Avatar
Muffin Bi 1y ago

There's something that worried me about having only a private key to login at #nostr and not having a way to recover from a leak or invasion. I mean, how can we feel safe if we know that a potential leak of our key will permanent steal our content forever? There's no password change /key change. Today we have several apps that we can use with this protocol plus web browser apps, several browser vendors, extensions, browsers with less security, etc... The ways you can loose your key to an hacker are far way more and faster, than the ways users can learn how to avoid them.

Am I missing something here? Is there a way to associate account to a new private key if it had been compromised?

What are the good practices to avoid this preoccupation?

Reply to this note

Please Login to reply.

Discussion

Avatar
JeffG 1y ago

There is a way to associate a new private key. It's not a perfect solution (didn't aim to be) but it is something that helps you rotate to a new (predetermined) key in the future in case of disaster.

https://kind0.io/app This app can help you create the needed events.

Avatar
Muffin Bi 1y ago

Humm, it seems not to be a transparent process for me.

Do not trust, verify! Right?

I could´t verify it, then I prefer not use it. Yeah, I'm a beginner,

But I believe is not possible to verify this feature.

- There's no reference for the code of this webapp. Is it open-sourced?

- if not, not possible to run that code by myself in a local environment.

- Only we have transparency where it isn't supposed to happen (we can see all the npubs generated by a supposed #nostr user)

Probabily I missing something here. But this is the point. #Nostr is far from give us security and safety feelings, as a centralized authority does, yet...

Avatar
Muffin Bi 1y ago

*️⃣ #Nostr is far from give security and safety feelings to the masses, as a centralized authority does, yet...