21: Hashtree, Nostr VPN, and Iris w/ Martti Malmi

"We have this window of opportunity to steer the LLMs and the future of technology into a freedom-tech direction."

Martti Malmi & Gigi take a walk in Madeira. Recorded during SEC-07.

Listen on sovereignengineering.io

In this dialogue:

• Martti's GitHub annoyance spawned Hashtree: a content-addressed file system on top of Blossom that adds directories, file chunking, and encryption. Everything encrypted by default using content hash key encryption (inspired by Freenet), so Blossom server operators have cryptographic deniability about what they host.
• git remote hashtree: set up a hashtree remote for any Git repo, push to your Blossom server. Martti uses it for all Iris development, with GitHub only as a backup mirror. The web interface at git.iris.to supports NIP-34 issues and pull requests.
• The WebRTC mesh layer complements Blossom: peers find each other via Nostr relays for the initial handshake, then communicate directly. Requests route through peers with hops-to-live (starts around 15, probabilistically varied for privacy). No domain names, TLS certs, or IP addresses needed.
• Iris Browser loads apps from Hashtree URLs, bypassing web hosting entirely. Same idea as the old Freenet concept: content addressing means links don't break when servers go down.
• Nostr VPN was born from Martti's refusal to use Tailscale's Google/GitHub login. Built in two days. WireGuard underneath, Nostr relays for peer discovery and IP negotiation. Every device gets an npub. Exit node functionality coming, with a future Cashu-incentivized exit node marketplace.
• Double Ratchet messaging on Nostr: works well for two-party sessions, complexity grows with multi-device per user and group chats. Tested at SEC-07 via chat.iris.to with QR code invites. Martti prefers Double Ratchet over MLS for Nostr because MLS has stricter consensus requirements that conflict with decentralized relay sets.
• "Coding is going to be done by AI agents pretty soon." Martti writes basically zero code by hand now, vibecoding over tradcoding. Claude Opus (late 2025) was the inflection point that enabled Hashtree. He expects fully capable local models within a year.
• The window of opportunity: if freedom tech developers stop building now, Stripe, Cloudflare, and GitHub win by default because that's all the LLMs know. Getting freedom tech into the training data matters while models are still being shaped. Gwern wrote about this dynamic years ago in Bitcoin is Worse is Better, and his Scaling Hypothesis hints at where the AI side is headed.
• AI agents will eat network effects: your agent queries ten platforms, posts to all of them. The bundled interface becomes irrelevant. Big tech's moat dissolves. "An ouroboros effect, the snake of big tech eating its own tail." As Jack Dorsey recently put it, the killer feature of Bitcoin and Nostr is that they're permissionless.
• Pre-Nostr, Martti built Iris on Gun.js as a public-key-based social network. No traction after two or three years. When Jack Dorsey joined Nostr and it gained community, Martti ported Iris over quickly.
• The Ethereum confession: social nouns NFTs, Ethereum login in early Iris. "Every saint has a past, every sinner a future." The Bitcoin community's cultural friction was an interesting experience, but Martti found the maximalists more admirable than other groups.
• Early Bitcoin: first commit around early 2010, ran bitcoin.org, built the first exchange (bitcoinmarket.com), sold over 30,000 bitcoins through it. Life happened, moved on, came back through Nostr. "Bitcoin is singularity insurance" -- the one thing machines can't make more of.
• Web of trust vs. proof of work for fighting spam: PoW won't stop spammers more than it stops normal users. Social graph is the only proper solution for most interactions. A combination of both has its place, but WoT does the heavy lifting.
• Identity is prismatic: as moot argued in his SXSW talk, you're not the same person at church, the nightclub, or work. Nostr enables multiple npubs for different contexts. But spam is the trade-off with free identity creation, and social graph is the only proper solution. Web of trust filtering in Iris means no NSFW spam, at the cost of possibly missing new users.
• Content addressing as the foundation: files live in multiple places, links don't break, peers cache data from their social graph. DNS-like caching but without the hierarchical trust. "No global" is a feature.
• Local agents as a privacy layer: if your AI agent is your interface, platforms can't fingerprint your typing patterns. Even traffic analysis becomes harder with noise-based bandwidth usage.
• FIPS is Martti's most exciting Nostr project outside his own work: public key-based network routing that replaces IP addresses. Low-level infrastructure that could underpin everything else.
• FIPS is Martti's most exciting Nostr project outside his own work: public key-based network routing that replaces IP addresses. Low-level infrastructure that could underpin everything else.
• SovEng experience: "awesome", intense from morning to evening, a teenage dream of hacking with people on a beautiful island. Came on short notice after Jonathan reached out following the Nostr VPN release.
• Martti's ask: use Hashtree, default your repos to hashtree remotes, solve real problems. "Nostr VPN actually solved a real problem. Scratch your own itch."

