Oddbean new post about | logout
Vic | 9 months ago (raw) | export | reply | flag +6 
 Please dont zap this post. This is written by me (Vic), not the real Vitor Pamplona. The intention was to demonstrate how easily an impersonation can be performed by simply setting the name and avatar to the target.  People following the impersonator can be tricked into thinking they are seeing a message from the impersonatee.

Solutions to this aren't easy, and may come in layers.

1. I really would like to see Nostr clients do what Phone and Email clients have done, and add some kind of support akin to contact list and address books where the owner of the book (you using the client) is defining labels, attributes, names etc, and not solely relying on what the owner of the discrete identifier (phone number, email address, pubkey) is publishing as their name
2. The historical check that @corndalorian referenced.

These or others are implemented in various game clients (e.g. Steam) and it's worked well through the years.  Client side labels would go a long way for personal context as well.

nostr:nevent1qvzqqqqqqypzqgd5rygzm28upw5sfp9wey6t74dh408htmkm8yfyart4ujglgxj7qy88wumn8ghj7mn0wvhxcmmv9uq32amnwvaz7tmjv4kxz7fwdehhxarj9e3xwtcqyzwjzewmccu746lffyzqrp4pj8crfscmpkxwpgrc07lvdxh4u42qkww5cge
MKD Podcast | 9 months ago (raw) | root | parent | reply | flag 
 this is cruel 😄
Enki | 9 months ago (raw) | root | parent | reply | flag 
 +1
iefan 🕊️ | 9 months ago (raw) | root | parent | reply | flag 
 It's a problem, I literally thought it was vitor.
corndalorian | 9 months ago (raw) | root | parent | reply | flag 
 Yes, I'd love to have a client side address book. And then an alert if a contact updates their info, with the options to review it, accept it, or decline it and continue using the info I already had saved for them.
realjode | 9 months ago (raw) | root | parent | reply | flag 
 OH , I properly failed that test then
சாரு-秋陽 | 9 months ago (raw) | root | parent | reply | flag 
 True this... But just displaying the NIP-05 like earlier was good enough for the devs. For others though, like you say, it's complicated (though I think Nostur also flags a probable impersonator basis your follows I think)
nerd2ninja; ©️📺 | 9 months ago (raw) | root | parent | reply | flag 
 I love this community that just social engineers each other for fun lmao.

BTW, my client didn't update your information so I still know its you. I was going to ask what app you've made that you wanted to implement those features into.
deadbandit | 9 months ago (raw) | root | parent | reply | flag 
 HOW DID YOU HACK MY FOLLOW LIST?
ManiMe | 9 months ago (raw) | root | parent | reply | flag 
 Doesn’t “petname”, as specified in NIP02 already achieve this? 

Problem is lack of implementation across clients of this possibility. And problem I see with this is the lack of specification for a “default” petname. If none exists (IE: if users don’t “add” a petname to each of their contacts “by hand”)  then this entire layer of extra security (even as you suggested in OP) is unusable. So there’s a big problem with any implementation…

https://github.com/nostr-protocol/nips/blob/master/02.md
Vic | 9 months ago (raw) | root | parent | reply | flag 
 petname as described in that nip is a weird hierarchy. i dont know what client, if any, supports that nip as written, and i wouldnt be opposed to that nip just being rewritten
ManiMe | 9 months ago (raw) | root | parent | reply | flag 
 Another problem is … nips don’t get rewritten … and deprecating PART of a NIP? … not NIP02.