Nothing, that’s why some ppl run their own.
Discussion
I'm considering making my own just so the posts actually load 😔
Like an entirely new client? Mona runs iris too btw. But I guess you could say the same thing about fedi, p actually did reset someones password to impersonate them.
Yeah maybe. Probably won't cus I'm busy and already spend too much time on this stuff as it is but maybe if I have a week off or something I'll take a look at it. Would also be cool just to test my skills and learn more about how this stuff works.
Also the fedi is even worse from that perspective, every admin by definition has the ability to impersonate/hijack the accounts of any of their users, and unlike nostr the admin can actually lock you out of your account.
My concern with nostr is more the fact that switching clients seems to be pretty commonplace and normal, when each individual client has the ability to steal your account. Seems like a way for a bad actor to fuck over a lot of people if he is smart/sneaky enough. On the fedi if someone made an instance with the intention of stealing peoples accounts, he would only be able to steal the alts that were made on his instance, not accounts that exist on other instances.
The other problem is you can’t just reset your nsec, but I think that’ll be sorted eventually.
You'd have to change the npub too, so maybe through some sort of account migration feature to let you migrate your info/followers to a new npub and nsec pair.
I’ve been careful with who I give my keys to since I switched to this new account, but I’m thinking of switching again and only giving my privkey to Mona’s Iris instance.
I think it’s whatever as long as you don’t rely on DMs to be private
Theoretically someone running a client could leak your keys and anyone could impersonate you, which will definitely happen to careless ecelebs if Nostr scales up. In that regard Fedi is definitely more secure right now.
Newfags probably shouldn’t be expected to know how risky it is to put your private key into any given client. But the devs do seem to be looking into improving this so hopefully it’s not an issue for long.
It wouldn’t even have to be malicious btw. These clients are updating haphazardly and presumably without much security review. Expect hacks down the road.
Security is actually a good reason to use Soapbox once Alex gets it running on Nostr cause at the end of the day it has to suit Truth social and it’s probably getting semi-regular audits.
No lol, they would basically be able to change your account and say anything as if they were you and no one could tell. That's why I'm concerned about it