Comment on Some interesting comments on the move
logen@exploding-heads.com 8 months agoMy problem lies with the identity theft and recovery.
It’s the public followers I lose.
If Masterofballs says, “Hey, I lost my old key, this is my new one, everyone follow me!” How do I know you are you? How do I know that the identy was even lost? How do I trust you are who you say you are? Especially if someone else has your old key and is impersonating you? Or, mehbe this new account is the impersonator.
It’s a real problem for someone trying to maintain some sort of identity, which, to greater or lessor extents, we all are.
If you just want to be anon, this system works well enough, but if you want to maintain your reputation… there are challanges we need to overcome.
Or, since I really don’t know much about nostr, mehbe they are already working on this problem.
Trustless systems need to be robust.
masterofballs@exploding-heads.com 8 months ago
I mean I know this isn’t a answer for everyone but I maintain like wolfballs.com . And I can post my information there. domain names are reasonably anonymous and so far has not been attacked by censorship. Other than that, keep your shit secure I guess. But yeah I can see the value in increasing that security.
logen@exploding-heads.com 8 months ago
Yea, but how do I know you control that anymore either? Back to trusting central authorities, but that’s certainly a way around the problem. Not a perfect way, but I can be reasonablly sure that Linus owns Linus Tech Tips, and if he says from there that his key leaked, it’s probably true. But then again, his site has been hacked before. Heck, even then he has to convince everyone to follow his new key. That’s no small task.
Keeping your shit secure is hard. I’m mostly using Android for this stuff at the moment and I have no trust that anything I do here is secure. Copying it to the clipboard, as these apps do, may be enough to have the key compromised.
And, maybe, I’d like to keep a copy of my key on my person via flash drive. Flash drives get lost sometimes. People get mugged. Even if my key is encrypted on the drive, I have to treat it as if it’s compromised.
Or perhaps I have a print out in my files. Files get stolen sometimes. And for big time content creators, all threats increase as the keys are more valuable than some rando’s.
So we have many software threat vectors and some physical ones. Mehbe my app gets compromised, they push an update, everyone’s keys start getting yanked. It happens. We need disaster recovery options. Until we do, everyone’s reputation on the system is at risk.