Why Nostr? What is Njump?
2024-08-14 06:36:19

ericfj on Nostr: There could be a compromise here. 100% effective NIP-09 “enforcement” seems ...

There could be a compromise here. 100% effective NIP-09 “enforcement” seems technically impossible and might even set a strange precedent if enforced by some group on here (even a well liked one).

However, we might be able to get to a place where events get “deleted” reasonably effectively so someone can tuck something away from plain view. Seems like not a bad feature.

But I suspect part of the current magic here is folks knowing they can’t truly delete posts. Makes me think more at least (and ruminate over typos more too lol) so I’m sure it reduces mindless hateful discussion. Not sure I’d love to be on a platform where people can sneak in and out talking shit and then pretending like they never did.

Anyway, nobody can stop a screenshot so it might not be the best feature to spend a ton of resources on with such an easy workaround.

Love the thoughtful discussions no matter what.
quoting
I have been using Nostr for two years now, and the lack of a NIP-09 (event delete) or its equivalent standard on Nostr is, more than ever, a significant privacy and safety issue built into the current version of the protocol.

Snowden warned us of the dangers of a permanent record. Have we not learned anything?

Nostr, as it is right now, is a permanent record that seeks to tie all of your apps and your coin transactions to one key pair.

If that key pair is ever compromised, EVERYTHING is compromised.

If you accidentally doxx yourself, you are HOSED.

It's bad OPSEC. And it sounds like a honeypot waiting to happen.

Amber (event signer) is a decent workaround, but it has not passed a third-party security audit, and I still believe a parent/child key system is the way to go as it does not expand your attack surface by having to depend on a third party to keep all of your Nostr business safe.

Now back to event deletion...

The protocol is the protocol. Relays must use the protocol to participate in the network.

If the protocol requires honoring event deletion requests to participate in the network, then Nostr will have avoided this festering security and safety issue.

If certain #Nostr devs don't stop saying universal post deletes can't happen because of xyz (insert biased limiting belief/excuse here), and start figuring out how it can be done... it's a protocol design that's dead in the water to anything but mostly nameless, faceless anons.

The future is privacy-first, client-side computing, not relays. The clock is ticking.

Author Public Key
npub10xvczstpwsljy7gqd2cselvrh5e6mlerep09m8gff87avru0ryqsg2g437