Nostr offloads security from the server to the user. This means if one user gets pwned they lose that account forever, but leaking the DMs of an entire server is impossible.
Discussion
There should be some way to move accounts (follows, followers, etc) to a new key like on fedi. I worry that some client may have stolen my nsec, though I know about those extensions that protect it too.
Problem is if someone steals your nsec they could also migrate your account.
Oh right lol. But if you can only migrate an nsec once, then you’d know that the new key is safe. I don’t know how that would work tho.
I don't think you can make it happen only once though. If I migrate my account and it gets hacked, the hacker could also migrate it. How do you decide which migration is first? Relays can't be trusted as they could be operated by malicious people. Timestamps can't be trusted either as the hacker could just lie and say he was first...
It’s an entirely theoretical problem because obviously people will find out pretty quickly if one is compromised when it starts shilling Bitcoin wallets.
The solution is probably something simple like being able to clone all your old stuff to a new keypair.
If you're cloning followers due to your private key being compromised that would imply that the attacker could also clone. If I wake up and find out I'm following 10000 optimum accounts I'm going to be pretty disappointed.
Yes, I agree and proposed “burn notice” events to provide a hint to a new npub. The burn notice can not be trusted inherently but could let the followers choose to honor a particular burn notice and follow the new npub, but should verify the new npub via some other channel or wait long enough to know the burn notice is legitimate and not from an attacker with the compromised key
This could easily be solved like Chia-Network developed for their wallets security. In summary, you have multiple keys, if your main one gets pwned you can use the other two to regain control of your account and invalidate the pwned one.
>>e8ec5483b4d2c567eda51770e0d52d3c6318f3e8c3dce8b662f4c089ddfa2e18
Hey Alex, posting this from Our channel, check it out