I love #nostr but I think the identity use case is overly ambitious. it's just too easy to irrevocably steal or lose a nostr nsec. As far as I understand once someone else has gained access to your nsec once, you can never recover your nostr identity for your exclusive use.
[New Essay] Nostr is Identity for the Internet
The Internet needs user-owned identity and an associated open data layer. And I'm more convinced than ever that Nostr will win.
I agree with nostr:npub1sg6plzptd64u62a878hep2kev88swjh3tw00gjsfl8f237lmu63q0uf63m that the long tail of microapps is ultimately Nostr's killer feature. But which will take off next?
In my mind, Nostr will follow a straightforward trajectory - first solving discovery/reputation problems for Bitcoiners, then for early tech adopters, and finally for the mainstream. Here are some examples where I think Nostr based discovery & reputation will shine:
- Global, social payments ala nostr:npub12vkcxr0luzwp8e673v29eqjhrr7p9vqq8asav85swaepclllj09sylpugg nostr:npub1mutnyacc9uc4t5mmxvpprwsauj5p2qxq95v4a9j0jxl8wnkfvuyque23vg nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm & nostr:npub1arcweuxy0zkdcg08sljh058qp02ytrgnpzh4csa3ar42szyfgrpsw6ggtw
- Ecash mint discovery/selection ala nostr:npub1mutnyacc9uc4t5mmxvpprwsauj5p2qxq95v4a9j0jxl8wnkfvuyque23vg & bitcoinmints.com
- Marketplaces for DLC oracles ala lava.xyz
- Local Bitcoins replacements ala nostr:npub1m0str0d7z2ww8rdh20t2n9lx520xjwhaq24p68umqp06wwrwtsnqen40un
- Open Source AI agent discovery ala nostr:npub1tlv67m7xvlyplzexuynmfpguvyet0sjffce3y8vu0suuyuwgzauqjk7fdm's openagents.com & nostr:npub14pfjj6jf8y702pdjar2q36ve5r4t2gu2lp4yma00j49jkgy7d90swg7mwj
- Marketplaces for APIs ala nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft's DVMs & nostr:npub14tkuhgzvmwyx2stzkfh5r0q4tpllke63yn969jwjqm2prl0e65rswmzw96
- An open github replacement ala nostr:npub15qydau2hjma6ngxkl2cyar74wzyjshvl65za5k5rl69264ar2exs5cyejr's gitworkshop.dev
- An open PWA App Store ala nostr:npub1wf4pufsucer5va8g9p0rj5dnhvfeh6d8w0g6eayaep5dhps6rsgs43dgh9's zap.store & store.app
- ValueRank search & discovery ala nostr:npub1sx9rnd03vs34lp39fvfv5krwlnxpl90f3dzuk8y3cuwutk2gdhdqjz6g8m nostr:npub17304velluajf6lylvjynpj2f3ndg396w063gj2gef5qk0nwtcyjqfj9yky & kagi.com
- Marketplaces for files ala nostr:npub1lunaq893u4hmtpvqxpk8hfmtkqmm7ggutdtnc4hyuux2skr4ttcqr827lj & nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr's Blossom
- Review & UGC content sites ala nostr:npub15layhyw3jyazvtgupvvejxuqzpx5w8snnapyvsfclwgqmhzftjcqjkv7v3's heyapollo.com & nostr:npub1dtgg8yk3h23ldlm6jsy79tz723p4sun9mz62tqwxqe7c363szkzqm8up6m's Satlantis
- Value4Value content creation and delivery ala nostr:npub1v5ufyh4lkeslgxxcclg8f0hzazhaw7rsrhvfquxzm2fk64c72hps45n0v5 nostr:npub1yfg0d955c2jrj2080ew7pa4xrtj7x7s7umt28wh0zurwmxgpyj9shwv6vg & nostr:npub1kmwdmhuxvafg05dyap3qmy42jpwztrv9p0uvey3a8803ahlwtmnsnhxqk9
Of course the most exciting category of all is the unexpected wave of unimaginable apps that will eventually emerge. Ultimately, user owned identity and open data lead to online trust, which is a beautiful and deflationary force, capable of disrupting predatory marketplace middlemen and shifting the balance from financial to social capital. I.e. a more humane world. (h/t nostr:npub1lunaq893u4hmtpvqxpk8hfmtkqmm7ggutdtnc4hyuux2skr4ttcqr827lj)
Thanks to nostr:npub1xdtducdnjerex88gkg2qk2atsdlqsyxqaag4h05jmcpyspqt30wscmntxy nostr:npub16c0nh3dnadzqpm76uctf5hqhe2lny344zsmpm6feee9p5rdxaa9q586nvr nostr:npub1kuy0wwf0tzzqvgfv8zpw0vaupkds3430jhapwrgfjyn7ecnhpe0qj9kdj8 nostr:npub1cd0l3s6qgj0s6690rtkys39mgj5upwxpm4856nhmce0pyqu6xj9qh7xlvx & nostr:npub1q5sah9f3p9kl7uqdeaqskqwmg74ktxx70e0093dzh4lpzcp3t0mqzxky65 for feedback on this essay.
Discussion
Yeah exactly I always wondered what would happen if yours accidentally got leaked. Not much they can do now the whole system is out but yeah it sucks
Yea it's a very fair point. Simple key pairs is just the starting point. We'll need to figure out how to rekey people potentially with something like social recovery and/or pre-commitments. I believe we'll solve these problems over time though. Getting adoption for an interoperable protocol is much more challenging though imo and that's where Nostr is beginning to shine
My approach for theft would be to have key aliasing and reasonably secure hardware wallets.
You'd have a 12 word seed you only ever enter into the hardware wallet so it can generate the signature you need to set up an alias pointing to another key. Once the alias is set, the seed is deleted from the hardware and you interface with nostr through the other key. If the everyday use key gets stolen, you change the alias.
Once your nsec is stolen, you can never recover it for your exclusive use, that's correct. Once it's lost, you can never recover it for any use, that's also correct. But same is true for bitcoin keys, and yet we're hoping to build the world around it, and people build tools to mitigate these risks. Nostr key != Bitcoin key, but there are much more similarities than differences. Here is more on this: nostr:nevent1qqs0qkyxmykx2a5f98e88c2ayyz44z53h8ntvqp0fusge4r62m9m7mcql9f4x
the comparison to bitcoin keys is flawed. Even if you lose your bitcoin keys, you usually have a backup and can transfer it to another amount.
The same is not true for your nostr identity. Once it’s compromised you can never transfer it elsewhere.
also, there is nothing in nostr yet that attempts to solve reputation.