nostr:npub1nym2200088t397yx43lza4gfec3rk56gxnwjnk2u4w5ld0qpau6sskc7fq ās key leaked, follow this one ! nostr:note1zl6vqcs6e5wwxv0t3mdkq5tudr433mt6hyfcwhnl94tejx8vcesqr8tkzr
Discussion
Rip ā ļø
Howād it happen š³
nostr:note1hn4nddlhadpzevn7nzvkwyw2gmazxczs3wfwwqqgh9s43cthqj6squ9y0h
I was actually thinking about this last night and what possible UX options there could be. Since everything is cryptographically signed, there's no "password reset". But could some sort of bridge be built from latest valid note on compromised account to new verified account that would allow users to still maintain all of their data and history if they'd like? Is this something that could possibly be added into NIP-05 JSON object that includes "past keys" and a nested "last event" or something like that? There would have to be additional security that doesn't allow the bad actor to mimic the same process as well.
This is why we need burn notices as a NIP. A formalized way to announce, and to like, āburn noticesā which, with the help of the network, can identify the new, secure replacement npub.
New or existing event kind could be used but a āhintā to the new npub could be defined. But it MUST be signed by the burnt nsec, imho. Think about it.
Thresholds for likes/zaps/??? by not-new/friendly npubs could help resolve conflicting burn notices when they occur.
This could add value to each personās network.
I like the idea of a note but a bad actor could utilize this as well since they would have the nsec. Perhaps a "parachute" account could be configured preemptively as insurance? Is that too much to ask of users though in regards to UX?
No 2FA ?
This is something I always wondered about. If my private key leaks, can I delete the entire account? Will my posts be gone? Since I canāt delete posts, would that mean I canāt delete my account/private key as well?