-
@ vinney | opfn.co
2025-02-27 13:36:49
GM.
My baseline assumption is that there are more than zero malicious actors in Nostr right now. (Where "malicious" means they seek to harm the protocol's use and adoption now or in the future).
To do any actual damage - beyond "privacy" "violations" like massive data harvesting from public relays - one thing such an actor could do would be to acquire nsecs.
The longer he sits on nsecs without revealing intent, and the more important the network becomes, the greater the damage potential when the attack is eventually performed.
Under those assumptions, the only actually worrisome entities - that is, ones that **could** be malicious in an effective manner - are ones that **could** feasibly get your nsec.
This is a roundabout way of saying the thing everybody already says, but putting a finer, wider-existential-risk point on it: do not use clients that ask for your nsec.
The most paranoid takeaway from the above: the only possible bad actors are clients and apps that **require** your nsec. So if we eventually do have a malicious attack, it will **necessarily come out of the set of developers of nsec-requesting apps**.
Yes, this includes signers. I don't know what to do currently about this point aside from either: simply hope that that much smaller set of developers (of signers) are indeed trustworthy OR verify personally that their code is indeed safe OR trust the set of people who claim to have audited the code themselves.
This level of paranoia means that _safe_ advice to Nostr newcomers would look like this annoying path: "Take a look around using primal [or another similar app] but assume you'll need to make a new account before too long. When you decide to stay, read [this confusing-to-a-newcomer guide] about proper nsec management".
https://start.njump.me/ from nostr:nprofile1qqs8hhhhhc3dmrje73squpz255ape7t448w86f7ltqemca7m0p99spgpzemhxue69uhkzat5dqhxummnw3erztnrdakj7qgmwaehxw309a3ksun0de5kxmr99ej8gmmwdahzucm0d5hsz8rhwden5te0vdhh2mn5wf5k2uewve5kzar2v9nzucm0d5hsxh4ddm is a big step in the right direction and is probably AS friendly as possible at the moment, though it can only be SO friendly, given the tooling available at the moment.
Maybe very newbie-friendly clients that do bunkers by default (or key-splitting, eventually) would be better.
Anyway, GM and here's to hoping someone isnt sitting on a massive pile of high-value nsecs that they intend to rug one day and demoralize the entire social side of the network (they can't hurt the open protocol, obviously. We'll just have to start over in a sort of social hard fork)