Oddbean new post about login | logout I really have enjoyed nostr since I got here. I visit every day. But having a basic keypair as the foundation for one's identity is a non starter. It's fine for fun and a toy and something I can start over with a completely blank slate if catastrophe arises. But for mission critical permanence, no way. Risk of loss or theft is too grave
What is your alternative? Just mitigate the risk with backups, multi-sig, etc.
Multisig requires multiple keypairs, right? Multiple keypairs is not something that's in the protocol, right? Backups do not mitigate against theft
Either you own your social graph/identity/money or either you don’t. I’m pretty sure there will be 3rd parties that would manage keys for you or a business where multiple people can post for a business account, for example. For theft, that’s a good point. There is already some list for mutes… I would think that if enough clients move an npub to “compromised” or something, clients could do something about it. IDK I’m not an expert, but this sounds like something easy to do (if not already done)
We've had multisig for nostr more than year ago: https://github.com/nickfarrow/frostr It's just not user-friendly and not built into any signer and nobody really needs it. Maybe we should explore it with nsec.app? The only reason you don't have robust solutions against nsec theft is because nobody cared enough yet.
There aren't much tools and protocol-level solutions to key loss or theft atm. But that's just because nobody is trying to use them for mission critical stuff, once demand comes, solutions will come. I will keep repeating that nostr keys have lots in common to bitcoin keys, and we do hope to make bitcoin the core of our future economy, so how is nostr different in principle? More here: nostr:nevent1qqs0qkyxmykx2a5f98e88c2ayyz44z53h8ntvqp0fusge4r62m9m7mcql9f4x