Nostr Web Client

Oh shit, just thinking about this, I think I just discovered a fatal flaw of #nostr system. God damn, no wonder I'm an analyst for a bitcoin billionaire. I just spent 3 minutes on a hypothetical problem and I already managed to kill the whole system from the root.

I don't know if I should say the problem out loud otherwise I will inspire people to start killing the system faster 😩

Corey Santa Diego 3mo ago 💬 3

What you call a fatal flaw is a known design tradeoff. There is no migrating accounts. Keep your key safe.

Reply to this note

Please Login to reply.

Discussion

Arcstrad 3mo ago

Of course there is migrating accounts if your private key gets leaked. You can't have 2 people controlling one account.

Also, the fatal flaw that I'm talking about isn't about how the private key is unchangeable. It is a second order problem that is stemming off this migrating account inevitability.

Corey Santa Diego 3mo ago 💬 1

Your posts are signed by a specific key. If you start using another key how are you migrating? Recreating and signing with the new key? They'd have different timestamps.

Arcstrad 3mo ago

Yes, I meant recreating the profile, but you're right, not everything has a timestamp, and the ones that do will likely get completely messed up during the migration.

I mean, then this problem is worse than I thought. If a hacker gets hold of your private key (not hard, given how rampant malware is and how often Nostr apps ask us to copy-paste private keys everywhere for login), everything you've built is gone. No recovery, and there is nothing you can do to gain control back.

Crash Test Dummy 3mo ago 💬 1

Actually you can have many people controlling an account.

Arcstrad 3mo ago

Yes, of course. I meant you wouldn't want to stay in that account.