The main problem being what it already is for Nostr apps: getting completely rekt if that key gets compromised. Nostr has to fundamentally change and mature before I'll ever use it for more than a low value social media use case.
I only enter my password manager password in one place. Entering it into a bunch of different apps creates the same problem of using the same password everywhere. You'd need to create a different nsec for every app to avoid this, which is fine, but that isn't what most people will do. They'll just paste that sucker into anything that asks and eventually get rekt everywhere just like people do now. The main difference is that there is no recovery under the current model. You can't just contact Nostr customer support and prove your identity to reset your nsec and take back control of everything you used the key for. It's gone forever. That's why I think it's more dangerous than the current legacy model for the average person. It's also an instant take over. Whoever has the key can access any Nostr app instantly, without even knowing which service the owner uses. Currently, an attacker would need to figure out which services I use to access them if I use the same password everywhere, and that takes resources. Nostr is just one protocol.
Things need to get better before more people are encouraged to use Nostr for everything.
matt / Matt Warren⚡Not Related to Elizabeth Warren
npub1l6…uj5rc
2024-08-16 11:04:53
in reply to nevent1q…59we
Author Public Key
npub1l6scds4yv7xmcsmhqnhdy9sggm520q09lvts2m5mkvecgr2mmmeqsuj5rcPublished at
2024-08-16 11:04:53Event JSON
{
"id": "8ad112771baa72d4fea48462ac07aede6545c708d314bd46d5683fd91fb12188",
"pubkey": "fea186c2a4678dbc437704eed2160846e8a781e5fb17056e9bb333840d5bdef2",
"created_at": 1723806293,
"kind": 1,
"tags": [
[
"p",
"e83b66a8ed2d37c07d1abea6e1b000a15549c69508fa4c5875556d52b0526c2b"
],
[
"e",
"7a632dd0c283a8bac311df61c9cf0a7f278ba6acfa68e441b3f8dd65aff64602",
"wss://relay.primal.net",
"root"
]
],
"content": "The main problem being what it already is for Nostr apps: getting completely rekt if that key gets compromised. Nostr has to fundamentally change and mature before I'll ever use it for more than a low value social media use case.\n\nI only enter my password manager password in one place. Entering it into a bunch of different apps creates the same problem of using the same password everywhere. You'd need to create a different nsec for every app to avoid this, which is fine, but that isn't what most people will do. They'll just paste that sucker into anything that asks and eventually get rekt everywhere just like people do now. The main difference is that there is no recovery under the current model. You can't just contact Nostr customer support and prove your identity to reset your nsec and take back control of everything you used the key for. It's gone forever. That's why I think it's more dangerous than the current legacy model for the average person. It's also an instant take over. Whoever has the key can access any Nostr app instantly, without even knowing which service the owner uses. Currently, an attacker would need to figure out which services I use to access them if I use the same password everywhere, and that takes resources. Nostr is just one protocol.\n\nThings need to get better before more people are encouraged to use Nostr for everything.",
"sig": "7291079b0dd141e991b899cc2743db92e0fa341a435c9be2c6795a307cd7cd78ac3c87d72411ca65a9da14a495f36ff3ae4dcf48098231091bdd3102393e3fbe"
}