If you had a way to preserve your nostr identity so that you could recover from someone compromising your nsec and it required writing a note in your nostr client, would you do it?
Repost for visibility, want to see what people think.
Thread
Login to reply
Replies ()
Have a backup that people can follow. What I used to do on Twitter.
View quoted note β
It sounds insane to hand over my keys but for something like nostr.. I might approach it differently if it becomes my universal passport for *everything* and gets used very heavily all the time.
Iβm listening
Just saying in case the DM or other bug was to get out of hand. Still not sure if I unnecessarily worried about the DM private bookmarks yada yada bug. Anyways, it would suck to lose your id (π€ perhaps could be a blessing in some other ways cuz of.... Social Dilemma π
). Cheers π€
For someone big it could be a massive issue though. Imagine a celebrity with a mass following putting out links to a scam site for tickets for example. And the risk may be enough to put them off using the platform.
Your nostr client is already compromised by then right?
Have thought for some time that the best way to accomplish this is with a servant/master system. Servant pubkey is the main that you use regularly. Servant identifies a master pubkey, with the note that does so including a small snippet of signed text from the master. The master would ideally be a cold-storage derivation that sees nearly no use.
The master would only have one primary purpose, that being account replacement. It can send a note that identifies an account as burned, and identifies the replacement. Said note should be signable as airgapped. Clients would then swap over to the replacement and otherwise maintain continuity of messages.
Yes
Yep
absolutely. im curious how this would be handled though?
the TL;DR is:
* you publish a whitelisting event for your next npub, the event is timestamped (NIP-03)
* when your account is compromised you publish a migration event from your new key
whatever valid migration event points to the oldest (unforgeable due to timestamping) whitelisting event wins
I like the sound of this.
What if the attacker publishes the migration event first?
For the sake of being overly paranoid, the new key now holds a lot of power and must be tightly guarded and kept track of even though not in use, as it could at any time be used by anyone who has it to invalidate the old account. New fear unlocked π
But I like that it could at least be an option.
you get a 60-day time window to publish a new migration event pointing to an older one
full spec: 
GitHub
NIP-41: simple account migration by pablof7z Β· Pull Request #829 Β· nostr-protocol/nips
This NIP introduces a simple way in which a pubkey can migrate to by whitelisting a new pubkey ahead of time.
TL;DR:
Pubkey A whitelists Pubkey B ...
yeah, but being careful with that key would be so much easier because you are not using it actively so there's no reason to go crazy entering the nsec in a million places
Thanks. I'll give it a read.
True.
Looks simple, so yes
I have mentioned this before but I didn't get enough response on this. Let's how this goes.
View quoted note β
Yep
Does it require putting something on a blockchain somewhere?
depends on how that note is validating, what is being stored, and where
Yes
I'd do it.
Sooo not sure if this input helps but I've always wondered why we can't create revocation keys or add expirations to the nsec for this exact reason. I like the notify of new key proposal but if we already have a workflow that works for gpg keys, then why not adopt it?
This makes the most sense to me since is thought through as an an end to end solution.
It depends.
If tjis means to submit my private key to another third party service i woild not because the risk that this third padty would be compromised is larger than a single entity.
View quoted note β
Sure.
I think there should an application that someone could use to inspect if his or her nsec is not compromised.
If the application is possible, time lock event can be initiated if the account is found compromised. Doing that will enable the rightful owner to perform reset on his or her account.
I wrote a note about this type of issue yesterday. My feeling is that the key we use day to day should be a secondary key that can be changed by signing an event with a primary key (preferably a hardware one). Rationale being that the key used to log in day to day is frequently e posed to apps using it so is at a higher risk and should be quick and easy to drop.
For bigger social media users the 30 days could be pretty problematic as from my understanding the compromised key would still be what most clients see as the real identity.
What ways are you thinking?
Yeah , why not ? Seems like a good idea
No, I would just create a new anonymous identity nsec.
Yes.
No entiendo muy bien estas cosas tΓ©cnicas pero joder que brutal el ambiente de desarrollo que hay aquΓ en #NOSTR
View quoted note β
Definitely
This makes sense to me, @PABLOF7z...
Have you gotten any strong objections or criticisms?π§π€π―
Iβd love to have this π€©
A 2fa solution where you would sign a bitcoin address you own and it's set in your profile could also be used to nuke old npub and change to new, new profile would sign the same btc address.
I think we should just take good care of the nsec and use tools like nsecbunker when possible to generate disposable little nsecs.
Nostr identity won't go away by simply having the nsec compromised. We literally know each other on a good level to know someone is pretending to be someone else. Not saying it won't create confusion to start with, but I don't see it as horrible as losing a wallet seed phrase or more.
Improving UX could prevent the majority of such accidents without having to implement a complex solution that most won't be able to use anyway. Unless they could of course.
View quoted note β
If it is simple to recover it.. people will definitely appreciate that feature.. in upcoming future our ID is the most important thing we'll have! ππ©β‘𧑠#thenostr
View quoted note β
sounds dope
nope
Your internet identity is so important lol
that means giving up sovereignty over your nsec so, no thanks
No, it doesnβt.
I don't even care honestly. I would just start again.
If your nsec is compromised, isn't that gg?
Would you basically recover your note history to a new nsec while some other POS is masquerading as yourself?
I'm very interested to see what comes of this because I'd hate to "start over" god forbid.
the old npub would get muted
Yes.
Yes
Nsec + Passphrase π
(NIP-39?)
Yez
Nah. Much more concerned with protecting my spirituality & being a spiritual warrior for humanity. We all serve our own purposes πππ»ββοΈ