There are fake profiles impersonating me. I will never DM you out of the blue on this app. If you are using damus and get a DM from me, make sure to check if theres a purple icon next to my name. also you can go to my profile to verify the purple jb55@jb55.com nostr address.
another thing you can do is type jb55@jb55.com in search to always get the correct npub for my account.
GM nostr 🌞
Searching jb55@jb55.com there are two fakes... :-)
What client? That should only resolve to one key in damus
It was one. I cut him because he had couple followers. I said gain followers first then try!! 😮
#asknostr what is the yellow star next to your verified nip-05 purple icon?
Can you fix this issue?
nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6
おはよう。
僕にも偽物のwillからDMが来ている。
Will - can I see an example of a fake profile or two?
I had a couple ideas around this (for Twitter ) which may translate for NIP-05
https://easydns.com/blog/2022/08/05/solving-the-fake-twitter-profile-problem-with-dns/
Here is one who DM’d me.
npub10qk5zpmhv7rspp87shajf7d24yrf4lyr7w0m25wv9w78grs4k0sq0gq8pc
Ok thx
Ok so I looked and the method I’m proposing would totally work in this case.
nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s would add a TXT record to damos.io with his npub and any clients to that built in a lookup would know which one was fake and which one was real.
nostr:npub1elwpzsul8d9k4tgxqdjuzxp0wa94ysr4zu9xeudrcxe2h3sazqkq5mehan
How would it work with other fake accounts? For example, a celebrity creates a real account. Then someone creates a fake account. How would we know which one is real and which one is fake?
The celebrity puts a TXT record in their domain name which is in their profile - the imposter also puts the same domain in their profile (they always do )
The domain tells the client what the true npub is for that domain - when I wrote the original article we released a proof-of-concept chrome plug-in that shows the concept in action
https://easydns.com/blog/2022/08/05/solving-the-fake-twitter-profile-problem-with-dns/
nostr:npub1elwpzsul8d9k4tgxqdjuzxp0wa94ysr4zu9xeudrcxe2h3sazqkq5mehan Wow. Impressive. 👏
nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s Thoughts?
this is what nip05 is for except it uses https instead of dns and already built into every client
The fake @jb55 could still stand up a valid NIP-05 using a different address and then put your domain in the profile.
That’s why you need the triangulate with the DNS TXT record (in a way, this is a continuation of the argument I’ve been having with nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6 for nearly a year except I hadn’t thought of the fake Nostr handle issue until now. )
FYI we met very briefly at Bitcoin 2023 and I was going on about adding NIP-05 npub to DNS then.
Good morning! ☀️
imo this problem can be attacked in some ways
- relays getting clever and blocking mass DM'ers (especially when they are muted or reported by others)
- clients can check whether there are other profiles with same username and with a higher follower count and warn user
- clients can check other peoples mute lists or impersonation reports when DM'ed
Morning☕🙂
gm Will ☕️
Hi Will. Yes I had one account messaging me trying to get me to disclose my phone number yesterday
So you don’t actually care how my #bitcoin hodl has been performing lately ? 🥲 
Yeah, I almost got caught. But then I thought- how on earth would Will find and follow me here? 🤔
Gm Will thanks for building every day
I’m trying 😅 I’m in conference mode… flying around doing nostr talks and PR, but trying to bang out stuff inbetween on flights.
How is your trading?
Ah "decentralized" Nostr relying on centralized DNS
also worth checking that the posts aren't reposts of your real account, but the original content.
A fake account DM’d me. This was our conversation 😑 
more-speech deals with the problem of fake accounts in a number of ways.
1. Names chosen by users must be unique. More-speech will append a number to a name that already exists. Thus if someone sets their name to unclebobmartin in order to look like me, more-speech will set their name to something like unclebobmartin9934.
2. Names are adorned based on trust. In the afore mentioned case the faker would be represented as (unclebobmartin9934). The parentheses indicate that this user is not trusted.
3. A name that is presented like this: unclebobmartin<-jb55 means that unclebobmartin is trusted by jb55 and you trust jb55.
4. When you decide to trust someone, you can give them any name you like, including a name that someone else already has. But remember that other person is probably not in your trust list, and so will be presented with ().
Gm
Facts. I sent will like 15 DMs after meeting him at 23, I got one reply: “dude I can’t check these!”
🫢😎😜
Something that would be nice is if notes like this were pinned when people looked into your profile!
GM ☀️
If my address is the root _@bitcoin.rocks do people need to search the whole thing or can they just search "bitcoin.rocks"?
Yeah, Snowden was DMing me and I thought it was cool (with a massive grain of salt) then I compared NPUBs, bastard bots, scammers/scummers on every platform.
same
I will never DM you asking for bitcoin, only for zaps
nostr:note18u93h4cwx3s36esl782m9upnmhe66revx4j6lunvkts3axa82cuqyk08f2
Idea1: show the first time the npub was seen by the relay, so we users can spot new fakes
Idea2: use one of those watermark algorithms that insert hidden fingerprints in the image, so after uploading a profile picture, even with the change of compression algorithms, the app can extract some unique identifier and compare that with the database. Clients then can check the originality of the image. It's bulletproof but can make it more challenging for impersonators
It would be really cool if we could add PGP-style signatures to cleartext with our npubs.
Make it normal to ask "if you really are X send the current time and date with a signature."
You can do this with me right now with my PGP key.
Showing just a thumbnail profile image and sometimes also a name in notifications, I believe, contributes towards identity confusion.
There are also those that you know, but don't follow, and don't have the "follow" icon — this is mostly relevant for Amethyst.
