Replying to Deleted Account

Top o the morning nostrovians 🥳⛅️

This will be my last post from this specific npub

At this point, I am sure that a Minimum of 3 different actors have access to my nsec through exploits of my systems. So you’ll just have to trust my voice/pen right now.

A bit of a wild ride but I’ll try to explain…

The day Brazil banned X, I came to nostr. My favorite AI engineer content builds from Brazil.

My legacy socials have been shadow banned for years (roughly 2021). I’ve largely stepped away from the online world… but recently revived some socials to help friends out with their content. They are athletes, not computer whizzes. We mostly live in the dirt. Off grid as possible.

Motorcycle racing is a difficult industry and it’s costly… so when I arrived at nostr I immediately fell back in love with IoV. I used to contribute daily to projects like nostr. In fact, we used to have something like zaps on another platform but it got banned due to the regulatory crackdown of us in 2020. We were suddenly a “bank” and that was confusing when it came to KYC on centralized platforms. Weitse Wind is an incredible mouthpiece for kindness in this space and he waded us through an absolute mess. I’ve had great mentors. I owe them a lot.

Whenever I build a platform, I imagine it as a service to others bc I genuinely try to live by a service to others mindset. Hence open source projects

So, I follow a prototype to scale model… this npub is an outlier.

I started nostr from a computer but as I looked at the source I got scared for onboarding my friends and family. We’re still trying to digest 2FA in that world.

So I created a proof-of-concept… I didn’t realize it would scale this quickly.

I onboarded as though I know nothing about encryption. so I used my real face and a lot of other really real details. Also, some not real because I knew I was in a pit of vipers. We all are, on the internet, always.

I literally pasted my keys to a word doc… I built this as sloppy as I know my loved ones would. And then I downloaded the apps to my phone. And along the way tried to explain what was happening… I didn’t touch any code and I only changed a relay once, but I’m pretty sure at one point my real human IP was banned.

And here we are… multiple people have control of my account. You all have no way of knowing which signed events are actually a match to my face. You’ve witnessed both the burning of my books and a witch hunt in real time. And all of this data is stamped in history as though it is me. At the “block” level.

Proof-of-concepts are helpful because they give us visuals and immersive experience. Measure twice, cut once.

My next profile will be me in full authenticity, but those keys will be secured with biometrics.

Thank you for coming my extremely confused TedxTalk and namaste. 🙏🏼
Avatar
Melvin Carvalho 1y ago đź’¬ 2

Thanks for sharing. Your key might not be compromised, unless you have noticed that someone controls your account or key and are impersonating you, you could be OK.

There is a technical solution to this called key rotation. I have had to do it once due to a cruel person in the nostr community that stole my key when I was helping someone.

But we can solve the problem so that you can sunset one key and move to another, with limited disruption. We've been able to do this technically for a number of years, the harder part is to get folks to agree on a good way.

In any case, if you start a new key, you can put some text in your profile to show others, which is what I did. This will be solved technically one day, but there's multiple competitng ideas on how to do it, right now.

Reply to this note

Please Login to reply.

Discussion

c6
Deleted Account 1y ago

key rotation sounds interesting. where can i find more info on this process? would like to start building a nostr presence but not confident in my ability to remain secure.

41
Deleted Account 1y ago

I love that idea Melvin! Thank you for sharing. I don't want to leave my only public facing profile as I've found quite the family here. I am going to explore this more. Ideally, I keep this one and people can remain confident, moving forward, that it is only my pen/voice/keystroke signing events. But, as many have noted, makes sense to spin up new npubs too as I navigate new security methods. So much has changed in 4 years... I'm relearning/ unlocking a lot of blocked out memories right now. so it's a bit of a struggle to reorient.

It hurts my heart that someone was cruel to you here... you've helped my journey immensely.