Avatar
Tatum Turn Up 2y ago 💬 8

Could mining vanity npubs turn into intricate impersonation attempts? like my npub is npub1hte85nxymfyez0nlmmxf287nh9cujfuetxhk9vptwcdqg0pn8pxqxasw3d but it abbreviates to npub1hte85nxymfy:dqg0pn8pxqxasw3d. could someone mine an npub that has a similar abbreviation?

If I’m correct, npub1hte85nxymfyez0nlmmxf287nh9cujfuetxhk9vptwcdqg0pn8pxqxasw3d and npub1hte85nxymfyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxdqg0pn8pxqxasw3d both abbreviate to npub1hte85nxymfy:dqg0pn8pxqxasw3d

This could be a non-issue. Just thinking about newcomers and non technical people like myself that may overlook actually checking the whole npub

Reply to this note

Please Login to reply.

Discussion

Avatar
ben 2y ago

Yes, that is a risk

Avatar
やトナ 2y ago

I think this is part of the importance of NIP05 so you don’t need to worry about the Npub

Avatar
Tatum Turn Up 2y ago

I think that personal domain NIP05 is the best way, however, that is not always the easiest as some domain hosting services don’t let you easily access FTP. Like Google who I have mine through.

Avatar
やトナ 2y ago

Yep, personal domains are definitely the best but it’s not easy to set up. It took me about 7 total hours to make my site and get it all straightened out (i had no experience making a website beforehand). It would be nice if someone made a service that can somehow automate the process for you but idk if that’s even possible/it could lead to easier impersonation.

Avatar
Michael 1011 2y ago

I think so too, that right now personal domains are the best solution. But they are not perfect either. Think of all the scam and phishing emails where they pretend to be idk Google and get a domain that looks almost the same as the real one

https://www.thesslstore.com/blog/unicode-domain-phishing/

67
Life is launched directly on the mainnet 2y ago

Dumb question: couldn’t be the same with a btc address? If not, couldn’t we use the same system to avoid such a minting?

82
lucash.dev 2y ago

Yes

Avatar
stephen 2y ago

This is true. NIP05 is a step in the right direction but I think DIDs would be better for adoption. Tbh unless you have some form of verification badge for everyone even things like hashing profile images and text analysis of names and bios etc would do more to stop impersonation. Look at how rampant this is on Twitter and how the scammers use it