in how Fanfares is doing paywalled events: First of all, we haven't introduced any new event kinds for our paywall system. Any nostr event can be paywalled. If the paywalled content is text, we encrypt the text and store it in the If the paywalled content is media, we encrypt the files and store them on blossom. The event's imeta tags point to the blossom URLs and contains some extra information depending on the file type, like So whether the paywalled content is text or binary, it's just a normal event with an When a user wants to publish a paywalled event, they receive the unique encryption key from our server. This is how we are able to supply the encryption key to buyers of the content. Our server verifies zap receipts and supplies the decryption key to verified buyers of the content. The decryption happens locally in the client. This paywall NIP is interesting for ACL for a piece of content, but I don't think we would use it for Fanfares because:
I think that this NIP would be more appropriately named "Access Control Lists" because it has nothing to do with payment and could be used in many contexts outside of paywalls. For what it's worth, Fanfares has managed to implement actual non-interactive zap-based paywalls without having to write any new NIPs and that's something worth considering. Our work may inform augmentations of how imeta is used, and seems to be the first to use the |
This is not a good thing. I think you still need to create the NIP to specify how the Anyway, there are lots of things here for a NIP so that anyone can code not only the client but also the service. |
|
Those are all great questions. I'd be happy to write a NIP. Nobody had been interested up to this point. Anyway, Fanfares is early on and I didn't see any point in defining a NIP when our POC wasn't yet complete. But it is probably 90% at this point, so I could start speccing it all out. |
|
For now, do you just share one secret with all of the members or do you create one |
|
Yeah, write a NIP. The whole point of nostr is network effect, and a NIP makes network effect over a feature set possible. |
Each event gets its own encryption key. Each person who buys the event receives the key in order to decrypt the event. Each buyer gets the same key given the same event. The
The key will decrypt the ciphertext. If the event does not have ciphertext and instead has imeta tags pointing to encrypted files, the key will decrypt those files after fetching them. (The imeta has an I hope that answers your question?
It's time to write a NIP 😅 |
|
On NIP-17, we force just one encryption type to keep things easy for implementers (no random encryption schemes we have never seen). It would be worth doing the same here.
How do they receive it? Do clients need to code allow them to paste/type the key into the app? |
The buyer makes a NIP-98 request to our server's /request-key route, and if their payment is validated, they receive the key in response. There is a very deep discussion to be had regarding how other clients should interact with Fanfares instances. I don't know if this is the right place to dig into it. But it's a discussion I want to have. We are eager to assist other clients in integrating paywall unlocks. Just not sure how it should be done quite yet. UPDATE: I've started writing the NIPs 📝 |
|
When I implemented something like this in Highlighter I used NIP 29; the creator would publish a preview event and the full content event. The paid event with a roles tag of the NIP-29 membership roles (eg "supporter", "ultrahigh") The NIP-29 relay enforces who gets what depending on their membership role in the relay. This allows any client that is not aware of this paid content stuff to be able to, ie, read a paid-content 30023 long form. |
|
@fiatjaf damn you are fast!
I don't see any major differences; in this PR, the list is updated automatically by the payment processor that interacts with the relay, so the “content author” does not need to take any direct action.
Cool, although I'm not sure if it's a good idea to use a “side effect” as a specification. |
There are no specs. Everything in nostr is a side effect. :) |
As I read it, the content author must publish the kind 1163 to grant access to a new user @dtonon |
|
@arkin0x the content author means the payment gateway acting on behalf of the author (e.g. using a FROST bunker with a limited kind scope). |
It could mean that, depending on an individual's implementation of what is written. The spec does not include FROST. |
|
@arkin0x FROST is not mandatory, it's just a good option. The point is that the payment gateway needs to be able to sign events on behalf of the author, or have a private communication channel with the relay that creates the events itself using the author's key. |
|
Very interesting! I'm working on a project called chuchu (still in alpha stage), which is a paid content subscription platform built on NIP 29 This NIP seems very promising. However, I have a concern that aligns with what @arkin0x mentioned earlier: if the Membership Event must be published by the content-creator, it becomes difficult to achieve a scenario where subscribers can automatically unlock content upon payment without requiring the creator's active participation. If this NIP can address this concern, I would be interested in switching to this NIP for implementation. |
|
You can't have your cake and eat it too. Either the thing is centralized in one provider or not, and life has tradeoffs. The limited bunker solution as @dtonon suggests is pretty good to me. Even Amber users can supply it to the payment provider as long as the payment provider has some logic to try again after some time if the bunker is unresponsive or something like that. Well, actually you can have your cake as long as you only eat one part of it: if you are using a single relay for the premium content and that relay is also responsible for collecting the payments (or counting the zaps you receive) then that relay may start serving your content to a user that has just paid even though you haven't yet updated your list. Then later when you come back online you contact the relay and get the new data you can publish your updated list (so maybe other relays that you may also be using can get the update). |
Maybe this overlap is not even necessary. |
|
The force-push is just because of the rebase because GitHub is stupid. The last commit introduces the possibility of having your cake and eating it too: if instead of only referencing pubkeys we can also reference pre-existing lists of pubkeys we can allow creators to easily:
This only complicates premium-capable relays a little bit, almost nothing, and is optional. Let me know if this (or anything else about this NIP) is dumb. |
|
i think this should be called gated content. both paywalled and premium don't really describe it imo. All we are describing is the conditions upon which the gate is opened or closed for someone to receive the event |
|
What about
|
|
+1 exclusive content |
|
This is implemented in fiatjaf/pyramid@00627d0 fiatjaf/pyramid@ce8ecf0. Seems to work correctly. |
|
