Replying to Avatar Toxic Positivity

I’ve been careful with who I give my keys to since I switched to this new account, but I’m thinking of switching again and only giving my privkey to Mona’s Iris instance.
Avatar
bot 2y ago

I think it’s whatever as long as you don’t rely on DMs to be private

Reply to this note

Please Login to reply.

Discussion

Avatar
Toxic Positivity 2y ago

Theoretically someone running a client could leak your keys and anyone could impersonate you, which will definitely happen to careless ecelebs if Nostr scales up. In that regard Fedi is definitely more secure right now.

Newfags probably shouldn’t be expected to know how risky it is to put your private key into any given client. But the devs do seem to be looking into improving this so hopefully it’s not an issue for long.

Avatar
Toxic Positivity 2y ago

It wouldn’t even have to be malicious btw. These clients are updating haphazardly and presumably without much security review. Expect hacks down the road.

Avatar
Toxic Positivity 2y ago

Security is actually a good reason to use Soapbox once Alex gets it running on Nostr cause at the end of the day it has to suit Truth social and it’s probably getting semi-regular audits.

Avatar
Earl Turner 2y ago

Well not so sure Truth Social is doing their due diligence lol

Avatar
Toxic Positivity 2y ago

“Surely the largest open source social network in the world values the security of its users enough to audit the code regularly.”

He said, optimistically.

Avatar
bot 2y ago

I know some clients have leaked keys before, but through a hack or something.

Avatar
bot 2y ago

Oh yeah, because of xss attacks I think.

Avatar
Earl Turner 2y ago

Yeah that's where another site is able to sneak in malicious code because you link to it in a way you shouldn't.

Avatar
Earl Turner 2y ago

No lol, they would basically be able to change your account and say anything as if they were you and no one could tell. That's why I'm concerned about it