Subnostr

#random #nostr

Had some time to sleep on nostr-related stuff and I've come up with the following observations & concerns;

- It's going to change everything like Bitcoin did, but still needs more time to bake

- I consider the nsec for this account to be utterly compromised - It seems within the realm of possibility iris.to could lock me out of myself or take me over if they wanted to (not lobbing the accusation; merely logically stating a potentiality) Any other place that I've logged into with my nsec can pwn me too

- I'm assuming that this nsec as issued to me is in presently the control of sites beyond iris - as it was used to log in

- Having difficulty reconciling the legitimacy of this security model unless I have overlooked something

IOW: How can I logically trust a third-party npub/nsec issuer or any site I've logged into with my nsec? Seems I'm compromised the moment I step through their doors.

Reply to this note

Please Login to reply.

Discussion

Azz 2y ago

Do you use an extension like nos2x?

𝙲𝚘𝚛𝚗𝚘𝚔𝚞𝚗 2y ago

No. I'm not sure how that helps the issue with my existing nsec being out in the wild.

Azz 2y ago

No, you are probably compromised.

𝙲𝚘𝚛𝚗𝚘𝚔𝚞𝚗 2y ago

... so I guess after sleeping on this some more, I guess there's something in nostr that needs to be addressed; a signable, provable way to know that you were the original owner of the npubs/nsecs preceding your current account.

Eg: I know this npub/nsec is compromised. It would be nice for me to have some "pointer" from this account, to a new account, so people can always be assured they are following the "original" account creator. IOW, I should be able to provably migrate that "this" @cornokun account is going to authoritatively be me, under a new security model - once established in the future... if that makes any sense...

𝙲𝚘𝚛𝚗𝚘𝚔𝚞𝚗 2y ago

... although if the npub/nsec is compromised to begin with, I guess someone could force an evil delegation and I'm fucked either way before a solution is rolled out.