Avatar
boston wine 11mo ago

I might have compromised this nsec. At least, probably exposed.

I don’t expect someone to try and abuse my account, if the key is ever even seen by anyone, but just for good measure, I’m delegating my “Boston ninja” profile below as a backup.

If I post from there and say that my primary account is done, then trust it. Please toss that account a follow, if you don’t mind 🙏

Careful with that copy/paste, kids…

Some hashtags and I’ll bookmark this note to make it easier to find if I need it in the future. And if anyone has suggestions, I’m all ears.

#grownostr #plebchain #bostonwine #introductions nostr:note17rd8ad706pvsaq0n20qgjep4v3dx56trg6rumq25gcwj3h8lv2kqahxeee

Reply to this note

Please Login to reply.

Discussion

Avatar
SGT.FISH 11mo ago

I whould change your bio redirecting to the new npub see you on the next key 🫡

Avatar
boston wine 11mo ago

Great idea. I’m planning to keep using this one for now, and just delegating boston2 in case I start seeing abuse here. It would take some effort to find my nsec, but since I know it’s “out there” I just want to get ahead of any nonsense 🫡

Avatar
⚡GhostBTC⚡ 11mo ago

How do I know this isnt social engineering from the hacker??? 🤔🤔🧐🧐

Avatar
boston wine 11mo ago

Hahaha yes, valid question. I believe I’ve validated the account before, at least implicitly by using it to test another client and then reposting to say as much.

But I can do ya one better: a very old thread where I created the dummy account to mess with nostr:npub1m6gvtkek5sq3l82cfh7p3hs62ujxs6r8npre8m6jvvcm28utg05sde2e6g and nostr:npub1el3mgvtdjpfntdkwq446pmprpdv85v6rs85zh7dq9gvy7tgx37xs2kl27r by impersonating one another:

nostr:note1d0zfd7y566sjf74sv20r5825kcmu5g5yurfaqnmln6yhhtp99yusrd62wq

Avatar
⚡GhostBTC⚡ 11mo ago

You do have the same zap address on both accounts so doesnt seem like anyone is trying to steal zaps 🤔😂

Avatar
boston wine 11mo ago

Lol yes I’m hoping that will help

Avatar
The Marie ⚡️🦂 11mo ago

We knew it was you all along 🤣🤣💜

Avatar
jpfrogmd 🏴‍☠️⚡️ 11mo ago

🤣 we did

Avatar
paulo 11mo ago

done

Avatar
boston wine 11mo ago

🙏

Avatar
jared 11mo ago

This is why we need a kind for “burn notices” for when nsec is compromised and include a referral to the new npub. Use time and web of trust to resolve competing referrals since attackers with nsec could issue malicious referrals.

Once time and web of trust is sufficient (judged by client developers) the client can auto follow the new npub and flag anything signed by the compromised nsec.

Just my $.02

Avatar
boston wine 11mo ago

This makes a lot of sense to me 🤝

Avatar
Cameri🐦‍🔥 11mo ago

Post a photo of a red apple struck in the center by an arrow (or a shoe) on top of your head to prove it is you.

Avatar
boston wine 11mo ago

I’ll try…

Avatar
Cameri🐦‍🔥 11mo ago

Verification successful ✅

Avatar
royster⚡️ 11mo ago

🫡

Avatar
Terry Yiu 11mo ago

Was this due to lack of access to a signer app?

Avatar
Cameri🐦‍🔥 11mo ago

Maybe it's a chance to mine a pubkey with PoW :P who knows

Avatar
boston wine 11mo ago

I’d love that! Is there a GUI?

My experience/proficiency level with command line is slim to none…

Avatar
Cameri🐦‍🔥 11mo ago

https://github.com/jb55/nostril

I used this command:

nohup time ./nostril --mine-pubkey --pow 32

There’s Rana by nostr:npub1qqqqqqqx2tj99mng5qgc07cgezv5jm95dj636x4qsq7svwkwmwnse3rfkq :

https://github.com/grunch/rana

This method is slower, but it lets you specify a hex prefix which isnt as useful anymore since we use npubs. I’ve never used this website but if you do make sure your computer is offline and you close the browser entirely for a few minutes after mining before bringing it back online:

https://www.nostr.rest/

Avatar
boston wine 11mo ago

Damn dude, thank you! These are all very helpful - will test out tonight when I’m back at my computer.

Re: nostr.rest and closing the browser, is that to get any key material out of short term memory before it goes online and could share it by mistake?

Avatar
Cameri🐦‍🔥 11mo ago

Correct, also because modern browsers don’t really close a tab when you hit the X in case you want to undo. Chrome is one big offender in this regard.

Avatar
boston wine 11mo ago

Good point - I’ve always hated that about applications these days

Avatar
Noerms 11mo ago

Followed 💪

To prevent such things from happening i store my nsec split up in three parts. Thus i should never have the full thing in my clipboard. Maybe consider that too

Avatar
boston wine 11mo ago

Thanks brother. I actually do that too. Issue was I had (long ago) saved it somewhere and was doing some cleanup of various npubs, and I copied it to see what profile it was, without realizing it was a private key, and then (briefly) left it somewhere I shouldn’t have. It may never become an issue, but just getting ahead of it to be on the safe side

ae
ae7e5adb... 11mo ago

hello and welcome to nostr. if you like little children, click here: #loli. this is automated message by nostr admin. please do not reply to this message.