NIP-85: How Web of Trust Scoring Works on Nostr

The Spam Problem

Nostr has no central authority deciding who's real and who's a bot. That's the point — censorship resistance. But it means every client has to solve spam on its own.

The follow graph is the answer. 51,000+ pubkeys and 622,000+ follow relationships form a trust network. If you follow someone, and they follow someone, that second-degree connection carries signal. PageRank, the algorithm Google used for web search, turns this graph into trust scores.

What is NIP-85?

NIP-85 defines five Nostr event kinds for publishing trust data:

• Kind 30382 — Rank assertions. A trust provider publishes a normalized score (0-100) for each pubkey. Clients subscribe to these to get trust data without computing it themselves.
• Kind 10040 — Provider metadata. Declares the trust provider's identity, scoring method, and update frequency. Clients use this to discover and validate providers.
• Kind 30383 — Graph summaries. Aggregate stats about the trust graph (node count, edge count, score distributions). Useful for monitoring network health.
• Kind 10041 — Provider status. Real-time health signals so clients know if a provider's data is fresh.
• Kind 30384 — Authorization events. Defines which pubkeys a provider considers "authorized" for specific roles.

The key insight: trust scoring is expensive to compute but cheap to verify. NIP-85 lets specialized providers do the heavy computation and publish results as signed Nostr events that anyone can verify.

How PageRank Applies

The Nostr follow graph is a directed graph — following someone is a one-way signal. PageRank assigns each node a score based on:

1. Who follows you — follows from high-score accounts count more
2. How connected your followers are — recursive trust propagation
3. Graph topology — accounts that bridge communities score higher than isolated clusters

After 20 iterations of the PageRank algorithm across 51K nodes, the scores stabilize. We normalize to 0-100 for human readability. The top accounts (jb55, fiatjaf, hodlbod) naturally emerge at the top — exactly who you'd expect in a trust-based ranking.

Beyond PageRank: Multi-Signal Analysis

Raw PageRank is a good start, but sophisticated spam requires sophisticated detection. Our scoring engine adds:

• Sybil detection — 8 behavioral signals (follower quality, mutual trust ratio, diversity score, activity patterns) combined into a classification
• Follow quality analysis — entropy-based diversity measurement of a pubkey's follow list
• Anomaly detection — identifies ghost followers, score-rank divergence, and unusual activity patterns
• Cross-provider verification — compares scores from multiple NIP-85 providers for consensus

Try It

The WoT Scoring API is live at wot.klabo.world with 49 endpoints and an interactive demo dashboard:

• Demo: wot.klabo.world/demo — search any pubkey, see trust scores, sybil analysis, follow quality, and more
• API Docs: wot.klabo.world/docs
• Quick score: curl wot.klabo.world/score?pubkey=HEX_PUBKEY

50 free requests per day. L402 paywall for heavy use (21 sats per query). If you're building a Nostr client, the JavaScript SDK gives you typed access to all endpoints.

What's Next

We're presenting the scoring engine at the WoT-a-thon on February 12 (4pm UTC on Zap.Stream). The full NIP-85 implementation covers all five event kinds and scores the entire Nostr follow graph in real-time.

The goal: make trust scoring as easy as one API call, so every client can fight spam without building their own graph infrastructure.