Imagine an nsec leak on the scale of other ordinary data breaches. Suddenly your access key is splashed all over the dark web and spammers start using your identity before you even realize it, and there’s no way to stop them. You literally have to abandon your entire online persona.
Discussion
My online persona is currently 2 websites, a few offline domains, a several year history on Instagram, really old cringy websites that can probably be found via the Wayback Machine, and possibly some ancient Usenet posts. None of which are associated with my nsec.
I do think we’ll get to the level of nsecs being as encompassing as your example, and I understand your concern and point. For now, I want to give ZBD the benefit of the doubt and see what they develop. 🫂
I suggest you listen to a few of nostr:npub1h8nk2346qezka5cpm8jjh3yl5j88pf4ly2ptu7s6uu55wcfqy0wq36rpev’s podcasts and maybe you’ll have a different outlook.
Ok, thanks for the link. 👍
Oh?!
The horror.
Are you talking about the nostr:npub1h2qfjpnxau9k7ja9qkf50043xfpfy8j5v60xsqryef64y44puwnq28w8ch leak?
this is from almost 2 years ago
Correct. I’m comparing it to something that happened over a while ago when there was a client that stored nsecs on its servers instead of using the app to sign directly. People abandoned their profiles over this.
nostr:note1mm7rmag94uyt9wgydt7sfl3dcnl87t9qwtyakxswfvmqr9erq0dqmzf672
Did you import your nsec into nostr:npub1h2qfjpnxau9k7ja9qkf50043xfpfy8j5v60xsqryef64y44puwnq28w8ch … I did and now I regret it
I did not, and if you did, you might want to move to a new one.
That would mean creating a new npub from scratch 😒
It would, and moving your NIP-05 to the new one, posting a forwarding message, following everyone you currently follow from the new profile, and “deleting” the old one from your client, for what it’s worth.
How do you move your NIP-05 🤔
You’re using Alby, so you’d remove it from the current profile in your client, add it to the new one, and update the Nostr Address setting with the new npub in your Alby dashboard.
If you’re using the Alby browser extension you can use the nsec it generated for you if it’s not the one you currently use, or replace it with a new one manually.
Awesome 👏
Thanks so much!!
But this would mean abandoning my nostr:npub12vkcxr0luzwp8e673v29eqjhrr7p9vqq8asav85swaepclllj09sylpugg NIP-05 and ln address
PGP solved this with revocation certificates. There were attempts like NIP-41 to propose the same for Nostr - mark your compromised key as dead and migrate. But I agree a nsec leak sucks in the short term.
Everyone wants to create shiny new objects on nostr that a grand total of 6 people will actually use, yet this problem is still just sitting out there that affects everyone. I wish key rotation was an option, in the meantime though, anything asking for an nsec that isnt a signer needs to be nuked from orbit.