Thanks @fiatjaf for pointing me here from PR #866. This is very relevant to what I'm building. I'm building a subscription-based creator platform on Nostr and this spec addresses many of the same problems I've been working through. I like the approach. Membership as Nostr events (kind 1163) is more portable than storing it in a database, and the Some thoughts after reading the spec and the discussion here: 1. Expiry. In my implementation subscriptions have an 2. Tiers. I see this is mentioned in "Future additions." From building this out, tiers are needed from day one. Every creator I've talked to wants at least two price points with different content for each. @pablof7z's NIP-29 roles approach and the 3. Teaser pattern. @vitorpamplona's suggestion of publishing a I think this spec and PR #866 are complementary. NIP-63 handles relay-side access control (who can read what), and #866 handles the subscription flow (what tiers exist, who subscribed). The kind 1163 event becomes the bridge between payment and access. I've open-sourced my subscription implementation at Nostreon/nip88-subscriptions if it's useful as a reference. Happy to help test or contribute. |
About the recurring subscriptions NIP, I don't know, it may be complimentary to this. But honestly I think payments are too hard to standardize. As you said, that NIP only focuses on zaps (if I'm not mistaken). If you try to account for all the other forms of payments in the world we'll go crazy. So my proposed solution is much simpler: a payment provider has a webpage where people can pay and they get added to the list. The specifics of how much has to be paid and by what means and what happens when you pay: these are all specific to the content creator and the payment providers he chooses, they can be arbitrary. There's almost nothing to be gained here from standardizing this part. Nostreon could be one such payment provider, host pages explaining the plans and terms for each creator, and issue the NIP-63 lists -- then people can pick other relays to host their gated content (and they can use other providers besides Nostreon at the same time) and followers can get the content on any client (regardless of whether they are aware of this NIP or not), while creators can also publish from any client that implements adding the "nip63" tag. My NIP-63 implementation is here: https://github.com/fiatjaf/pyramid/tree/master/paywall Of course Nostreon can also host a relay for the exclusive content, and offer a client that can publish the exclusive content, but I think these things should be totally independent of each other, interoperable and replaceable. (Of course I don't know at all what are you planning for Nostreon, but I hope you do it in this modular architecture.) |
|
Thanks for the detailed response and for sharing the Pyramid implementation. The modular architecture you're describing makes a lot of sense. Right now Nostreon is more tightly coupled (our own relays, our own client), but NIP-63 gives a clear path toward that modularity. The first step for me would be issuing kind 1163 membership events when someone subscribes, so even if gated content lives on Nostreon's relay today, the membership data is portable and other relays could use it. On expiry: I agree someone always has to act, but NIP-40 expiration on kind 1163 events gives a useful safety net. If a payment provider has downtime or a bug and fails to delete a lapsed membership, without expiration that user keeps access indefinitely. With an expiration tag set to the subscription end date, the relay stops serving content automatically and the payment provider just needs to publish a new kind 1163 when they renew. Failure mode becomes "access stops" instead of "access leaks." I'll use NIP-40 for this rather than inventing something new. On tiers and teasers, understood. I'll work with the existing design. Going to start integrating NIP-63 into Nostreon. Will share what I learn from the implementation. |
|
Quick update on the NIP-63 integration I mentioned, plus some related work that came out of it. NIP-63 (kind 1163 membership events) NIP-88 event publishing A small thing that came out of this Loosely related Reference implementations & docs
One question Signed by the platform key acting as payment verifier. The |
|
You may want to check this complementary NIP for defining payment gateways, prices and more, please give it a look |
|
Thanks for this rich discussion on paywall/premium content at the protocol level — it's one of the most substantive open conversations on this topic in the media technology ecosystem. For those designing paywall mechanics here, some academic context may be useful: Subscription Fatigue: Research by Bindra et al. (2023, "The Subscription Economy and Consumer Fatigue") and Chu et al. (2022, Harvard Business Review) documents that consumers now average 12+ active subscriptions and exhibit increasing churn as perceived marginal value per subscription declines. This is especially relevant for decentralized media — if every creator runs their own paywall, users face a fragmented subscription landscape far worse than the "one subscription for everything" model of traditional publishers. Protocol designers should consider mechanisms that reduce per-creator friction (e.g., bundling, universal credit systems, or aggregated passes) to mitigate this fatigue. Metered Paywall Effectiveness: The landmark study by Chiou & Tucker (2017, "Paywalls and the Demand for Online News") at MIT found that metered paywalls (allowing N free articles before gating) significantly outperform hard paywalls in converting readers to subscribers, because they preserve discovery and habituation. A 2023 follow-up by Athey et al. ("Consumer Heterogeneity and Paywall Design") confirmed that the optimal meter count varies by audience segment — lightweight readers need fewer free articles to convert, while heavy readers need more. This directly informs the "preview vs. full content" debate in this thread: a protocol-level meter mechanism (e.g., time-limited access, partial content reveals, or credit-based sampling) could give implementers flexibility to tune the "free sample" threshold. Freemium-to-Paid Conversion: Böckermann & Haucap (2024, "Freemium Models in Digital Markets") show that freemium conversion rates typically hover at 2–5%, but can reach 10–15% when the free tier delivers genuine recurring value (not just a one-time taste). The key driver is what they call "escalating utility" — features that become more valuable as usage accumulates (e.g., saved collections, personalized feeds, social features). For Nostr paywalls, this suggests that gating purely content-based features may yield lower conversion than gating accumulation-based features (e.g., bookmarking, curated feeds, creator-specific dashboards). Practical Implications for this NIP: Combining these findings, a well-designed paywall protocol should:
The discussion here about interactive vs. non-interactive, encrypted tags, and access control is exactly where these design decisions get made at the protocol layer. Hope this research context is useful as the NIP evolves. |
https://github.com/nostr-protocol/nips/blob/685ddacdbf7f3c7684a362c96129130241433723/63.md