mleku on Nostr: this prompted a question in my mind just now, and an answer came how is it that ...
this prompted a question in my mind just now, and an answer came
how is it that static cryptographic identities seem to be strong in nostr
partly, because if someone were to actually post events with the key they managed to steal from you
you'd see it the next moment you open your nostr client and it displays the event kind they posted with that key
right now kind 1's are definitely a no-go for an nsec thief
because many clients are retarded about DMs though, and auth, they might exploit their achievement by riding your reputation with their stolen booty
but at the same time, the conventions in the protocol are so leaky, that it's possible they would be detected by someone who would mention you in a kind 1 that you seem to be sending spam
this is an interesting thing, and may well be why nostr's DAU is slow to grow
most people think it's insecure, on the face of it
those who use it, never have a problem because it's so easy to get noticed doing bad thing
most of the relays don't actually keep logs and nobody really talks about that possibility, but it exists, and the bad guys might well consider it best to only use your nsec to read your encrypted events, and not alert you they have it by posting
I have a question for you, I know you are real, but is this you posting? Haha
Published at
2024-10-10 18:11:14Event JSON
{
"id": "ab6d3e9715ab00199ccb2def75289faec5983ebbd8b07eb6d44b3b321dfb257d",
"pubkey": "4c800257a588a82849d049817c2bdaad984b25a45ad9f6dad66e47d3b47e3b2f",
"created_at": 1728583874,
"kind": 1,
"tags": [
[
"e",
"df82b0d3f06e4bdccb3f3769584fa00e2b3862ff7d2ee44604e4a6e836e8bedc",
"",
"mention"
],
[
"q",
"df82b0d3f06e4bdccb3f3769584fa00e2b3862ff7d2ee44604e4a6e836e8bedc",
"",
"805e3c98b42a2175a081666b4e077bab32136ea6cf4b9976a952569917d9e329"
],
[
"p",
"805e3c98b42a2175a081666b4e077bab32136ea6cf4b9976a952569917d9e329",
"",
"mention"
],
[
"client",
"noStrudel",
"31990:266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5:1686066542546"
]
],
"content": "this prompted a question in my mind just now, and an answer came\n\nhow is it that static cryptographic identities seem to be strong in nostr\n\npartly, because if someone were to actually post events with the key they managed to steal from you\n\nyou'd see it the next moment you open your nostr client and it displays the event kind they posted with that key\n\nright now kind 1's are definitely a no-go for an nsec thief\n\nbecause many clients are retarded about DMs though, and auth, they might exploit their achievement by riding your reputation with their stolen booty\n\nbut at the same time, the conventions in the protocol are so leaky, that it's possible they would be detected by someone who would mention you in a kind 1 that you seem to be sending spam\n\nthis is an interesting thing, and may well be why nostr's DAU is slow to grow\n\nmost people think it's insecure, on the face of it\n\nthose who use it, never have a problem because it's so easy to get noticed doing bad thing\n\nmost of the relays don't actually keep logs and nobody really talks about that possibility, but it exists, and the bad guys might well consider it best to only use your nsec to read your encrypted events, and not alert you they have it by posting\n\nnostr:nevent1qvzqqqqqqypzpqz78jvtg23pwksgzentfcrhh2ejzdh2dn6tn9m2j5jknytancefqqsdlq4s60cxuj7uevlnw62cf7squ2ecvtlh6thygczwffhgxm5tahqdnnarj",
"sig": "2319baa449fd507f2f6e37716cd930a79d083527e4f31a96027422c24ae000bc34d5bf745f63505f605b12cae84c069738c5ad16b1a8ddf8dc47e9e16ad4c31e"
}