Repeatedly nuked profile's avatar
Repeatedly nuked profile 2 months ago
Nostr cannot be that protocol without a hard fork. I've long thought the best way to mitigate the damage from losing an nsec, be it losing in the sense of exposing or just plain old losing the thing, is to make that loss less of a big deal. Because if normies ever adopt nostr they will lose their nsecs right and left. This means pushing nostr to more disposable use cases. Going down this trust route does the opposite. It increases the price for losing your nsec, and it increases it by an astronomical amount. If after months or years of trust-building you lose your nsec you’ll be forced to realise that all that trust was never in you: it was always in your nsec. You the human being have accumulated nothing. Now you have to start from zero, an incredibly demotivating proposition. Would you have the energy? Worse still, if your nsec was exposed then whoever has access to it can abuse all that trust for as long as there is still juice in the orange. So from disposable nsecs we move to priceless nsecs or even sacred nsecs. It’s just not viable. If nostr has any hope of expanding outside this small and nerdy group the protocol will have to account for mass loss of nsecs. Also few here can imagine what nostr would be like if there was a black market for stolen nsecs. But if nostr ever does get bigger and become the protocol of trust in the way you describe then there would emerge such a market, including for nsecs that are exposed but that the original nsec holder has no idea are exposed. For a sufficiently motivated and malicious group, this would be fish in a barrel. The common response to this is “we’ll just fix signers” (and then nobody will ever lose their nsec ever so problem solved?) but the truth is that key management on nostr is a deeply fundamental problem that cannot be fixed for normies with a dash of Amber or a pinch of Frost. Or heaven forbid NIP46. There are many reasons why I think so, and don't get me started on iOS, but I’ll leave those for now, sufficed to say that I’m in the signers ain't gonna fix this camp. Nostr has the basics, but if it’s to be what you say then it'll need a hard fork, to incorporate Farcaster-like “vouched re-spawning”, though without a blockchain. Without a hard fork, though, there is just no way.
↑ Parent

Replies (2)

Tim Bouma's avatar
Tim Bouma trbouma@safebox.dev 2 months ago
The approach I’ve taken is that every component has its own nsec. If it gets compromised, it can be thrown away. I don’t want to touch anyone’s social nsec.