Thank you. That all makes sense and is helpful. The last one is particularly difficult to deal with.
Would it be possible to create a recovery key scheme... Like when you create your keypair you create a second keypair (offline, cold storage, etc) that signs a single "distress signal" linked to the original keypair, and all of the clients incorporate a flag of some sort when you are seeing a note from an npub that had it's distress signal broadcasted?
Things like that are strong ideas but are difficult for various reasons. The closest NIP is the newly-merged nuke your account NIP (tell client to tell relays to delete everything and ignore your pubkey) but even that will be hard to coordinate, have a read of the link below for all the chatter on that NIP, good stuff.
Another thing to consider is that most times your key is compromised you'll never know. The hacker is waiting, reading all your DMs, keeping a close eye on your zaps, your cashu balance, for months, maybe even years—all the while you have no idea your key is compromised. There is no "see all devices where I'm signed in" UI in Nostr, nor can there be.
It could be that the future of Nostr is simply not for the kind of social history building that we're doing now, but for something else more transient in nature.
Thanks. Will have a look. Personally, I treat nostr as a permanent internet public square (everything is open for all to see, including eventually DMs). And what I carry in my wallet in this square could get stolen. So I don't care about deleting stuff already on relays; I care about making sure that I and only I can broadcast to the network that my key should be considered forked to a new key. That seems like it ought to be doable.
I think that's probably the right way to look at it, a sort of glass box but one that you own.
The key forking thing is hard. The best way may be to start off from scratch with the combo of both a virgin (secure) nsec and FROST bunker URL, created at the same time. You can get such a combo at njump.me via the join nostr thing.
Write that nsec down somewhere, store it in a few places, and never paste that nsec into anything. Nothing. Nowhere. Ever. Only use the FROST bunker URL with clients. And only come back to the nsec to create a new or revoke an old FROST URLs (those are disposable).
That way you'll never lose your account, some hacks your FROST URL, just revoke it, nothing about your npub needs to change.
Problem is FROST is in early stages, not a lot of clients support it. But it is the solution you're looking for by the sounds of it. This guy below gets it:
nevent1qvzqqqqqqypzpx8xhrzg2fzrs2kr89sz4x8c8svrsg8ptwy4z4unzdv9lfwy0kuyqqsdc20kcqqcns2c5cd6t5jvvgcg7slrqtkc6xv7k7vtyu9vhvkv06cjc04mr
