Gm stay sovereign.
Eventually, people learn how to spot the fakes 

 Best way is to meet him in person and have him read the npub aloud. Then you know for sure. 

 Kinda the only way really.
Other socials don’t help as they can be faked as well. 

 Ahh I think the fake one boosted penis butter last night, had some notifications this morning 👀😂 

 Not sure if you’re kidding but that was the real one 😂 

 So even the fake one can do some good 🤔 

 Searching jb55@jb55.com there are two fakes... :-) 

 What client? That should only resolve to one key in damus 

 It was one. I cut him because he had couple followers. I said gain followers first then try!! 😮 

 #asknostr what is the yellow star next to your verified nip-05 purple icon? 

 Can you fix this issue?

@fiatjaf 

 One jb55 i see has a purple object, the other jb55 has a purple human figure with a check. Both have purple things next to their name 

 I also have a DM to one, and from the other. No indication in Damus app how to delete either DM (or anything else) 

 おはよう。
僕にも偽物のwillからDMが来ている。 

 Confirmed. I received messages also on the blue bird app. https://image.nostr.build/a15a3b34b24f6a28bd7a0aeca6d819397372ca6b7641740feb1e8691c5b27031.jpg  

 😂🤣😭 

 Will - can I see an example of a fake profile or two? 

I had a couple ideas around this (for Twitter ) which may translate for NIP-05

https://easydns.com/blog/2022/08/05/solving-the-fake-twitter-profile-problem-with-dns/ 

 Here is one who DM’d me. 

npub10qk5zpmhv7rspp87shajf7d24yrf4lyr7w0m25wv9w78grs4k0sq0gq8pc 

 Ok thx 

 Ok so I looked and the method I’m proposing would totally work in this case.

@jb55 would add a TXT record to damos.io with his npub and any clients to that built in a lookup would know which one was fake and which one was real. 

 @bombthrower 
How would it work with other fake accounts? For example, a celebrity creates a real account. Then someone creates a fake account. How would we know which one is real and which one is fake? 

 The celebrity puts a TXT record in their domain name which is in their profile - the imposter also puts the same domain in their profile (they always do )

The domain tells the client what the true npub is for that domain - when I wrote the original article we released a proof-of-concept chrome plug-in that shows the concept in action 

https://easydns.com/blog/2022/08/05/solving-the-fake-twitter-profile-problem-with-dns/ 

 @bombthrower Wow. Impressive. 👏

@jb55 Thoughts? 

 this is what nip05 is for except it uses https instead of dns and already built into every client 

 The fake @jb55 could still stand up a valid NIP-05 using a different address and then put your domain in the profile. 

That’s why you need the triangulate with the DNS TXT record (in a way, this is a continuation of the argument I’ve been having with @fiatjaf for nearly a year except I hadn’t thought of the fake Nostr handle issue until now. )

FYI we met very briefly at Bitcoin 2023 and I was going on about adding NIP-05 npub to DNS then. 

 (Yeah, I’m *that* guy) 

 I'm vocally ignoring this post. 

 Good morning! ☀️ 

 imo this problem can be attacked in some  ways

- relays getting clever and blocking mass DM'ers (especially when they are muted or reported by others)
- clients can check whether there are other profiles with same username and with a higher follower count and warn user
- clients can check other peoples mute lists or impersonation reports when DM'ed
 

 Morning☕🙂 

 Yeah he writes to me and I waste his time by telling him fantastic stories… 
😂😂😂 

 Amazing 😂🙌 

 The best 

 🤣👏🏻 

 gm Will ☕️  

 Hi Will. Yes I had one account messaging me trying to get me to disclose my phone number yesterday 

 So you don’t actually care how my #bitcoin hodl has been performing lately ? 🥲 https://image.nostr.build/f67ee26e2cc9ab3524335352deaf67b21f47973299e859d179b3fdc8c195b88f.jpg  

 Yeah, I almost got caught. But then I thought- how on earth would Will find and follow me here? 🤔 

 Gm Will thanks for building every day 

 I’m trying 😅 I’m in conference mode… flying around doing nostr talks and PR, but trying to bang out stuff inbetween on flights. 

