If you had a way to preserve your nostr identity so that you could recover from someone compromising your nsec and it required writing a note in your nostr client, would you do it?
Repost for visibility, want to see what people think.
Discussion
Sounds mysterious. Likely yes but curious how it would work. Similar to your exit thing but nostr—>nostr?
Yes
🤔
yessir
Yes, please.
Sounds good.
💯
Interested. What does “preserve” and “recover” your identity mean in this context?
Recover means changing npub and hinting in an unforgeable way that your followers should follow you in a new npub and complaint clients auto following the new npub after a period of time
Would you need your old nsec to do this? i.e. would this work if your nsec was lost?
Cool. Yes I like that idea. Losing your social graph is probably the most devastating part I can imagine of your key becoming compromised. Could it potentially be coupled with a way to migrate certain content to your new key pair, like if you had a backup of old notes that you trusted? It wouldn’t matter so much for many short notes and replies, but for others such as articles or something you want to maintain for historical reference, it would be good to have a way to migrate them to a new account.
Yes
Don’t fully understand, but generally yes I think social recovery is a great model
Yes
Yes but how would you be able to prove it’s you?
You write it before you lose the nsec
Sign me the fuck up 
As long as the UX was seamless. As I said in another comment just a few minutes ago, the only thing saving people from their own carelessness with their passwords is the ability to change them.
Yes if it involves climbing a mountain
#proofofwork
Not sure what you mean by preserve identity. If the nsec has been compromised I can't use it anymore.
Need to burn it and create a new key pair.
So I guess what I would need in this case is a way to validate to my followers that the new npub I'm posting with is really me so they can follow.
Of course. I’m intrigued
Yes.
This is what I thought too. Would be tough, an imposter could claim to be you with a stolen nsec
If you whitelist a key before your attacker then no, you can move to a new key and your attacker can’t.
Hence the question 😅
Yes
Futile if i already have.
Maybe something to keep busy when prisoned for war crimes.
yep
yes.
Yes
Yes
Add me to those that don’t understand. Explain it as if I still wear a mask outside.
Oh yes!
Yes, but what can you write in a note that someone else cannot write in a note when your nsec is compromised?
You do it before the nsec gets compromised
What you have defined as a safe note. If one gets both your nsec and your safe note then you are done.
Read the NIP PR if you want the details of how it works
Are you already building a micro-site for this?
Yup. 😄
The idea is that one person comes up with a great idea and others implement it, 7 of 21.
I like delegation. Years ago I implemented such a thing from the start in Rein. There I called it a master key and a delegate. The master key was there just to sign the "profile" the delegated one was held by the client. https://github.com/ReinProject/python-rein/#address-generation
you mean posting something like:
“if this nsec is ever compromised, I will begin posting with npub1xyz”
I mean, yeah sounds legit to me.
That’s what I thought of too, but he said that wouldn’t work. TBH, I don’t fully understand why but he knows a lot more than me.
nostr:note142e8nwwk5ff5t4vrtw4qsc326vgvn3sewcy00je4sxwuk6kqr4us9dauz0
> you need anchoring to something that can’t be trivially reordered.
so bake the current block height into the message?
it’s signed so it cannot be tampered with.
Yes but how does it work?
See NIP-41 😊
Does it exist? 
Check PRs, I’m on mobile
Got it, thanks! Here's the link for anyone following: https://github.com/nostr-protocol/nips/blob/pf7z-nip41/41.md
Now imagine if clients could automatically follow your new npub and mark your old npub as compromised
For us idiots. You set a “safe note” privately that once your nsec gets compromised you can use that safe note to recover account. Basically you just post a note with identical text, to get a new nsec and npub, with all the followers and notes assigned to the new keys. Is that it? Does old keys and notes get purged?
Good idea.
I've been thinking about this also. For now, before we have a technical solution, we could post a note and keep it in our public bookmarks.
Below is the Npub of my account backup #1. I have set my main account to follow my backup account. I will keep the robot avatar for my backup until I use it.
