A plain-language guide for people who are curious but don't want to wade through a whitepaper.
Nostr is often described as a decentralized Twitter alternative, and that's a fair starting point — but it's a bit like describing email as "a way to send memos." Technically true, wildly undersells it.
At its core, Nostr is a cryptographic identity and publishing protocol. Your identity is a key pair — a public key and a private key — and anything signed with that key pair is verifiably yours. What you do with that identity depends entirely on the client you're using. Right now most clients are social feeds, but the same identity works for marketplaces, collaborative documents, encrypted messaging, code repositories, live streams, and anything else developers choose to build.
The practical upshot: your Nostr identity is portable to any application that supports Nostr login. You don't have a "Nostr social media account." You have a cryptographic identity that you can use anywhere Nostr is spoken. Switch clients, switch use cases — you're still you.
Because Nostr is open and permissionless, it's raw. No curated feed deciding what you see. No algorithm nudging you toward outrage. No safety net if you lose your private key. You get real freedom, which means real responsibility. Most people find that refreshing. Some find it exhausting.
When you "create an account" on Nostr, what actually happens is a key pair gets generated — a public key and a private key. That's your entire identity. No email address, no phone number, no password reset. Just two long strings of characters.
The npub is your public address — think of it like your username. Anyone can see it, anyone can send you messages, and you can tell people to look you up by it.
The nsec is your private signing key. Every post, follow, reaction — everything you publish on Nostr is cryptographically signed with your nsec. That's how relays and clients know a message actually came from you. It also means: if someone gets your nsec, they are you. They can post, delete, follow, and do anything you can do. There is no recovery. No support ticket, no "forgot password" flow. That key is gone and so is your account.
Write it down on paper. Store it somewhere physically safe. Some people keep it in a password manager as a fallback. Most clients will show you your nsec once and expect you to handle it. Don't skip this step.
Most modern clients support browser extensions (like Alby or nos2x) or native phone apps that hold your key so you never have to paste it into a website. This is the recommended way to use Nostr — your nsec stays in the app or extension, and clients just request signatures without ever seeing the key itself.
Relays are the servers that store and forward your messages. When you publish a post, your client sends it to whatever relays you've configured. When someone wants to read your posts, their client asks those relays for your events.
Here's what makes relays different from a normal social media server: they're dumb. A relay doesn't know what's important, doesn't rank your content, and doesn't decide what your followers see. It just stores events and answers queries. All the logic lives in the client.
You can connect to as many relays as you want simultaneously. Most clients let you add a list. This is important for two reasons:
That's just how the protocol works — your events arrive in plaintext (unless encrypted, like DMs). A relay operator with bad intentions could log your IP and read your public posts. A VPN is the easiest way to hide your IP from relay operators. For stronger anonymity, Tor or I2P are better options — this relay supports both. If you want zero trust, run your own relay.
Nostr has no algorithm deciding what you see. Your feed is literally just: the recent posts from people you follow, in chronological order, from relays you've configured. That's it. No "you might also like," no promoted posts, no outrage bait boosted because it got engagement.
This is great once you get used to it. It's also your responsibility. A few things that help:
Nostr tends to work best for people who engage — reply, zap, share. Doom-scrolling a passive feed is fine, but the protocol has no incentive structure pushing you toward addiction the way traditional social media does. What you put in is roughly what you get out.
A client is just an app that speaks the Nostr protocol. Because the protocol is open, anyone can build one — and many people have. Your keys work on all of them. Switching clients doesn't mean starting over; your follows, your posts, your identity come with you.
Try a few and see what fits. Amethyst is the most feature-packed Android option. Coracle and Snort are solid web clients. noStrudel is great once you know your way around but can be overwhelming at first.
Pasting your nsec into a website is a bad habit — if the site is compromised, your key is gone. Browser extensions solve this cleanly: you import your key once into the extension, and web clients request signatures through a standard API (NIP-07) without ever seeing the key itself. Think of it as a software signing device that lives in your browser toolbar.
Alby is the most full-featured — it handles both Nostr signing and Lightning payments, so you can zap directly from your browser without a separate wallet extension. If you just want a no-frills signer, nos2x (Chrome) or nos2x-fox (Firefox) are the lightest options. Safari users on Mac or iPhone should look at Nostore.
On mobile, some Nostr apps store your key internally and handle signing themselves. That works fine, but it means your key is spread across every app you install. A dedicated signer app is a better model: one app holds the key, and other Nostr apps on the same phone request signatures through a standard interface — your key never leaves the signer.
Android users: install Amber first, import your key there, then install clients like Amethyst or Yana and connect them to Amber. Those apps will never see your nsec — they ask Amber to sign on their behalf. This is the cleanest setup on Android.
iOS users: there's no Amber equivalent for iOS yet. Damus and Nostur both handle key storage internally — they're solid and well-maintained, just be aware each app holds a copy of your key. The Nostore browser extension covers Safari-based web clients if you prefer that route.
One thing Nostr does that other social networks don't: native micropayments. If someone posts something you like, you can "zap" them — send a small Bitcoin payment over the Lightning Network directly from your client. No credit card, no platform cut, no minimum withdrawal threshold. Just sats, instantly, peer to peer.
This changes the culture in subtle ways. Zapping a good post is a stronger signal than a like. It rewards creators directly. And because it's real money moving (even if small), people tend to be more deliberate about what they publish and interact with.
To send and receive zaps you need a Lightning wallet with a Lightning Address
(e.g. you@wallet.com).
You enter it in your Nostr profile and zaps start flowing. A few options worth considering:
Custodial wallets (Rizful, Coinos, Alby) are easier to start with — someone else manages the node. Self-custodial (Phoenix, Zeus) means you own the funds outright but there's more setup involved. For small zap amounts, custodial is fine. For larger balances, self-custody is worth the effort.
Worth setting expectations clearly:
Set up an account on the portal to access file hosting, NIP-05 identity, and the paid relay.