Of course there is migrating accounts if your private key gets leaked. You can't have 2 people controlling one account.
Also, the fatal flaw that I'm talking about isn't about how the private key is unchangeable. It is a second order problem that is stemming off this migrating account inevitability.
Your posts are signed by a specific key. If you start using another key how are you migrating? Recreating and signing with the new key? They'd have different timestamps.
Yes, I meant recreating the profile, but you're right, not everything has a timestamp, and the ones that do will likely get completely messed up during the migration.
I mean, then this problem is worse than I thought. If a hacker gets hold of your private key (not hard, given how rampant malware is and how often Nostr apps ask us to copy-paste private keys everywhere for login), everything you've built is gone. No recovery, and there is nothing you can do to gain control back.