People mentioned:

• Justin Moon (browser discussion, GitHub stars feature request)
• Jonathan Corgan (FIPS creator, invited Martti to Madeira)
• Pablo (Nostr Signer / Nsec Bunker)
• Kieran (social graph library usage in Snort/ZapStream)
• Knut Svanholm ( early Bitcoin history conversation with Martti)
• Gwern ( Dwarkesh interview)
• utxo the webmaster (Wisp creator)
• jb55 (Damus / Notedeck)
• Christopher Poole / moot (4chan founder)
• Vitor Pamplona (Amethyst)
• isolabellart (Nostr-native artist, isolabellart.it.com)
• Sir Sleepy (prismatic identity)
• Jack Dorsey

Projects & tech mentioned:

• Hashtree (content-addressed file system on top of Blossom: directories, file chunking, encryption by default)
• git remote hashtree (decentralized Git using Hashtree storage, replacing GitHub remotes)
• git.iris.to (web-based Git interface with NIP-34 support: issues, pull requests, likes)
• Iris (Nostr social client with built-in social graph filtering)
• Iris Browser (loads websites and apps from Hashtree URLs in a content-addressed way)
• Nostr VPN (WireGuard tunnels using Nostr relays for peer discovery and signaling, no accounts needed)
• Nostr Double Ratchet (Signal-style encrypted messaging on Nostr with group chat support, demo at chat.iris.to)
• Blossom (content-addressed blob storage)
• WebRTC mesh (peer-to-peer data transfer, works in browsers and servers, probabilistic routing with hops-to-live)
• FIPS (Nostr public key-based network routing, by Jonathan Corgan)
• Reticulum (low-bandwidth mesh networking stack)
• LoRa (long-range, low-power radio for mesh networking)
• MLS / White Noise (encrypted group messaging on Nostr)
• Marmot Protocol (encrypted messaging protocol for Nostr)
• Freenet (early content-addressed peer-to-peer network, inspiration for Hashtree's encryption)
• Ladybird (independent browser implementation)
• OpenClaw (open-source AI agent harness)
• Cashu (eCash on Bitcoin, future incentivized exit node payments)
• Maple (privacy-preserving AI inference)
• Trusting Trust (the problem of trust in computing)
• Routstr (Nostr-based AI routing)
• PPQ (decentralized AI inference)
• Amber (Nostr signer for Android)
• Aegis (Nostr signer for iOS)
• Plebeian Market (Nostr marketplace)
• Shopstr (Nostr marketplace)
• Amethyst (Nostr client for Android)
• Wisp (Nostr micro-client)
• Damus Notedeck (Nostr client with app shell, built on nostrdb)
• ContextVM (execution environment for Nostr)
• Vertex (web of trust tools)
• Relatr (relay-side WoT filtering on ContextVM)
• Eternal September (what happens when a subculture scales)
• Zooko's Triangle (the naming trilemma: human-meaningful, secure, decentralized)
• nsite (Nostr-based web hosting)
• Commander Keen (DOS-era classic)
• IPX/SPX (LAN party networking protocol)
• Pirate Bay (decentralized resilience patterns that Nostr echoes, Peter Sunde: "I Have Given Up", keynote)

Recorded at 943,634.