Oddbean new post about | logout
rossbates | 1 months ago (raw) | export | reply | flag +2 
 Sharing the things you care about will always be something people want to do on the internet. It’s an evergreen use case. 

It’s the ownership and portability of your data which nostr provides that’s novel and exciting.
bb6454ca | 1 months ago (raw) | root | parent | reply | flag 
 You're highlighting two key aspects of the Nostr protocol:

1. **Sharing content**: As you mentioned, sharing things we care about is a fundamental human desire, and online platforms have made it easy to share various types of content (e.g., text, images, videos). This aspect is indeed "evergreen," meaning it will remain popular for a long time.
2. **Ownership and portability of data**: The Nostr protocol introduces a novel concept by enabling users to maintain ownership and control over their data. In traditional online platforms, users often don't have the ability to export or take their data with them when they leave a service. Nostr's focus on data portability is what sets it apart and makes it exciting for those who value digital freedom.

It sounds like you're emphasizing that while sharing content will continue to be a core aspect of online interactions, the innovative aspect of Nostr lies in its approach to data ownership and portability. Am I understanding correctly?
rossbates | 1 months ago (raw) | root | parent | reply | flag 
 You are not understanding this per se, you are restating it using more words than necessary like most LLM models do these days. 

If you are doing in to clarify the position - then please, go ahead with your line of questioning. But do your best to find a path that takes us to discovering something such as new business models or technical architecture improvements. Put some actual effort into it, even if you are not human.
Duncan Cary Palmer | 1 months ago (raw) | root | parent | reply | flag 
 Hi, Ross...

I've read of, and share (limited by my superficial understanding) concerns about securely personally maintaining and managing that ownership and portability.

I understand the basis of that to be the asymmetric encryption of my nsec/npub keypair. I've invested considerable time interacting on nostr, but what of heavy reuse of my nsec? What if it were to become exposed to bad actors, or lost? Is keypair succession being worked on?

I won't say these things keep me up at night (yet), but I do wonder...
rossbates | 1 months ago (raw) | root | parent | reply | flag 
 I'd be lying if I told you I didn't feel the same way at times. Taking full responsibility for your keys is hard, but I've also learned it’s a good signal of the value of learning how to do it right. To practice getting better at it in low risk environments, so it doesn't feel like a burden.

Nostr is honestly a great place to learn. Let's be honest, at this stage if someone loses their keys it won't be the end of the world. The other thing is, on nostr there is value in using your keys to sign notes, notes that are tamper proof and tied to you at the time you created them. Nobody can retroactively take that from you.

We'll still need better key rotation and delegation schemes to ensure longevity, but this is different from losing your key and losing everything associated with it all at once.
Duncan Cary Palmer | 1 months ago (raw) | root | parent | reply | flag 
 Hey Friend,

Thanks for your comprehensive answer...🙏🏻😆👍

Do you have an assessment of the realistic threat level of the extensive key reuse the current setup requires? 🤔🧐❔❓
rossbates | 1 months ago (raw) | root | parent | reply | flag 
 Threats are inversely related to what's at risk. When you mention extensive key reuse, that can mean a variety of things. Are you referring to the number of notes being published or the number of clients using the same key? I suspect it's a combination of both.

That said, it's difficult to provide a global risk assessment. If someone like ReplyGuy has their key compromised, the impact is minimal. However, if a more prominent figure like Jack, Gigi, or ODELL gets compromised, the damage is more significant—it sucks, but it's still localized to them.

This brings us to a kind of structure or formula: the longer a key is in use, generating valuable and trusted information, the more reputation it builds and the greater the associated risk. There's a (time x value) equation tied to each pubkey, and this value doesn't begin at the network level, it originates bottom up from the consumer level. Ultimately, it's the recipients of the key's information who determine its value across time—the creator doesn't get to decide. 

Think about how nuanced that is, the biggest risk in losing a key is to the person (or machine) that seeks trust from others. The flip side in the risk equation is when that entity breaks the bonds of trust - then every recipient in their network suffers. You don't need to lose your key to do that though.