People act precious about sharing email addresses, as if we don't already have battle-tested solutions like disposable emails/anonymous email aliases.

Practice good OPSEC. Using easily generated, disposable emails and long, unique passwords—through tools like SimpleLogin and a password manager like ProtonPass or BitWarden—is far more secure than carelessly plugging your one and only NSEC into random alpha/beta/stable apps that haven't passed a single independent security audit.

Using event signers like Amber or extensions like nos2x is better, as it reduces your dependency on 3rd party app security, but all the key/event signers we have have never been subjected to or passed an independent security audit.

Just because something's built on or compatible with Nostr doesn't make it secure, and just because someone is an outstanding developer does not make them a security professional. 99% of app developers are unqualified to audit their own apps—that's why proper security audits cost ~$15K+ and require a team of dedicated specialists.

The reality is: if you your nsec gets doxxed, everything attached to it is doxxed—period. There's no fallback, no way to keep your account and just change compromised login info. This is even more critical for businesses on Nostr and those outsourcing social media management—incompetent/disgruntled ex-employees are a very real threat.

Myself and many others have said time and time again: we need a parent/child key system—with the ability to generate, pause, and deactivate child keys—to match the basic privacy and security that we already have with disposable emails and lengthy unique passwords. The clock is ticking.

#IKITAO #OPSEC #Privacy #Tech