Yeah, I’ve wondered whether clients actually do that validation. I mean, it’s probably expensive to process, right? It’d be nice if there were tools to check if there are any fake events of ours showing up on the relays.

It’s also important that your nostr client actually verifies the signatures and doesn’t trust the relay to do it, even if it takes a few seconds to verify the signatures of all incoming events.

Oh, okay, in that sense it's true, no one can sign events without the private key.