I really have enjoyed nostr since I got here. I visit every day. But having a basic keypair as the foundation for one's identity is a non starter. It's fine for fun and a toy and something I can start over with a completely blank slate if catastrophe arises. But for mission critical permanence, no way. Risk of loss or theft is too grave
[New Essay] Nostr is Identity for the Internet
The Internet needs user-owned identity and an associated open data layer. And I'm more convinced than ever that Nostr will win.
I agree with nostr:npub1sg6plzptd64u62a878hep2kev88swjh3tw00gjsfl8f237lmu63q0uf63m that the long tail of microapps is ultimately Nostr's killer feature. But which will take off next?
In my mind, Nostr will follow a straightforward trajectory - first solving discovery/reputation problems for Bitcoiners, then for early tech adopters, and finally for the mainstream. Here are some examples where I think Nostr based discovery & reputation will shine:
- Global, social payments ala nostr:npub12vkcxr0luzwp8e673v29eqjhrr7p9vqq8asav85swaepclllj09sylpugg nostr:npub1mutnyacc9uc4t5mmxvpprwsauj5p2qxq95v4a9j0jxl8wnkfvuyque23vg nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm & nostr:npub1arcweuxy0zkdcg08sljh058qp02ytrgnpzh4csa3ar42szyfgrpsw6ggtw
- Ecash mint discovery/selection ala nostr:npub1mutnyacc9uc4t5mmxvpprwsauj5p2qxq95v4a9j0jxl8wnkfvuyque23vg & bitcoinmints.com
- Marketplaces for DLC oracles ala lava.xyz
- Local Bitcoins replacements ala nostr:npub1m0str0d7z2ww8rdh20t2n9lx520xjwhaq24p68umqp06wwrwtsnqen40un
- Open Source AI agent discovery ala nostr:npub1tlv67m7xvlyplzexuynmfpguvyet0sjffce3y8vu0suuyuwgzauqjk7fdm's openagents.com & nostr:npub14pfjj6jf8y702pdjar2q36ve5r4t2gu2lp4yma00j49jkgy7d90swg7mwj
- Marketplaces for APIs ala nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft's DVMs & nostr:npub14tkuhgzvmwyx2stzkfh5r0q4tpllke63yn969jwjqm2prl0e65rswmzw96
- An open github replacement ala nostr:npub15qydau2hjma6ngxkl2cyar74wzyjshvl65za5k5rl69264ar2exs5cyejr's gitworkshop.dev
- An open PWA App Store ala nostr:npub1wf4pufsucer5va8g9p0rj5dnhvfeh6d8w0g6eayaep5dhps6rsgs43dgh9's zap.store & store.app
- ValueRank search & discovery ala nostr:npub1sx9rnd03vs34lp39fvfv5krwlnxpl90f3dzuk8y3cuwutk2gdhdqjz6g8m nostr:npub17304velluajf6lylvjynpj2f3ndg396w063gj2gef5qk0nwtcyjqfj9yky & kagi.com
- Marketplaces for files ala nostr:npub1lunaq893u4hmtpvqxpk8hfmtkqmm7ggutdtnc4hyuux2skr4ttcqr827lj & nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr's Blossom
- Review & UGC content sites ala nostr:npub15layhyw3jyazvtgupvvejxuqzpx5w8snnapyvsfclwgqmhzftjcqjkv7v3's heyapollo.com & nostr:npub1dtgg8yk3h23ldlm6jsy79tz723p4sun9mz62tqwxqe7c363szkzqm8up6m's Satlantis
- Value4Value content creation and delivery ala nostr:npub1v5ufyh4lkeslgxxcclg8f0hzazhaw7rsrhvfquxzm2fk64c72hps45n0v5 nostr:npub1yfg0d955c2jrj2080ew7pa4xrtj7x7s7umt28wh0zurwmxgpyj9shwv6vg & nostr:npub1kmwdmhuxvafg05dyap3qmy42jpwztrv9p0uvey3a8803ahlwtmnsnhxqk9
Of course the most exciting category of all is the unexpected wave of unimaginable apps that will eventually emerge. Ultimately, user owned identity and open data lead to online trust, which is a beautiful and deflationary force, capable of disrupting predatory marketplace middlemen and shifting the balance from financial to social capital. I.e. a more humane world. (h/t nostr:npub1lunaq893u4hmtpvqxpk8hfmtkqmm7ggutdtnc4hyuux2skr4ttcqr827lj)
Thanks to nostr:npub1xdtducdnjerex88gkg2qk2atsdlqsyxqaag4h05jmcpyspqt30wscmntxy nostr:npub16c0nh3dnadzqpm76uctf5hqhe2lny344zsmpm6feee9p5rdxaa9q586nvr nostr:npub1kuy0wwf0tzzqvgfv8zpw0vaupkds3430jhapwrgfjyn7ecnhpe0qj9kdj8 nostr:npub1cd0l3s6qgj0s6690rtkys39mgj5upwxpm4856nhmce0pyqu6xj9qh7xlvx & nostr:npub1q5sah9f3p9kl7uqdeaqskqwmg74ktxx70e0093dzh4lpzcp3t0mqzxky65 for feedback on this essay.
Discussion
What is your alternative?
Just mitigate the risk with backups, multi-sig, etc.
Multisig requires multiple keypairs, right? Multiple keypairs is not something that's in the protocol, right?
Backups do not mitigate against theft
Either you own your social graph/identity/money or either you don’t.
I’m pretty sure there will be 3rd parties that would manage keys for you or a business where multiple people can post for a business account, for example.
For theft, that’s a good point. There is already some list for mutes… I would think that if enough clients move an npub to “compromised” or something, clients could do something about it.
IDK I’m not an expert, but this sounds like something easy to do (if not already done)
We've had multisig for nostr more than year ago: https://github.com/nickfarrow/frostr It's just not user-friendly and not built into any signer and nobody really needs it. Maybe we should explore it with nsec.app?
The only reason you don't have robust solutions against nsec theft is because nobody cared enough yet.
There aren't much tools and protocol-level solutions to key loss or theft atm. But that's just because nobody is trying to use them for mission critical stuff, once demand comes, solutions will come. I will keep repeating that nostr keys have lots in common to bitcoin keys, and we do hope to make bitcoin the core of our future economy, so how is nostr different in principle? More here: nostr:nevent1qqs0qkyxmykx2a5f98e88c2ayyz44z53h8ntvqp0fusge4r62m9m7mcql9f4x