Thread - Nostr Hypermedia

Something to think about for nostr - the fact that there are no recovery mechanisms.

Rizzo

TWITTER HACK UPDATE After a week of trying to address my Twitter hack, I just woke up to find it’s happening again. I’m locked out of my account, no access, scam tweets on my profile. I have tried EVERYTHING to get my account back to normal: - Yubikey - Changing password 10 times - Changing email on account - Remove 3rd party apps - Remove developer apps NOTHING IS WORKING I keep asking for help and getting nothing. I put a lot of time into my account. After 10 years of work in this industry Twitter is what allowed me to be recognized. It’s the only reason people care about my work and now it’s being stolen and it’s honestly so fucking embarrassing and painful. I know many people will laugh. They feel like I deserve it for running an engagement account. Anyway, I am asking for help. I honestly have no idea what to do

View quoted note →

Replies (16)

Nour _@nour.space 2 years ago

Let's get something similar to Ledger's recovery featute...Not

3 replies ↓

Cannibal cannibal@nostrplebs.com 2 years ago

Agreed, there has to be a way to recover the keys on Nostr.

HoloKat 2 years ago

😂

HoloKat 2 years ago

It’s actually not too terrible of an idea for anyone who wants to participate. But I don’t know if that’s even possible on nostr?

2 replies ↓

HoloKat 2 years ago

Key recovery is probably not as critical as having the ability to transfer followers.

3 replies ↓

tisza tisza@runbitcoin.net 2 years ago

Follow based on nip5? Would make more sense for those that have their own domains as they authenticate the address. 🤷🏽‍♂️

2 replies ↓

tisza tisza@runbitcoin.net 2 years ago

Could be a client based solution. As I don’t think that would work at the protocol level.

Nour _@nour.space 2 years ago

I think nsecBunker by @PABLOF7z offers a way by generating short lived sub keys and using these instead of the master one.

2 replies ↓

⚡️🌱🌙 Stu@stuartellison.com 2 years ago

Maybe followers should attach to NIP-05 data in addition to pubkey? This would effectively operate as 2FA.

1 replies ↓

Nour _@nour.space 2 years ago

Using nip5 domains in the mix to identify a profile and its followers might work. But wouldn't this open an attack vector? There is no way to recover sats from a lost wallet after all. Self-custody is a tough job and a great responsibility. If you lose it, you lose it.

1 replies ↓

HoloKat 2 years ago

🤷‍♂️

HoloKat 2 years ago

Yes it would. I’m not sure what the solution is - just throwing thoughts out there and resharing so mega brains can think it through.

HoloKat 2 years ago

That’s an interesting idea and could be a good failsafe 🤔

HoloKat 2 years ago

This is the way!

PABLOF7z _@f7z.io 2 years ago

yup

Ronin ronin@nostrplebs.com 2 years ago

It's a hard problem to solve and I think there is no one fix all solution, it was already discussed somewhere on Nostr github. My thoughts are that the user could choose revoke methods and relays that implement them, one method could be using something you own let's say a bitcoin address, that you would publicly put on your profile as a revoke mechanism, then you would send a tx to the relay address from your btc address would be proof that your account is revoked. Another way could be you set npubs for social recovery.