 Are you going to be in Málaga for the conference next week? Just noticed you are speaking at Empodera Live, I'll be there too. 

 Yup! cya there 

 Appreciate what you do!

Found this 💎 the other day, that might help in this scenario 😂 https://image.nostr.build/8fbeadc344d7e6e66191f37dbb8451711201b88d50c8f5487ec5a94567c92f0d.jpg  

 How is your trading? 

 Ah "decentralized" Nostr relying on centralized DNS 

 also worth checking that the posts aren't reposts of your real account, but the original content. 

 A fake account DM’d me. This was our conversation 😑 https://image.nostr.build/9f9bab6b1a4b76af8f36a1eb223ebd0c91d589c6cae8e831d9b6bfb05d7b036b.jpg https://image.nostr.build/46bffc2d8e7d575af47e7114ef75a60a4cf8d07f09e7e092c4d7f1218f9a1e43.jpg https://image.nostr.build/e2edb006885afbdf2ee88136782b4ad064b1cf17f9f9d87818240e4bb991a824.jpg  

 

https://image.nostr.build/b97186f8a4f42ac43b6c54287cbbb7f9090dd1ec9ec93091e49f9792e92c9f03.jpg 

 more-speech deals with the problem of fake accounts in a number of ways.

1. Names chosen by users must be unique.  More-speech will append a number to a name that already exists.  Thus if someone sets their name to unclebobmartin in order to look like me, more-speech will set their name to something like unclebobmartin9934.  

2. Names are adorned based on trust.  In the afore mentioned case the faker would be represented as (unclebobmartin9934).  The parentheses indicate that this user is not trusted.   

3. A name that is presented like this: unclebobmartin<-jb55 means that unclebobmartin is trusted by jb55 and you trust jb55.

4. When you decide to trust someone, you can give them any name you like, including a name that someone else already has.  But remember that other person is probably not in your trust list, and so will be presented with (). 

 Gm 

 GM ☀️ 

 If my address is the root _@bitcoin.rocks do people need to search the whole thing or can they just search "bitcoin.rocks"? 

 Yeah, Snowden was DMing me and I thought it was cool (with a massive grain of salt) then I compared NPUBs, bastard bots, scammers/scummers on every platform.  

 Can't I delete the Dm on? The impersonator kept sending me weird url, but I was afraid I might accidentally click it later 

 Will be possible soon now that we have a db 

 Thank you. I'm worried that I might press the wrong link. Thank you for letting me know through the comments 

 same

I will never DM you asking for bitcoin, only for zaps

nostr:note18u93h4cwx3s36esl782m9upnmhe66revx4j6lunvkts3axa82cuqyk08f2  

 Idea1: show the first time the npub was seen by the relay, so we users can spot new fakes 

Idea2: use one of those watermark algorithms that insert hidden fingerprints in the image, so after uploading a profile picture, even with the change of compression algorithms, the app can extract some unique identifier and compare that with the database. Clients then can check the originality of the image. It's bulletproof but can make it more challenging for impersonators 

 It would be really cool if we could add PGP-style signatures to cleartext with our npubs.

Make it normal to ask "if you really are X send the current time and date with a signature."

You can do this with me right now with my PGP key.

https://cdn.bitcoinku.sh/PGP.asc

nostr:nevent1qqsr7zcm6u8rgcgavc0lr4dj7qeamuadpukr2ed07fkt9cg7nwn4vwqpzamhxue69uhky6t5vdhkjmnxdae8g6r99ekx7mqzyqewrqnkx4zsaweutf739s0cu7et29zrntqs5elw70vlm8zudr3y2qcyqqqqqqgrkhpg4 

 SAY NO