Oddbean new post about | logout
Byzantine | 4 months ago (raw) | export | reply | flag +1 
 welcome to nostr

where it is wonderful and experimental and everyone will tell you that your messages are authentically signed 

but...

anyone with your key can post to your account and control your identity as if they were you
Derek Ross | 4 months ago (raw) | root | parent | reply | flag +2 
 This is why protect your private key so that only YOU can post and sign content displayed on your public key.
AbstractEquilibrium | 4 months ago (raw) | root | parent | reply | flag 
 Unless airgapping every event signature is acceptable to you, there's very little you can do to effectively protect your key.
Derek Ross | 4 months ago (raw) | root | parent | reply | flag 
 That would be silky. No one will do that for every single interaction. It's simle. Don't enter your nsec into websites. Use a signing extension or bunker. Done.
AbstractEquilibrium | 4 months ago (raw) | root | parent | reply | flag 
 Trivial mitigation.  Keeping a post-it of your password in a drawer rather than posted on the monitor makes little difference to the cleaning maid.

And Biden has a LOT of evil maids in his orbit 😉