Replying to Avatar Vitor Pamplona

Hear me out: A Nostr Service where you can send leaked private keys to:

1. delete everything from those keys everywhere

2. watch for new posts from those keys and delete them as well, forever.

The main idea is to block attackers from using your keys.

The second idea is to let everyone know that their info can indeed be deleted at any time if a person gets your key. If you are using relays that accept deletion events, your Nostr content can be purged from existence.

Have your backups. Don't think relays will be there for you when this happens.
Avatar
t4es5ter5 2y ago

What if someone steals your key and send it to those service? Then you are erased forever.

Reply to this note

Please Login to reply.

Discussion

Avatar
t4es5ter5 2y ago

SO I strongly disagree. Never allow delete. Maybe a flag per client

Avatar
Aurora 2y ago

Definitely need to think through bad actor possibilities but it’s a great idea to start with.

Avatar
t4es5ter5 2y ago

You cannot avoid bad actor behaviour. That's also why bitcoin transactions are irreversable.

Avatar
Aurora 2y ago

I agree that bad actor behavior can’t be avoided. I also think it can be mitigated.

Avatar
t4es5ter5 2y ago

Well, we will see (hopefully not). I stick to my idea deletion of keys should be avoided at all costs. Bitcoin proves us this...

Avatar
Aurora 2y ago

I haven’t thought through it enough but I do fundamentally believe in giving users the ability to delete. I’d rather think about how to make this possible and how to address any potential risks and flaws, instead of focusing on the things that make it difficult and allowing that to lead the way.

Avatar
t4es5ter5 2y ago

Maybe move all deleted data to some relay which contains all the deleted keys or something like that indeed.... Maybe there are possibilities

Avatar
Vitor Pamplona 2y ago

If your keys leak:

1. How do you know if the events you are downloading were made by you and not the attacker? The attacker can insert events in the past...

2. The attacker can start deleting as soon as it sees your keys. With or without this service.

Avatar
Aurora 2y ago

What are you thinking through here? Are you still arguing in favor of deleting?

1. I didn’t understand this point very well sorry. But I didn’t know it was possible to insert events in the past. (Am not a developer). Interesting.

2. When you say the attacker can start deleting, does that mean that there is already some functionality that allows deleting (and actually guarantees it)? I thought as of now it’s impossible to delete.

Avatar
Vitor Pamplona 2y ago

There is a "request to delete" event you can sign and send to relays. Most of them will delete your post by now. So, if your keys leak, it doesn't matter if this service exists or now, they can just send a bunch of delete events, signed as you, while at the same time add new, fake ones, with whatever they want to scam your followers with.

Avatar
Aurora 2y ago

Yeah. Dangerous.

There could also be a “bad actor” relay though right? That doesn’t comply with delete requests and is just storing things for some potentially evil purpose?

Avatar
Vitor Pamplona 2y ago

Yep.

Avatar
Aurora 2y ago

I think it would be worthwhile for someone to start making personal internet security tools for nostr. I don’t know if I phrased that right. But basically personal cybersecurity. I would pay for that.

Avatar
t4es5ter5 2y ago

💯