Possible hashtags to find the note:
#Npub
#MyNpub
#MyNostrBackup
#LeoFernevak
#MyNostrLeoFernevak
#MyNostrBackupLeoFernevak
#NpubLeoFernevak
nostr:npub10zc33xkmfem467vpaj53uve4zsaqtdqcpxmvecs0mezt9zg8m80qpem883
An attacker would delete this note; you can rebroadcast it but they could publish a backdated note with different npubs 🤷♂️
Yes, that's why a whitelisting is a good idea.
For now, I verified my Nostr backup account via Twitter/X, until a proper solution is in place. Link:
I proposed this in March. Would be neat if there was a more elegant/smooth way to do it:
——
Subject: Suggestion on a method to ensure continuity of your identity if your nsec is ever compromised, without relying on 3rd party verification
Problem: Unless your Nostr npub is tied to an external identity (ie you have a podcast, website, twitter handle, etc) that can be used to re-validate your identity, compromise of your nsec means there is no reliable way to confirm that another npub is actually yours. You can’t use the old keys to confirm its you using the new keys because it could be anyone using your compromised key to pose as the new you.
Solution: I think a simple way to solve this is to pre-verify that you own a particular npub (a set of backup keys) that can be used in the future to reestablish your identity. In the event your nsec in compromised at a future time, you can use the uncompromised backup nsec to point people to your new pubkey.
Example sequence of events:
Event 1: Publish note from npub1: “npub2 is my backup npub. I confirm I own it and will only use it to inform of my new npub3 in the future if nsec1 is compromised”
Event 2 (future/eventual possibility): nsec1 is accidentally compromised, user initiates switch protocol
Event 3: publish note from npub2: “npub1 is compromised, I am moving to npub3 which is___”
Event 4: publish note from npub1 (compromised but followed by others) and npub3: “I am back on Nostr. You can confirm npub3 is a continuation of npub1 by referencing npub1 note ___ and npub2 note___. Please follow me at npub3 and stop following me on the compromised npub1” No one else can use npub1 to claim a fake new account because they can’t publish to npub2 and you can use npub2 to deny any imposters claims.
Conclusion: Not super elegant but it works without relying on 3rd parties like twitter accounts. Obviously your nsec2 needs to be kept away from all systems that use nsec1 so it doesn’t get compromised in whatever compromised nsec1.
That wouldn’t work; you need anchoring to something that can’t be trivially reordered. I am proposing to use NIP-03 stamping for event ordering.
D’oh!
I guess I’m not technically competent enough to know that you’d be able to reorder what was previously published on others relays. I didn’t think fully deleting or changing past notes was fully possible on this protocol.
Is that even true if I ran my own relay?
Then you could hash everyone’s backup npub using a merkle tree and publish the final/top level hash to the Bitcoin blockchain a la open timestamps?
I would use something like this.
Nothing to contribute. Just interested in learning about it.
You already contributed. Thanks for letting us know 😊
Yes.
Yes, but I would expect that to be part of onboarding: Hey user, this is your pirvate key, store it safe, and here is you recovery key, store that somewhere else. Of course clients should offer that as a function to use at any time. Also the keys could be generated from easier to record seeds with enough entropy.
Yup and yup.
Although I would prefer clients not to bother you with something like that until you’ve used your account “enough” but that’s an implementation detail and up to clients to create different onboarding flows
Only if it works automatically for your followers. (Doing that properly seems like it belongs in a new kind, not a note, or if in a note it should be in a standard format)
It’s a new kind, I said note to not make distract since people might not know what events are.
And yeah, that’s the crux, if it’s automatic or not
Yep. It would be useful in that case.
Have a backup that people can follow. What I used to do on Twitter.
nostr:note1jfegwxtfg94lsrq9c3m47x9sfzy5qh6w6pvutrldqcjk28vknlls76l6m7
It sounds insane to hand over my keys but for something like nostr.. I might approach it differently if it becomes my universal passport for *everything* and gets used very heavily all the time.
I’m listening
Just saying in case the DM or other bug was to get out of hand. Still not sure if I unnecessarily worried about the DM private bookmarks yada yada bug. Anyways, it would suck to lose your id (🤔 perhaps could be a blessing in some other ways cuz of.... Social Dilemma 😅). Cheers 🤙
For someone big it could be a massive issue though. Imagine a celebrity with a mass following putting out links to a scam site for tickets for example. And the risk may be enough to put them off using the platform.
