Subnostr

Had an idea, might as well jot down the notes here before maybe writing it up long form.

Plenty of people use multi-sig for security, like 2 of 3, and one of the keys is held by a third-party vendor.

And, I imagine, there are protocols to signal duress, etc.

But what if someone operated a service, say nostr:npub17u5dneh8qjp43ecfxr6u5e9sjamsmxyuekrg2nlxrrk6nj9rsyrqywt4tp where under duress, you couid call one of those companies but you had no account, no 2 of 3, and they looked you up, realized it and faked it for you anyway.

Like, “okay, we’ll need your passphrase, sir.” “Excellent, per your instructions, the funds will be transferred to that address in four weeks.”

Then you, gun to your head, say, “sorry it’s an emergency, I need them right away,” and the rep says, “I’m really sorry, but anything over 5M sats has a four-week delay on it, per your written instructions, and those can only be overridden via notarized letter.

Do you want me to send the 5M sats now?”

Then they could invoice you $100 for the service.

Maybe it’s a crazy idea, I don’t know.

splinter 2y ago

I think it's an interesting idea, but there are some practical challenges with it. First, it caters to a very specific and not very common use-case. Second, it requires considerable staff training for it to actually work and be believable. Third, even if you provided the service, you'd then have to figure out how to take care of billing after the fact, since you presumably have no business relationship with the person calling in.

Whenever you have something that happens rarely and requires lots of staff training to be ready for it, it tends to fall on its ass in the real world. It would also need to cost a hell of a lot more than $100.

Reply to this note

Please Login to reply.

Discussion

Chris Liss 2y ago

My thought was they’d be trained to go through that routine already with their actual clients. So when someone who was not a client called in, they’d just do the same thing they’d already been trained to do.

And they’d have no guarantee of collecting from the invoice, but most people would be extremely grateful and a lot I bet would pay much more than the suggested amount.

To me the biggest negative would be it undermines their core business which is why get the real deal when you can fake it almost for free?

But in a way instead of selling insurance (which is what they’re doing) they’d be offering direct and immense value at the time you needed it most.

splinter 2y ago

If they already had everyone trained up and ready to go then it could work. It would be interesting to look at some statistics around this, e.g. how many companies have protocols in place, how often it happens, what usually happens, etc.

Chris Liss 2y ago

I’m sure it’s very rare (now) but wait until the price is at 1M. And almost certainly they have duress protocols.

But the biggest win from it would be as a deterrent. It would make it seem like virtually everyone had a third-party multi-sig setup at the ready, and there’s no point in even trying.

I suppose though it could have the opposite incentive wherein attackers got wind of it and just figured everyone was lying even if you really did have it!

So some poor bastard has the setup and gets tortured because the attacker assumes he’s faking it!

But the gist is to make it so no one really knows if they can ever get anything out of a violent attack.