Oddbean

I have another round of severe impersonators here on Nostr reaching out to credible people with scam opportunities. Please ignore them. Always check the NIP-05 if available. On my website sidebar, I link to my only valid social media profiles for verification. For Nostr, the only one is the npub associated with primal.net/lyn, which is: npub1a2cww4kn9wqte4ry70vyfwqyqvpswksna27rtxd8vty6c74era8sdcw83a https://m.primal.net/KQsk.png

Nah, NIP-05 works fine, but the user has to know what the NIP-05 SHOULD be before they can verify the correct account. My NIP-05 is dikaios1517@nostrplebs.com, but any rando could go out and register nostrrplebs.com and create their own NIP-05s to impersonate anyone currently registered with nostrplebs.com Anyone who isn't paying attention and just sees the check mark might be duped.

That's the problem with Nostr -> not so simple and userfriendly. Not everyone knows what NIP is and how to deal with it. I'm not new with IT, but I have absolutly no clue what NIP is or how to use it. I'm probably not the only one..

NIP is just Nostr Improvement Possibility. The building blocks of how Nostr works are all NIPs of various numbers. Users don't need to know what a NIP is or what any specific NIP is for. You used a kind 1 note defined in NIP-01 to respond to me, and you had no idea of either. Your client didn't ask you if you wanted to create a kind 1 note. It just presented you with a reply button. Good design will obfuscate these technical terms away in your client.

I have literally seen people scammed out of their family inheritance, their home and rent, or their next grocery shop through bitcoin. There are ways to avoid this: 1) You can never ever be too careful about the "handle" or "screen name" you are talking too. Many platforms allow them to be aped easily. Including domain names. Sometimes it can be an additional character that isn't easy to spot. Other times it can be an "i" in place of an "l" It really can be that simple to take everything you have 2) Generally speaking you aren't going to have an "@" or an "npub" offer you something that is too good to be true. Correct me if I am wrong @LynAlden but you aren't likely asking people to send you bitcoin for no definable reason with a promise of return? You aren't soliciting your skills randomly. This should be obvious but it isn't. If anyone is contacted in a manner like this the first reaction should be to have them contact you directly. Ask for a phone call, or a video call, if it is that important. It will buy time to investigate the nature of the request. 3) No one. No one ever will ask for personal information. This one is huge. Very important. Don't volunteer this kind of thing. Not ever. Your fiat bank will never ask for this. They will ask security questions. But your bank will never ask you to send money to unlock money. I can't stress this enough. If anyone asks for your password, or your nsec, or your bitcoin keys, the answer is "no"

Nip-05 or bust. It’s amazing how many prominent folks have supposedly been on here (@⁣⁤naval⁤⁣ , @balajis , etc.) with nothing but an npub/twitter cross post to protect people from impersonation.

Thank you! When I was new (well, newer than I am now), I would receive messages purporting to be you, or Jeff Booth, or Jack. I only knew enough to recognize the names, and was flattered that ‘you’ reached out to me. But as I eventually learned, with the repeated ‘how’s the market treating you’ and ‘I’ll share my copy trading secrets’, I caught on. I also followed advice and looked at the addresses. Luckily for me, I never sent money or invested. I share this in hopes that it will help at least one person.

Just curious. Why are you using a @primal.net nip05 and not for instance lynalden.com - primal could be seen as centralized out of your control while for instance lyn@lynalden.com would be totally controlled by yourself.