Oddbean new post about | logout
 Feels like we are putting too much emphasis on web of trust and keys. Keys are easy to leak and if you tie your entire identity and trust to an easy to leak key, well.. then how good is that?  
 There are “way arounds” being built to recover the keys. 
 Link? 
 I like Pablo's suggestion: https://github.com/nostr-protocol/nips/pull/829

Keys are definitely the cornerstone here, but same is true for bitcoin, and we have a massive pile of builders solving keys for bitcoin, and there are more and more robust and user-friendly solutions coming to market.

Here is how bitcoin keys compare to nostr keys in my mind:
- you can 'migrate' from one set of bitcoin keys to the other by transferring all funds. With the suggestion above, you can do something similar on Nostr (although it's not precisely "all value" that's being transferred). It will also take lot of work for apps to support this auto-migration, and there are technical issues with that particular suggestion, but it's a good start IMO.
- you can kind of manage risks with bitcoin keys using several different wallet setups with different amounts stored. But you could do the same on nostr, having several keys with different setups dedicated to different activities. We don't have widely used tools to store many keys and switch btw accounts in signers and in the apps, nsec.app and nostr-login help here.
- you have limited damage if bitcoin keys are stolen, but on nostr it feels unlimited - thieves can broadcast with your own keys forever, they can also post fake events in the past under your old name. We will probably have to opentimestamp important stuff we publish to add safeguards against back-dated fakes. Also if the above nip is implemented well, the damage here might be reduced significantly.

This is just what comes to mind on the spot, let's discuss this further. 
 Once your nsec is stolen, you can never recover it for your exclusive use, that's correct. Once it's lost, you can never recover it for any use, that's also correct. But same is true for bitcoin keys, and yet we're hoping to build the world around it, and people build tools to mitigate these risks. Nostr key != Bitcoin key, but there are much more similarities than differences. Here is more on this: nostr:nevent1qqs0qkyxmykx2a5f98e88c2ayyz44z53h8ntvqp0fusge4r62m9m7mcql9f4x 
 the comparison to bitcoin keys is flawed. Even if you lose your bitcoin keys, you usually have a backup and can transfer it to another amount.

The same is not true for your nostr identity. Once it’s compromised you can never transfer it elsewhere. 
 There aren't much tools and protocol-level solutions to key loss or theft atm. But that's just because nobody is trying to use them for mission critical stuff, once demand comes, solutions will come. I will keep repeating that nostr keys have lots in common to bitcoin keys, and we do hope to make bitcoin the core of our future economy, so how is nostr different in principle? More here: nostr:nevent1qqs0qkyxmykx2a5f98e88c2ayyz44z53h8ntvqp0fusge4r62m9m7mcql9f4x