Have thought for some time that the best way to accomplish this is with a servant/master system. Servant pubkey is the main that you use regularly. Servant identifies a master pubkey, with the note that does so including a small snippet of signed text from the master. The master would ideally be a cold-storage derivation that sees nearly no use.
The master would only have one primary purpose, that being account replacement. It can send a note that identifies an account as burned, and identifies the replacement. Said note should be signable as airgapped. Clients would then swap over to the replacement and otherwise maintain continuity of messages.
Yes
Yep
absolutely. im curious how this would be handled though?
the TL;DR is:
* you publish a whitelisting event for your next npub, the event is timestamped (NIP-03)
* when your account is compromised you publish a migration event from your new key
whatever valid migration event points to the oldest (unforgeable due to timestamping) whitelisting event wins
What if the attacker publishes the migration event first?
you get a 60-day time window to publish a new migration event pointing to an older one
Thanks. I'll give it a read.
For the sake of being overly paranoid, the new key now holds a lot of power and must be tightly guarded and kept track of even though not in use, as it could at any time be used by anyone who has it to invalidate the old account. New fear unlocked 😅 But I like that it could at least be an option.
Looks simple, so yes
I have mentioned this before but I didn't get enough response on this. Let's how this goes.
Yep
Does it require putting something on a blockchain somewhere?
depends on how that note is validating, what is being stored, and where
Yes
I'd do it.
Sooo not sure if this input helps but I've always wondered why we can't create revocation keys or add expirations to the nsec for this exact reason. I like the notify of new key proposal but if we already have a workflow that works for gpg keys, then why not adopt it?
This makes the most sense to me since is thought through as an an end to end solution.
It depends.
If tjis means to submit my private key to another third party service i woild not because the risk that this third padty would be compromised is larger than a single entity.
Sure.
I think there should an application that someone could use to inspect if his or her nsec is not compromised.
If the application is possible, time lock event can be initiated if the account is found compromised. Doing that will enable the rightful owner to perform reset on his or her account.
I wrote a note about this type of issue yesterday. My feeling is that the key we use day to day should be a secondary key that can be changed by signing an event with a primary key (preferably a hardware one). Rationale being that the key used to log in day to day is frequently e posed to apps using it so is at a higher risk and should be quick and easy to drop.
For bigger social media users the 30 days could be pretty problematic as from my understanding the compromised key would still be what most clients see as the real identity.
What ways are you thinking?
Yeah , why not ? Seems like a good idea
No, I would just create a new anonymous identity nsec.
Yes.
No entiendo muy bien estas cosas técnicas pero joder que brutal el ambiente de desarrollo que hay aquí en #NOSTR
Definitely
This makes sense to me, nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft...
Have you gotten any strong objections or criticisms?🧐🤔😯
I‘d love to have this 🤩
A 2fa solution where you would sign a bitcoin address you own and it's set in your profile could also be used to nuke old npub and change to new, new profile would sign the same btc address.
I think we should just take good care of the nsec and use tools like nsecbunker when possible to generate disposable little nsecs.
Nostr identity won't go away by simply having the nsec compromised. We literally know each other on a good level to know someone is pretending to be someone else. Not saying it won't create confusion to start with, but I don't see it as horrible as losing a wallet seed phrase or more.
Improving UX could prevent the majority of such accidents without having to implement a complex solution that most won't be able to use anyway. Unless they could of course.
nostr:note1qmuakk7f6zr3h8x0ng7ryc8rw2f2vjdr2ka74ayvh4lxr4hrk3jswxuqcp
If it is simple to recover it.. people will definitely appreciate that feature.. in upcoming future our ID is the most important thing we'll have! 💜🎩⚡🧡 #thenostr
sounds dope
nope
I don't even care honestly. I would just start again.
If your nsec is compromised, isn't that gg?
Would you basically recover your note history to a new nsec while some other POS is masquerading as yourself?
I'm very interested to see what comes of this because I'd hate to "start over" god forbid.
the old npub would get muted
Yes.
Yes
Nsec + Passphrase 😅 (NIP-39?)
Yez
Nah. Much more concerned with protecting my spirituality & being a spiritual warrior for humanity. We all serve our own purposes 💜💁🏻♀️