That just reinforces my point that pasted-in nsec security is reliant on social pressures and not technical ones.
that's quite a lot of steps involving multiple people, likely to get caught and lead to real world consequences even if after the fact, at least it would destroy nostr:nprofile1qqsr9cvzwc652r4m83d86ykplrnm9dg5gwdvzzn8ameanlvut35wy3gpzdmhxw309aex2mrp0yhx5c34x5hxxmmdqyxhwumn8ghj7mn0wvhxcmmvqyg8wumn8ghj7mn0wd68ytnvv9hxgpywa92's reputation forever
very different from one employee from the homeserver hosting provider being tricked into giving access to the account of an important person to some malicious entity
like we have seen happen many times in every big platform
Discussion
everything is like that
but of course the technology plays a big role in it, you're just larping
Lol. No. Some things can be prevented by technical means and not fingers crossed he’s a nice guy means.
you're trying to imply that publishing a confidential message unencrypted but with a preamble that says "do not read" is exactly the same as using signal because signal could technically ship a compromised apk to you and leak your message
everything is social pressure and trust at some level
you're pretending to ignore that the levels of trust required are distinct
It's not though. On Nostr I operate under the assumption that someone already has my nsec, we all should do that. Because it's entirely possible. I bet at least one person has my nsec right now, maybe a few people. I'd never know. Nostr really does rely on social pressure so why bother trying to be secret?
But if I started again on Nostr and did only Frost and bunker and White Noise and all that, in that case it'd be different. That's still a really bad experience, so I'll wait. But the tech matters, you have to admit.
All good points in this thread, but i’ll still take a key i control over some rando server managed by someone else.
If you have lots of money tied to a key i probably wouldn’t use it in mobile apps that are hard to verify… i would read the source code and compile from source and just use notedeck.
Anyone not reading the source code and compiling it themselves has to trust someone, even in the keyserver case. The server case is even harder for people because people have phones, not computers with servers.
We are already lightyears ahead in comparison to legacy social media platforms and protocols, at least users have the ability to choose their risk tolerance levels with different clients. On legacy they can read your DMs and make posts on your behalf if they wanted to.
True. It's not only risk tolerance it's friction tolerance too.
Though to be fair I should give frost/igloo/bunkers and all that another go, maybe the experience is less friction-y than before. Try living on Nostr for a few weeks bunker only, see how it goes.