Thank you for your reply. I have now confirmed that the issue was on my end and unrelated to Stacker News. My previous statement, 「I’m certain I never publicly shared this invite link,」was incorrect. I’ve discovered that I sent this link to Nostr about a year ago.
After waking up this morning, I reviewed Stacker News' code and noticed that after my post, @ek submitted PR#1789, which changes the invite link generation method from using cuid to 16-byte random content.
From this PR, I learned about the previous logic for generating invite links and reviewed the implementation of cuid. Based on this code, I was able to decode the timestamp of my invite link (https://stacker.news/invites/clr4of5kk0001ofw3xdik7kbn) as 1704703451636, which corresponds to Mon Jan 8 16:44:11 CST 2024, roughly one year ago.
Following this lead, I searched through my posts on various social networks and discovered that I had indeed shared the invite link on Nostr a year ago.
Additionally, I’d like to clarify that the invite link format generated by cuid is c + timestamp(ms) + counter + fingerprint + random(8 bytes). It includes a timestamp and an 8-byte random number, so attacking it wouldn’t be trivial. Therefore, the security of previously generated invite links shouldn’t be a major concern.
I apologize for the confusion and inconvenience caused. Sorry!
cuidto 16-byte random content.cuid. Based on this code, I was able to decode the timestamp of my invite link (https://stacker.news/invites/clr4of5kk0001ofw3xdik7kbn) as 1704703451636, which corresponds toMon Jan 8 16:44:11 CST 2024, roughly one year ago.c + timestamp(ms) + counter + fingerprint + random(8 bytes). It includes a timestamp and an 8-byte random number, so attacking it wouldn’t be trivial. Therefore, the security of previously generated invite links shouldn’t be a major concern.