I need to read up on how how auth currently works.
nostr:npub10npj3gydmv40m70ehemmal6vsdyfl7tewgvz043g54p0x23y0s8qzztl5h nostr:npub1fjqqy4a93z5zsjwsfxqhc2764kvykfdyttvldkkkdera8dr78vhsmmleku nostr:npub1gnwpctdec0aa00hfy4lvadftu08ccs9677mr73h9ddv2zvw8fu9smmerrq nostr:npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkj nostr:npub1wqfzz2p880wq0tumuae9lfwyhs8uz35xd0kr34zrvrwyh3kvrzuskcqsyn nostr:npub1qdjn8j4gwgmkj3k5un775nq6q3q7mguv5tvajstmkdsqdja2havq03fqm7 maybe we really should think up a less-invasive form of AUTH. 🤔
That might help some npubs feel less like they have to be strip-searched to read replies and shitposts.
Discussion
it's the same as all auth systems... you have a secret that the protocol allows you to prove you have without giving it to the other side (for nostr that is signing an event, the signature validates on the public key, on normal login systems you send the password but they immediately hash it and compare to the hashed password of your account)
the nostr auth protocol is stronger than standard logins, a LOT stronger
Would it be possible to perform some task, rather than signing? Or somehow proving that you are a whitelisted on the relay list, without revealing your specific npub? That would at least allow for some obfuscation.
Or, wait a minute, could you use some other key, that is once removed?
Or submit some hash that only makes sense, if an npub on the whitelist created it?
I don't know. Something slightly indirect.