I have an imposter on Nostr. š¤·āāļø
With my handle @anita
What now?
How do people understand that this not me? 
Discussion
Lack of nip- 05 does it for me.
Just surprised that itās possible to have the same handle. Only the getalby.com is missing.
- highlight your domain in other socials
- encourage ppl to follow you here (the following-checkmark it shows after following differentiates quite well)
- link to nostr notes more often on twitter (I'd recc primal links for this)
- consider to put your npub string (with a hashtag in front for easy copypasta) into your bio of other socials/business related sites
(know that nip05 doesnt work properly across all clients)
Anyone can make any handle. There is no way to ensure name uniqueness in this type of decentralized network. The only approach is to connect to existing some authority (like nip-05 with DNS) or use a web of trust (only friends of friends...) or some form of ranking.
Your followers can repost your message hear. At least itās a start.
They use their brains.
They will probably realize its not you when they try to scam us
Nip-05
This doesnāt solve the problem!
Good morning. Well, I know that it is not the best of solutions, but, as far as I know, if I register a NIP-05 using my npub, Iām the only person who can have exactly that NIP-05. No impostor would be able to replicate that.
Thatās true, but as far as I understand NIP-5 this works only for a single relay.
I can say, Iām rieger_san@relayA but someone else can grab rieger_san@relayB
Yes, thereās a lot of nuance here. People been having a good conversation about it on this thread from this morning.
nostr:note1yxnrklae8nq59078gyqz9c3gnyzjzn6mtvecu5kz7gx5uql7nhwsz9zfy5
Yeah okay, but Iām not talking about the npub. Iām talking about the name.
Anita has the problem that someone is using the same name. Nip-05 is about the npub not about the name.
The problem is that people not comparing npubs they are mostly searching for names.
And as I said before. A name can be duplicated with Nip-05
I think we talked past each other š
Nostr address (nip-05)
Thatās what the NIP-05 verify is for. Since you own your domain with your name, you could use that to do verification. Iāve not set it up on mine but I know someone probably has some relatively simple are by step for it.
add a file at
domain.tld/.well-known/nostr.json with the format of {"names":{"anita":"yourpubkey"}}
Dns zone ownership verification is pretty common for other trust based systems like SSL certificates (txt record to prove control)
How do you know that anitaās domain is anitaposch.com and not anita.com?
Well obviously no one does, but buying a domain name and verifying every single time you try to scam any random person on social is quite a bit more involved/expensive than just generating a new account and updating the alias & profile.
It would have to be a very targeted attack for that to be likely. Generally itās just a huge net cast to tons of different accounts hoping they will trick enough people to get a few to click a link in DMs or something.
Not a perfect solution, but far better than not doing it if you own the domain to your full name.
this is why major well knowns should nip05 on a domain they control. it will get harder to assume validity of general nip05 domains
You should verify @anitaposch.com instead of getalby. Imposters can duplicate a getalby āverificationā but not one on your domain
Seems like thatās a trend. During the last 48h Iāve had imposters of nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft and nostr:npub18ams6ewn5aj2n3wt2qawzglx9mr4nzksxhvrdc4gzrecw7n5tvjqctp424 sending DM requests.
Itās pretty clear from looking at the impostersā feeds, as well as the lack of NIP-05 verification. The accounts can be reported as spam, and muted.
Not sure what spam reporting does though. E.g., what do relays do, and what happens if the genuine accounts happen to be reported.. š¤