Combat Identity Theft on Nostr
535 sats \ 17 comments \ @nyan 20 May nostr
I recently joined Nostr and love the idea of it all (obviously duh). However, one major problem I see coming is nsec keys being stolen. Your nsec IS your identity and especially for early adopters this will be problematic. You paste your nsec in several clients and it is basically guaranteed that they will be leaked eventually. Hardware signing devices don’t exist and frankly would be too cumbersome anyway for social media.
I think we need some standardized protocol how to deal with that. For example:
The first message every new nsec (user) publishes is signed (e.g. signed with some private key in a HD wallet). Then they can start posting happily until their nsec gets leaked. They create a new nsec and publish a message proving that they signed the first message sent with the previous nsec. Nostr clients recognize this and disregard (optionally) or flag content published with the old nsec after the publishing of the new message.
write
preview
related posts
87 sats \ 2 replies \ @justin_shocknet 20 May
I've taken a personal interest in solving this too
Key management is a big problem with just about everything, that's one of the biggest grievances new Bitcoin users too... I often use the example of grizzled old *nix admins still fumbling with SSH keys for decades now with no great alternatives
Browser extensions for Nostr are a terrible solution too, they generally give the publisher access to your full browser storage across every domain, and they don't even work on mobile where they're needed most.
As bad as the products are, Bitcoin hardware wallets are at least directionally correct in separating signing keys from connected devices... but Nostr itself is an inherently online thing so that's not a solution either.
NsecBunker got the right idea generally, I just don't like the unscalable implementation with NIP46, so am working on something more robust.
The idea being OAuth-like, apps connect to a remote-signer over a tunnel with revocable tokens and a permission set. The signer can then be a daemon hosted anywhere like a hardened VPS or an Umbrel/Start9.
Solving it in this way also opens the door to high profile Nostr accounts, managed by social media teams or automation etc, where the proprietor doesn't have to give up the key to an intern.
reply
27 sats \ 1 reply \ @nyan OP 20 May
Thanks, finally someone who is not just saying, “duh, browser extensions idiot”. As you say, their required permissions are egregious. And they are still a hot wallet. Will be interested in your solution. Do you have an ETA?
reply
10 sats \ 0 replies \ @justin_shocknet 20 May
We're kind of developing in production for use with our own apps at this point, big refactor shipping later this week but it'll probably be at least a month till we make a remote signer for Umbrels etc
Can poke at the landing page though: https://auth.shock.network
reply
140 sats \ 0 replies \ @k00b 20 May
You're basically describing NIP-26 which is key delegation. It didn't get adopted though it seems. This kind of thing is very tricky to get right. Most solutions are either very complicated or not very robust. Hot key management is very hard.
reply
71 sats \ 5 replies \ @0xbitcoiner 20 May
Why have you introduced nsec on several sites? Nostr may have problems but this is not one of them, there are several solutions to solve what you are talking about.
reply
21 sats \ 1 reply \ @nyan OP 20 May
There are some extensions like Alby that help you manage that on Desktop but not on mobile. And even then, you are basically relying on a hat wallet.
reply
0 sats \ 0 replies \ @0xbitcoiner 20 May
I don't use nostr on mobile, so I don't know what the state of the art is. But I do know that the Alby extension works in Firefox on android. I don't know if nostr2x also works. Yes, it works as a "hot wallet".
reply
10 sats \ 2 replies \ @MarsIronPI 20 May
Pretty much this. If you're pasting your nsec into clients you're doing it wrong. If you're using a native client and you don't trust it, don't use it. If you're using a web client, you should be using nos2x or Alby or some other nsec-managing extension.
reply
20 sats \ 1 reply \ @nyan OP 20 May
Sorry man, but Alby and nos2x are still hot wallets. Why would I trust Alby over client xyz. If you have your nsec in Alby I wouldn’t feel secure building out my online identity based on this
reply
0 sats \ 0 replies \ @MarsIronPI 21 May
Hmm, so you would want "hardware wallets" for nostr? I think there is such a device. I'll find a link later.
reply
101 sats \ 1 reply \ @Coinsreporter 20 May
Your nsec IS your identity and especially for early adopters this will be problematic. You paste your nsec in several clients and it is basically guaranteed that they will be leaked eventually.
These are serious allegations. Come on Nostr guys, reply to this ignorance. I think we need some real deliberations on this.
I wil take part as a first bench viewer in the court of SN. Let's give the best decision.
reply
0 sats \ 0 replies \ @nyan OP 20 May
What about my post is ignorance. Please elaborate
reply
0 sats \ 0 replies \ @dtonon 20 May
Something similar to what you described has been proposed (if I'm not wrong by Pablo) in a not yet merged NIP that focus on keys rotation.
For a good sign pattern, NIP-46 is the solution, https://nsec.app is a very interesting implementation totally non custodial. I use also Gossip on desktop as signer.
https://github.com/fiatjaf/window.nostr.js permits to use NIP-46 on every site that has NIP-07 (extension) support, also via bookmarklet.
reply
0 sats \ 0 replies \ @Satosora 20 May
That sounds like a catch 22.
reply
0 sats \ 2 replies \ @0245bdaef2 20 May
“I’m new to Bitcoin nostr and I’m here to fix it.”
reply
0 sats \ 1 reply \ @nyan OP 20 May
What have you contributed to it so far? My guess is zilch. Same for BTC
reply
0 sats \ 0 replies \ @0245bdaef2 20 May
Try learning more before you speak. I am not your enemy.
reply