-
@ tolot
2025-02-23 17:02:21
True.
I would add that there'some nuance here to discuss about. I don't think Parker is pointimg at this by any means but I see that as a possible issue. That is:
Nostr privkeys and money privkeys are the same in terms of information security, but are widely different in terms of what an attacker is imcentivized to do if he/she steals keys from somebody.
When you get into possession of a bitcoin mnemonic that is not yours and has some fpunds in it (extremely unlikely by chance, but doable by other shady means) you have the incentive of emptying immediately the wallet by moving all UTXOs to on or more keys controlled by you.
If you steal Nostr keys, you don't have incentive to immediately use them for fraudulent purposes. That means that "nsec farming" is doable if considering the incentives structure.
Thus, you never actually know if your keys are truly exclusively yours or not. You can only understand that you were hacked only when the attacker starts signing notes on your behalf.
In fact, this is not different from what happens in classical social media, so no surprises here. But overall I would argue that it's true, incentives are alligned differently somehow.