Here's an #asknostr for today as I finish up a round of research. I've already looked into this a lot myself but it's ever-changing and there are people way deeper than me into this.
Frictions and risks related to key management are often cited by critics as one of Nostr's limitations. You lose your key, and you lose your identity. Plugging your key into a bunch of different apps is not ideal, since the more you do, the bigger the potential attack surface is for a leak.
Restricting your usage to a couple apps or browser extensions, and using them to sign for other applications, seems to be the best method so far for minimizing the attack surface.
Looking beyond that, what sorts of protocol updates or app services are ideal to help minimize the frictions and risks of key management while keeping the protocol itself super simple as it is?
LynAlden / Lyn Alden
npub1a2…cw83a
2024-07-18 19:06:13
Author Public Key
npub1a2cww4kn9wqte4ry70vyfwqyqvpswksna27rtxd8vty6c74era8sdcw83aPublished at
2024-07-18 19:06:13Event JSON
{
"id": "cbd6b9c1d0b6c42e4cd767e2ba2d90845650a2011dcfbbd8419207dc2b009035",
"pubkey": "eab0e756d32b80bcd464f3d844b8040303075a13eabc3599a762c9ac7ab91f4f",
"created_at": 1721322373,
"kind": 1,
"tags": [
[
"t",
"asknostr"
]
],
"content": "Here's an #asknostr for today as I finish up a round of research. I've already looked into this a lot myself but it's ever-changing and there are people way deeper than me into this.\n\nFrictions and risks related to key management are often cited by critics as one of Nostr's limitations. You lose your key, and you lose your identity. Plugging your key into a bunch of different apps is not ideal, since the more you do, the bigger the potential attack surface is for a leak.\n\nRestricting your usage to a couple apps or browser extensions, and using them to sign for other applications, seems to be the best method so far for minimizing the attack surface.\n\nLooking beyond that, what sorts of protocol updates or app services are ideal to help minimize the frictions and risks of key management while keeping the protocol itself super simple as it is?",
"sig": "fee53091470cfb7dc8b4776fa3def1a7939430bd2d6a4cb5143a90f6b456cfd9b0b3da3fac94d5c24787c912a9d761332b2a559bd27a80dbb29d101baf69408a"
}