Building Nostr's Web of Trust
Open Source
2026-02-15
Remember the last time you got a LinkedIn connection request from a stranger?
You probably did what everyone does: check the mutual connections. If you share 15 connections with someone, they're probably legitimate. Zero mutuals? Probably spam or a recruiter who carpet-bombs the platform.
That's web of trust in action. You've been using it for years without knowing it.
The Problem With Permissionless Networks
Nostr is beautiful because anyone can participate. No email verification. No phone number. No centralized authority deciding who gets to speak.
But that openness creates noise. A lot of noise.
Spam bots flood feeds. Impersonators copy profile pictures and names. Low-quality content drowns out meaningful discussions. And without centralized moderation, there's no obvious solution.
Traditional social networks solve this by hiring thousands of moderators and building opaque algorithms. That works—until it doesn't. Until the algorithm decides your content is "harmful" or the moderators make a bad call.
We wanted something different.
Social Distance as Trust
The concept is simple: trust decays with distance.
If you follow someone directly, they're 1 hop away. You chose to follow them—that's a strong signal. People they follow are 2 hops away. Still reasonable. Friends of friends of friends? Getting sketchy.
This isn't new. It's how human trust actually works. You trust your friends. You somewhat trust their friends. You're skeptical of strangers.
Nostr Web of Trust implements this for the Nostr protocol. Every user gets a "social distance" score relative to you. The closer they are in your follow graph, the more likely they're worth listening to.
How It Works
The system exposes a simple API:
isInMyWoT(pubkey)— Is this person in your trust network at all?getDistance(pubkey)— How many hops away are they?getTrustScore(pubkey)— A normalized 0-1 confidence metric
Client applications can use these to filter content. Show posts from people 1-2 hops away. Dim or hide posts from 3+ hops. Flag accounts with zero social connection to you.
No blocklists. No centralized moderation. Just your own social graph doing what it's always done—helping you decide who to trust.
The LinkedIn Experiment
Here's something we noticed while building this:
LinkedIn accidentally proved web of trust works at scale. Their "2nd degree connection" feature is literally social distance visualization. And people use it constantly to make trust decisions.
"This recruiter has 47 mutual connections with me" → probably legitimate.
"This crypto bro has 0 mutuals and just created their account" → ignore.
The difference is that LinkedIn controls this. They can change the algorithm, hide information, or use it against you. On Nostr, with our open-source WoT implementation, you control it.
Why We're Still Early
Decentralized social networks have a cold start problem. The network effects that make Twitter or LinkedIn useful take time to build on open protocols.
But here's what's interesting: trust networks compound faster than follower counts.
When you follow 10 people on Nostr, you're not just adding 10 connections. You're adding their entire follow graphs to your potential trust network. 10 people who each follow 100 others gives you access to 1,000 second-degree connections.
The math works in favor of early adopters. The people building their Nostr graphs now will have the deepest, most useful trust networks when the masses arrive.
Privacy First
One thing we refused to compromise on: your follow list stays yours.
The WoT system supports three modes:
- Local Mode: All calculations happen in your browser. Zero external requests. Maximum privacy.
- Remote Mode: Our Oracle handles the computation. Faster, but requires sending pubkey lookups.
- Hybrid Mode: Local-first with remote fallback for performance.
You choose your tradeoff. We don't choose it for you.
What You Can Build
We've open-sourced everything:
- Browser extension with the
window.nostr.wotAPI - nostr-wot-sdk npm package with TypeScript support and React hooks
- REST API for server-side integration
- Self-hostable Oracle backend
Some ideas we're excited about:
- Client filtering: Show/hide content based on social distance
- Marketplace reputation: Trust scores for buyers and sellers
- Content curation: Surface posts from people your network respects
- Spam prevention: Require minimum trust scores to interact
The infrastructure is MIT-licensed. Build whatever you want.
The Bigger Picture
Web of trust isn't just about spam filtering. It's about building reputation systems that don't require centralized authority.
Credit scores are centralized. Professional certifications are centralized. Even "verified" badges on social platforms are centralized.
What if reputation could emerge from your actual social connections? What if your credibility came from who vouches for you, not from who issues your credentials?
That's the future we're building toward. Nostr WoT is one piece of it.
Try It
Visit nostr-wot.com to install the browser extension. Connect your Nostr account. Watch as the noise fades and the signal gets clearer.
If you're a developer, check out the SDK documentation and start building. The protocol is simple. The possibilities aren't.
This is one of our open-source projects supporting the Bitcoin and Nostr communities. See all our projects at /projects.
Written by Dandelion Labs