People still consider purple check mark ✅ here #asknostr
Discussion
That would go along with the key if it were compromised, right?
No, not necessarily. You own the website (ideally) or the account that provides your nostr address and points to your nostr account.
You can invalidate it and point it to another account if your key is compromised, but you may still need to run a marketing campaign to get people to realise that your account was compromised... Damage control.
"Owning" a website is all relative, though. That's what people often forget.
Like, if you run it via Web Hosting, is it yours?
If you run it on a generic VPS, is it yours?
If you run it on your machine through proprietary software, is it yours?
If you run it on your server with #FLOSS software, is it yours?
Even the most free machine, that runs at your home still has to connect to some ISP & depend on a third party, except you connect through one of those freedom net things, but I don't know much about it, so cannot comment on that.
Well, I digressed a bit from the original topic, but I hope you don't mind me chiming in with these thoughts. 😉
No worries, sometimes we have to dig deep but then we need to come back to the surface.
Of course your own web server isn't perfect, but for the purposes of attack, it is another layer of protection.
It is unlikely that a hacker who manages to find your leaked key or who leaks your key can/will also hack your webserver. Nor will they be the DNS provider or your ISP etc.
There is no such thing as perfect security, just a better one. A big part of it is not making yourself a target.